请教wireshark的Follow Tcp stream功能原理是?那个stream index如何计算出来的
日期:2014-05-17 浏览次数:22352 次
请问wireshark的Follow Tcp stream功能原理是?那个stream index怎么计算出来的?
如题。
我个人的考虑是,follow tcp stream是依靠tcp数据包的32位序号得出来stream index,然后依据这个进行follow,但是具体怎么来的,却想不通,数据进行转换,可是还是不知所以然,求高手指点。
------解决方案--------------------
the stream index is an internal Wireshark mapping to: [IP address A, TCP port A, IP address B, TCP port B]
All the packets for the same tcp.stream value should have the same values for these fields (though the src/dest will be switched for A->B and B->A packets)
see the Statistics/Conversations/TCP tab in Wireshark to show a summary of these streams
http://stackoverflow.com/questions/6076897/follow-tcp-stream-where-does-field-stream-index-come-from
Statistics/Conversations/TCP
Statistics/Conversations/endpoints/tcp
可以看到这些索引号对应的数据流
------解决方案--------------------
#2楼解释更合理,就是对ip A port A和ip B port B的对应,加上src/dst的转换。
如题。
我个人的考虑是,follow tcp stream是依靠tcp数据包的32位序号得出来stream index,然后依据这个进行follow,但是具体怎么来的,却想不通,数据进行转换,可是还是不知所以然,求高手指点。
------解决方案--------------------
the stream index is an internal Wireshark mapping to: [IP address A, TCP port A, IP address B, TCP port B]
All the packets for the same tcp.stream value should have the same values for these fields (though the src/dest will be switched for A->B and B->A packets)
see the Statistics/Conversations/TCP tab in Wireshark to show a summary of these streams
http://stackoverflow.com/questions/6076897/follow-tcp-stream-where-does-field-stream-index-come-from
Statistics/Conversations/TCP
Statistics/Conversations/endpoints/tcp
可以看到这些索引号对应的数据流
------解决方案--------------------
#2楼解释更合理,就是对ip A port A和ip B port B的对应,加上src/dst的转换。
免责声明: 本文仅代表作者个人观点,与爱易网无关。其原创性以及文中陈述文字和内容未经本站证实,对本文以及其中全部或者部分内容、文字的真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
