Hi,
I am trying to figure out a way to see the SYN packets that belong to the HTTP and HTTPS request I am looking into.
If I filter with “http.request || ssl.handshake.type == 1” I get a good view of the various webpages that are requested. But I see the TCP stream numbers are not in the
expected order:
So I would like to see the SYN packets for each of these as well as they might explain my view.
It works for some of the connections with:
tcp.flags == 0x0002 || http.request || ssl.handshake.type == 1
But the examples above it failed to find the SYN packets.
I had to use:
tcp.flags == 0x0002 || tcp.flags == 0x00c2 || http.request || ssl.handshake.type == 1
To catch them all.