I'm aware of the Wireshark feature which allows us to view a single stream that a particular packet is associated with. However, I would like to view multiple streams in the order that they were captured. Is this possible? If so, how? Edit for clarity I'm looking for a way to view multiple streams in a single "Follow TCP Stream" window. You know how you can right-click on a packet and select "Follow TCP Stream" and new window pops-up showing you the entire stream? - Well, I would like to be able to have multiple streams in that same window. My goal is have an easy way of viewing all streams that occurred during a web browser session. So, right now, what I'm doing is doing the following steps:
The result of the procedure above will be useful to me, but creating it is a bit cumbersome. asked 18 Jan '13, 09:29  KTM edited 18 Jan '13, 11:04 |
One Answer:
You can see multiple streams by filtering on the TCP stream index number of the streams you want to see: "tcp.stream==1 || tcp.stream==4 || tcp.stream==5" You can see all TCP streams with "tcp". However, the packets will be shown in the order they were captured, so packets from different streams will be intermingled in the display if the streams were running simultaneously. To make it clear which packets belong to which stream, you can right-click on a packet in the Packet List and select Colorize Conversation > TCP > [Color 1, Color 2, etc.]. You can colorize up to 10 different conversations. Be careful which colors you pick; some of them are very similar and are difficult to distinguish on the screen. answered 18 Jan '13, 10:43  Jim Aragon |
Thanks for the colorize tip. I'll definitely use that. However, my goal is to be able to view multiple streams in a single "Follow TCP Stream" window (or something like that).
I've edited my OP to clarify the intent of my question.