Hello all,
I wanted to ask: how does wireshark detect segments of TCP ? I mean which field does it camp on to detect if the last TCP segment has arrived ?
Actually I'm working with some GTP traffic, when I filter it for m-send-req message (used in mms transaction flow) and try to save it in a separate pcap, I don't see the packet (primarily because the packet consisted of two TCP segments, first of which was not shown after the application of filter and thus is shown as "continuation or non-http traffic") . Someone help please !
Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. Sign up now.
|