I have captured my personal network through wireshark.. now i want to know the TCP three-way-shandshake information. Where do i go and how to filter the TCP three-way-handshake. Thank asked 11 Apr '11, 13:16  kv2004 |
One Answer:
The easy way is to right click a packet in a stream and choose follow tcp stream. The three way handshake will be the first three packets, unless there are issues. You could get creative and display filter something like-- ((tcp.flags == 0x02) || (tcp.flags == 0x12) ) || ((tcp.flags == 0x10) && (tcp.ack==1) && (tcp.len==0)) answered 11 Apr '11, 14:06  Paul Stewart |
