Debugging TCP/IP Streams with Wireshark

So we were having stray SYN packets and this young smart Cisco geek guy showed me some Wireshark tricks.

This is how you follow a TCP conversation and the SYN/ACK and sequence numbers.

  1. Add SEQ/ACK/Length to the columns (see below) Apply As Column
  2. Right click on packet in question and Follow TCP stream. NOTE: the stream number that Wireshark adds to unique SRC/DEST IP/port quad conversations.

followtcp

Advertisements
Post a comment or leave a trackback: Trackback URL.

Comments

  • Marco  On January 7, 2015 at 3:10 am

    Thanks Michael that was very helpful did you plan to dedicate a section to helpful troubleshooting command that can save a lot of time and blue pills?

    Thanks in advance

    Marco

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

blog.lachmann.org

Michael Endrizzi's - St. Paul MN - CheckPoint blog on topics related to Check Point products and security in general.

%d bloggers like this: