Westez
asked on
Wireshark - How to see both sides of a tcp conversation?
I'm trying to create a filter on a capture file that shows me both sides of the tcp conversation between my laptop and a server.
I thought that tcp.srcport == xxxxxx would do it. I've done this before, but at the moment, how I've done it escapes me. I want to see something like
laptop ip.src xxx server ip.dst xxx syn
server ip.src xxx laptop ip.dst xxx syn-ack
laptop ip.src xxx server ip.dst xxx ack
tcp.srcport == xxx is displaying
laptop ip.src xxx server ip.dst xxx syn
laptop ip.src xxx server ip.dst xxx ack
Who can help me out with creating the filter here?
Thanks
I thought that tcp.srcport == xxxxxx would do it. I've done this before, but at the moment, how I've done it escapes me. I want to see something like
laptop ip.src xxx server ip.dst xxx syn
server ip.src xxx laptop ip.dst xxx syn-ack
laptop ip.src xxx server ip.dst xxx ack
tcp.srcport == xxx is displaying
laptop ip.src xxx server ip.dst xxx syn
laptop ip.src xxx server ip.dst xxx ack
Who can help me out with creating the filter here?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
tcp.port will only filter packets with a certain source or dest. port #, which will not filter either the conversation only nor will it filter acks or syns or any other packets with specific flags.
The first filter is all you're looking for if you want just the conversation between the computers. If you want filters to do other things or filter more specifically let me know.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hey thanks a bunch guys. I appreciate your cluing me in to some of the finer details.
ASKER
Who can show me another way?