This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.
Differences between revisions 10 and 11
Revision 10 as of 2005-10-22 20:25:00
Size: 2217
Editor: GeraldCombs
Comment:
Revision 11 as of 2006-06-05 03:19:28
Size: 2221
Editor: localhost
Comment:
Deletions are marked like this. Additions are marked like this.
Line 20: Line 20:
XXX - Add example traffic here (as plain text or Ethereal screenshot). XXX - Add example traffic here (as plain text or Wireshark screenshot).
Line 22: Line 22:
== Ethereal == == Wireshark ==
Line 39: Line 39:
XXX - Add a simple example capture file. Keep it short, it's also a good idea to gzip it to make it even smaller, as Ethereal can open gzipped files automatically. XXX - Add a simple example capture file. Keep it short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.
Line 42: Line 42:
A complete list of TCP display filter fields can be found in the [http://www.ethereal.com/docs/dfref/t/tcp.html display filter reference] A complete list of TCP display filter fields can be found in the [http://www.wireshark.org/docs/dfref/t/tcp.html display filter reference]

Transmission Control Protocol (TCP)

The TCP protocol provides stream based connection oriented transfer of data of the InternetProtocolFamily.

It provides the described TCP port multiplexing and much more. It establishes a logical connection, which is reliable against the problems of PacketLoss, DuplicatePackets and such.

Sending a few bytes will transfer them to the remote host, without giving any additional faulty or missing bytes to the receiving application.

History

XXX - add a brief description of TCP history

Protocol dependencies

  • ["IP"]: Typically, TCP uses ["IP"] as its underlying protocol. The assigned protocol number for TCP on IP is 6.

Example traffic

XXX - Add example traffic here (as plain text or Wireshark screenshot).

Wireshark

TCP dissector is fully functional.

You can select a TCP stream very fast by using the Follow TCP stream feature. First select a TCP packet in the packet list pane and then click the menu item Analyze/Follow TCP Stream

There are two statistical menu items for TCP available: Statistics/Endpoints which contains a tab showing all TCP endpoints (combination of IP address and TCP port) and Statistics/Conversations, which contains a tab showing all TCP conversations (combination of two endpoints).

Preference Settings

  • ["TCP Reassembly"]
  • ["TCP Checksum Verification"]
  • ["TCP Analyze Sequence Numbers"]
  • ["TCP Relative Sequence Numbers"]

Example capture file

XXX - Add a simple example capture file. Keep it short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.

Display Filter

A complete list of TCP display filter fields can be found in the [http://www.wireshark.org/docs/dfref/t/tcp.html display filter reference]

  • Show only the TCP based traffic:

     tcp 

    Show only the traffic to and from TCP port 80 (usually ["HTTP"]):

     tcp.port == 80 

Capture Filter

  • Capture only the TCP based traffic:

     tcp 

Discussion

Transmission_Control_Protocol (last edited 2020-07-23 02:19:27 by ChuckCraft)