Debugging TCP/IP Streams with Wireshark

So we were having stray SYN packets and this young smart Cisco geek guy showed me some Wireshark tricks.

This is how you follow a TCP conversation and the SYN/ACK and sequence numbers.

  1. Add SEQ/ACK/Length to the columns (see below) Apply As Column
  2. Right click on packet in question and Follow TCP stream. NOTE: the stream number that Wireshark adds to unique SRC/DEST IP/port quad conversations.


Post a comment or leave a trackback: Trackback URL.


  • Marco  On January 7, 2015 at 3:10 am

    Thanks Michael that was very helpful did you plan to dedicate a section to helpful troubleshooting command that can save a lot of time and blue pills?

    Thanks in advance


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Helen's Loom

"Peculiar travel suggestions are dancing lessons from God." - Kurt Vonnegut

Life Stories from Dreez

These are stories from my travels. Generally I like to write stories about local people that I meet and also brag about living the retirement dream with my #1 wife Gaby. She is also my only wife.

%d bloggers like this: