O'Reilly logo

Practical Packet Analysis, 2nd Edition by Chris Sanders

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Following TCP Streams

http_google.pcap

One of Wireshark’s most satisfying analysis features is its ability to reassemble TCP streams into an easily readable format. Rather than viewing data being sent from client to server in a bunch of small chunks, the Follow TCP Stream feature sorts the data to make it easier to view. This comes in handy when viewing plaintext application layer protocols such as HTTP, FTP, and so on. (We’ll take a closer look at how these common protocols work in the next chapter.)

For example, let’s consider a simple HTTP transaction. Open the file http_google.pcap. Click any of the TCP or HTTP packets in the file, right-click the file, and choose Follow TCP Stream. This will bring up the TCP stream in a separate window (see ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required