[Hugo van der Kooij <hugo.van.der.kooij@xxxxxxxxx>]

Hi,

 

I am trying to figure out a way to see the SYN packets that belong to the HTTP and HTTPS request I am looking into.

 

If I filter with “http.request || ssl.handshake.type == 1” I get a good view of the various webpages that are requested. But I see the TCP stream numbers are not in the expected order:

 

So I would like to see the SYN packets for each of these as well as they might explain my view.

 

It works for some of the connections with:

tcp.flags == 0x0002 || http.request || ssl.handshake.type == 1

 

But the examples above it failed to find the SYN packets.

 

I had to use:

tcp.flags == 0x0002 || tcp.flags == 0x00c2 || http.request || ssl.handshake.type == 1

 

To catch them all.

 

 

 ​

Hugo

van der Kooij

network engineer

+31 15 888 0 345

hugo.van.der.kooij@xxxxxxxxx

Delft | Delftechpark 35‑37

 The information transmitted is intended only for use by the addressee and may contain confidential and/or privileged
​ material. ​Any review, re‑transmission, dissemination or other use of it, or the taking of any action in reliance upon this
​ information ​by persons and/or entities ​other than the intended recipient is prohibited. If you received this in error,
​ please inform the sender and/or addressee immediately and delete the material. Thank you.