12-04-2012 06:58 PM
I am troubleshooting an application response problem through a FWSM using WireShark, but I'm having trouble analyzing some of the data.
I did a traffic capture between a client and the server behind the FWSM
Using Wireshark, I open the capture and try to filter the streams using tcp.stream eq 1-6
I then start going through the packets to see what is going on. However, it seems that I cannot find the complete conversation. I can get the first four frames (SYN, SYN-ACK, ACK, and a TCP segment), but after that, it seems there are other conversations within the stream, and I cannot locate the next packt by using sequence number, etc. (unless I want to go through thousands of packets manually).
Is there a simplier way to do this? Looking at the TCP Stream option within Wireshark is no help: it does not use timestamps, and simply starts at the first packet captured--I need to look at specific conversations).
Any advice would be great
Solved! Go to Solution.
12-04-2012 08:03 PM
Filter the wireshark display to show only traffic to/from the client IP. e.g.:
ip.addr==
in the Wireshark display filter.
12-04-2012 08:03 PM
Filter the wireshark display to show only traffic to/from the client IP. e.g.:
ip.addr==
in the Wireshark display filter.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide