wireshark-doc 2.4.5-1 / usr / share / doc / wireshark-doc / wsug_html_chunked / ChAdvFollowTCPSection.html

This file is indexed.

/usr/share/doc/wireshark-doc/wsug_html_chunked/ChAdvFollowTCPSection.html is in wireshark-doc 2.4.5-1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>7.2. Following TCP streams</title><link rel="stylesheet" type="text/css" href="ws.css"><meta name="generator" content="DocBook XSL Stylesheets V1.79.1"><link rel="home" href="index.html" title="Wireshark User&#8217;s Guide"><link rel="up" href="ChapterAdvanced.html" title="Chapter 7. Advanced Topics"><link rel="prev" href="ChapterAdvanced.html" title="Chapter 7. Advanced Topics"><link rel="next" href="ChAdvShowPacketBytes.html" title="7.3. Show Packet Bytes"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">7.2. Following TCP streams</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="ChapterAdvanced.html">Prev</a> </td><th width="60%" align="center">Chapter 7. Advanced Topics</th><td width="20%" align="right"> <a accesskey="n" href="ChAdvShowPacketBytes.html">Next</a></td></tr></table><hr></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="ChAdvFollowTCPSection"></a>7.2. Following TCP streams</h2></div></div></div><p>If you are working with TCP based protocols it can be very helpful to see the
data from a TCP stream in the way that the application layer sees it. Perhaps
you are looking for passwords in a Telnet stream, or you are trying to make
sense of a data stream. Maybe you just need a display filter to show only the
packets of that TCP stream. If so, Wireshark&#8217;s ability to follow a TCP stream
will be useful to you.</p><p>Simply select a TCP packet in the packet list of the stream/connection you are
interested in and then select the Follow TCP Stream menu item from the Wireshark
Tools menu (or use the context menu in the packet list). Wireshark will set an
appropriate display filter and pop up a dialog box with all the data from the
TCP stream laid out in order, as shown in <a class="xref" href="ChAdvFollowTCPSection.html#ChAdvFollowStream" title="Figure 7.1. The &#8220;Follow TCP Stream&#8221; dialog box">Figure 7.1, &#8220;The &#8220;Follow TCP Stream&#8221; dialog box&#8221;</a>.</p><div class="tip" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Tip"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Tip]" src="wsug_graphics/tip.svg"></td><th align="left">Tip</th></tr><tr><td align="left" valign="top"><p>Opening the &#8220;Follow TCP Stream&#8221; applies a display filter which selects
all the packets in the TCP stream you have selected. Some people open the
&#8220;Follow TCP Stream&#8221; dialog and immediately close it as a quick way to
isolate a particular stream.</p></td></tr></table></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="_the_8220_follow_tcp_stream_8221_dialog_box"></a>7.2.1. The &#8220;Follow TCP Stream&#8221; dialog box</h3></div></div></div><div class="figure"><a name="ChAdvFollowStream"></a><p class="title"><b>Figure 7.1. The &#8220;Follow TCP Stream&#8221; dialog box</b></p><div class="figure-contents"><div class="mediaobject"><table border="0" summary="manufactured viewport for HTML img" style="cellpadding: 0; cellspacing: 0;" width="85%"><tr><td><img src="wsug_graphics/ws-follow-stream.png" width="100%" alt="wsug_graphics/ws-follow-stream.png"></td></tr></table></div></div></div><br class="figure-break"><p>The stream content is displayed in the same sequence as it appeared on the
network. Traffic from A to B is marked in red, while traffic from B to A is
marked in blue. If you like, you can change these colors in the
&#8220;Colors&#8221; page if the &#8220;Preferences&#8221; dialog.</p><p>Non-printable characters will be replaced by dots.</p><p>The stream content won&#8217;t be updated while doing a live capture. To get the
latest content you&#8217;ll have to reopen the dialog.</p><p>You can choose from the following actions:</p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem">
<span class="emphasis"><em>Save As</em></span>: Save the stream data in the currently selected format.
</li><li class="listitem">
<span class="emphasis"><em>Print</em></span>: Print the stream data in the currently selected format.
</li><li class="listitem">
<span class="emphasis"><em>Direction</em></span>: Choose the stream direction to be displayed (&#8220;Entire
  conversation&#8221;, &#8220;data from A to B only&#8221; or &#8220;data from B to A only&#8221;).
</li><li class="listitem">
<span class="emphasis"><em>Filter out this stream</em></span>: Apply a display filter removing the current TCP
  stream data from the display.
</li><li class="listitem">
<span class="emphasis"><em>Close</em></span>: Close this dialog box, leaving the current display filter in
  effect.
</li></ol></div><p>You can choose to view the data in one of the following formats:</p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem">
<span class="emphasis"><em>ASCII</em></span>: In this view you see the data from each direction in ASCII.
  Obviously best for ASCII based protocols, e.g. HTTP.
</li><li class="listitem">
<span class="emphasis"><em>EBCDIC</em></span>: For the big-iron freaks out there.
</li><li class="listitem">
<span class="emphasis"><em>HEX Dump</em></span>: This allows you to see all the data. This will require a lot of
  screen space and is best used with binary protocols.
</li><li class="listitem">
<span class="emphasis"><em>C Arrays</em></span>: This allows you to import the stream data into your own C
  program.
</li><li class="listitem">
<span class="emphasis"><em>Raw</em></span>: This allows you to load the unaltered stream data into a different
  program for further examination. The display will look the same as the ASCII
  setting, but &#8220;Save As&#8221; will result in a binary file.
</li></ol></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="ChapterAdvanced.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="ChapterAdvanced.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="ChAdvShowPacketBytes.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 7. Advanced Topics </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> 7.3. Show Packet Bytes</td></tr></table></div></body></html>

APT Browse - Built by Thomas Orozco.