This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.
Differences between revisions 11 and 12
Revision 11 as of 2006-06-05 03:19:28
Size: 2221
Editor: localhost
Comment:
Revision 12 as of 2008-04-12 17:51:37
Size: 2225
Editor: localhost
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 16: Line 16:
 * ["IP"]: Typically, TCP uses ["IP"] as its underlying protocol. The assigned protocol number for TCP on IP is 6.  * [[IP]]: Typically, TCP uses [[IP]] as its underlying protocol. The assigned protocol number for TCP on IP is 6.
Line 32: Line 32:
 * ["TCP Reassembly"]
 * ["TCP Checksum Verification"]
 * ["TCP Analyze Sequence Numbers"]
 * ["TCP Relative Sequence Numbers"]
 * [[TCP_Reassembly]]
 * [[TCP_Checksum_Verification]]
 * [[TCP_Analyze_Sequence_Numbers]]
 * [[TCP_Relative_Sequence_Numbers]]
Line 42: Line 42:
A complete list of TCP display filter fields can be found in the [http://www.wireshark.org/docs/dfref/t/tcp.html display filter reference] A complete list of TCP display filter fields can be found in the [[http://www.wireshark.org/docs/dfref/t/tcp.html|display filter reference]]
Line 47: Line 47:
 Show only the traffic to and from TCP port 80 (usually ["HTTP"]): {{{  Show only the traffic to and from TCP port 80 (usually [[HTTP]]): {{{
Line 57: Line 57:
 * [http://www.ietf.org/rfc/rfc793.txt RFC793] TRANSMISSION CONTROL PROTOCOL  * [[http://www.ietf.org/rfc/rfc793.txt|RFC793]] TRANSMISSION CONTROL PROTOCOL

Transmission Control Protocol (TCP)

The TCP protocol provides stream based connection oriented transfer of data of the InternetProtocolFamily.

It provides the described TCP port multiplexing and much more. It establishes a logical connection, which is reliable against the problems of PacketLoss, DuplicatePackets and such.

Sending a few bytes will transfer them to the remote host, without giving any additional faulty or missing bytes to the receiving application.

History

XXX - add a brief description of TCP history

Protocol dependencies

  • IP: Typically, TCP uses IP as its underlying protocol. The assigned protocol number for TCP on IP is 6.

Example traffic

XXX - Add example traffic here (as plain text or Wireshark screenshot).

Wireshark

TCP dissector is fully functional.

You can select a TCP stream very fast by using the Follow TCP stream feature. First select a TCP packet in the packet list pane and then click the menu item Analyze/Follow TCP Stream

There are two statistical menu items for TCP available: Statistics/Endpoints which contains a tab showing all TCP endpoints (combination of IP address and TCP port) and Statistics/Conversations, which contains a tab showing all TCP conversations (combination of two endpoints).

Preference Settings

Example capture file

XXX - Add a simple example capture file. Keep it short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.

Display Filter

A complete list of TCP display filter fields can be found in the display filter reference

  • Show only the TCP based traffic:

     tcp 

    Show only the traffic to and from TCP port 80 (usually HTTP):

     tcp.port == 80 

Capture Filter

  • Capture only the TCP based traffic:

     tcp 

  • RFC793 TRANSMISSION CONTROL PROTOCOL

Discussion

Transmission_Control_Protocol (last edited 2020-07-23 02:19:27 by ChuckCraft)