Wireshark-users: Re: [Wireshark-users] Regarding TCP Options

From: Karthik Balaguru <karthikbalaguru79@xxxxxxxxx>
Date: Tue, 9 Mar 2010 22:50:21 +0530
On Tue, Mar 9, 2010 at 10:22 PM, Abhijit Bare <abhibare@xxxxxxxxx> wrote:
> On Tue, Mar 9, 2010 at 9:09 AM, Karthik Balaguru
> <karthikbalaguru79@xxxxxxxxx> wrote:
>>
>> Hi,
>> I have been trying to analyze the TCP packet formats from realtime
>> traffic. But, while viewing the captured packets that are displayed in
>> the packet list pane by simply clicking on a packet in the packet list
>> pane, I am unable to find the TCP Options field(Variable 0 - 320 bits)
>> in the tree view pane. Is the feature of parsing of TCP options and
>> displaying in either tree view pane or other display panes absent in
>> wireshark ? Should i need to install some patch ? I cross-checked by
>> using the packETH (Linux GUI Packet Generator) to check the wireshark,
>> but it did not display the TCP Options field. Any ideas ? I am using
>> ethereal 0.99.0 version.
>>
>> Thx in advans,
>> Karthik Balaguru
>>
> I just tried wireshark 1.2.2 (Windows) and ethereal 0.99.6 (Linux). I can
> see TCP options in both.
> Can you post a pcap file?
>

I have been continuing the process of analysis by using a latest
version of wireshark. I just now verified with Version 1.2.5 (SVN Rev
31296) on Windows OS, it seems to display the 'TCP options' field
properly. But, I wonder why the 0.99.0 version (linux) does not
display it.  Just as you have conveyed that it is displaying for
0.99.6(Linux) version, i too think that it should work for 0.99.0
version also. I will re-analyze the logs of version 1.2.5(Windows) and
0.99.0(Linux) and check the Connection establishment and TCP Call
flow.

Thx in advans,
Karthik Balaguru