Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
369
Views
1
Helpful
4
Replies

not showing SYN and SYN-ACK in Wireshark

ankitohc
Spotlight
Spotlight

‎05-14-2024 07:04 AM

Hello Expert,

We have internal application which is fetching the data from window server using mapped if drive is not mapped then application won't work so when i trace the packets and select the source client and dst server. I dont see SYN, SYN-ACK packets i see only ACK.

Why I am not seeing the SYN, SYN-ACK in the wirehshark trace files.

 

ankitohc_0-1715695381078.png

 

Labels:
0 Helpful
4 Replies 4

MHM Cisco World
VIP
VIP

‎05-14-2024 07:07 AM

no problem, I think you start capture traffic after tcp 3-way handshake 

MHM

0 Helpful

ankitohc
Spotlight
Spotlight
In response to MHM Cisco World

‎05-14-2024 07:09 AM

I thought the same , Network Drive is already mapped on the client so that means if drive is mapped and data is fetching from the drives itself then it shows traffic after tcp 3-way handshake


How does it work with SMB?

 

0 Helpful

ankitohc
Spotlight
Spotlight
In response to ankitohc

‎05-14-2024 07:15 AM - edited ‎05-14-2024 07:15 AM

I guess Once a network drive is mapped, and the SMB session is established, Wireshark will typically not capture the SYN, SYN-ACK, packets again for subsequent interactions with that mapped drive.

MHM Cisco World
VIP
VIP
In response to ankitohc

‎05-14-2024 07:18 AM

Yes you are correct'

Try close session by apply acl abd drop traffic to port 445 and then remove the acl' 

Sure you will see new tcp 3way for new session.

MHM

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card