How to only view streams, merging corresponding packets together


Is there a way to see only a list of streams, without every single packet separately, like in HttpFox, e.g.

HTTP localip:12345 ->  GET /index.html
HTTP localip:12346 ->  POST /example-form   a=b&x=y
SMTP localip:12347 -> LOGIN user:password, MAIL: [email protected] -> [email protected]
SSH  localip:12348 ->

And clicking on a stream should show the corresponding packets or the stream content.

I tried "follow tcp stream", but that shows only one, and "export objects\http", but that is only for http...

One Answer:


You can get a list of all conversations/streams by looking at the conversation statisticsin the statistics menu (and in the conversation list at the TCP tab), and look at individual streams by right-clicking on a line and applying a filter A <-> B.

If you want your packet list to show interesting stuff you'll need to build a more or less complicated filter. For example a simple "http.request.method" could show you the http requests, but you'd need to add similar filter expressions for all other protocols.

That's nice. But why is it called "statistics"? It sounds like it only show some summaries. And why is the list cleared and regenerated, every time you select a filter/follow a stream? And it is annoying that you need to click/select 4 times to change the filter.

BeniBela

Probably because it is a statistical listing of conversations with bytes/packets/bps etc. I agree that the refiltering process is painful, but at the moment there is no way around it...

Jasper ♦♦

But the list does change. There is no need to refilter, if it is set to ignore the filters

BeniBela