This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I was wondering if there is some way to do this. 1. to decode the options part of tcp protocol or say dissect the options part of the tcp header. 2. once i decode the options part, get wireshark to do the rest of decoding as usual.

asked 23 Mar '11, 03:15

niks3089's gravatar image

niks3089
21151518
accept rate: 0%

1

I'm confused about the question - doesn't Wireshark do this by default? What are you looking for that you aren't seeing?

(23 Mar '11, 12:54) GeonJay

There are certain options that wireshark shows as unknown. These contain some important info which my company has requested to dissect

(27 Mar '11, 06:12) niks3089

RFC says to ignore TCP options if the the receiver doesn't know what it is. So many WAN accelerators use TCP options field to mark it as an "accelerator aware" packets.

(28 Mar '11, 18:51) hansangb

permanent link

answered 27 Mar '11, 14:36

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×1,620
×8

question asked: 23 Mar '11, 03:15

question was seen: 4,579 times

last updated: 28 Mar '11, 18:51

p​o​w​e​r​e​d by O​S​Q​A