Manualshelf

User Guide

ManualsBrandsWireshark ManualsSoftwareWireshark Wireshark - 1.5
121122123124125126127128129130
111
Chapter 7. Advanced Topics
7.1. Introduction
In this chapter some of the advanced features of Wireshark will be described.
7.2. Following TCP streams
If you are working with TCP based protocols it can be very helpful to see the data from a TCP stream in
the way that the application layer sees it. Perhaps you are looking for passwords in a Telnet stream, or you
are trying to make sense of a data stream. Maybe you just need a display filter to show only the packets of
that TCP stream. If so, Wireshark's ability to follow a TCP stream will be useful to you.
Simply select a TCP packet in the packet list of the stream/connection you are interested in and then select
the Follow TCP Stream menu item from the Wireshark Tools menu (or use the context menu in the packet
list). Wireshark will set an appropriate display filter and pop up a dialog box with all the data from the
TCP stream laid out in order, as shown in Figure 7.1, “The "Follow TCP Stream" dialog box”.
Note!
It is worthwhile noting that Follow TCP Stream installs a display filter to select all the packets
in the TCP stream you have selected.
7.2.1. The "Follow TCP Stream" dialog box
Figure 7.1. The "Follow TCP Stream" dialog box