This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Grouping set of packets in filter

Just started using wireshark, and I am trying to follow server / client TCP flow..

We are running ATM business where i just want to make sure TCP flow is as expected from socket.

For example, if I want to group these message with custom color what should be done:

Client to Server request (PSH MSG)----
                                    ||
---       Server to Client (PSH ACK)
||
SERVER to RESPOND (PSH MSG) ------
                                    ||
    Server to Client (PSH ACK)-----

For the above flow I have manually HIGHIGHTED a set of packet. Need guidance in handling these type of filters with wireshark.

1398    37977.393994    172.11.105.5    172.250.10.10   TCP 41831 > 13824 [PSH, ACK] Seq=3792 Ack=5868 Win=2003 Len=119 TSV=84371804 TSER=720051399
1399    37977.518972    172.250.10.10   172.11.105.5    TCP 13824 > 41831 [ACK] Seq=5868 Ack=3911 Win=17680 Len=0 TSV=720058937 TSER=84371804
1400    37977.882262    172.250.10.10   172.11.105.5    TCP 13824 > 41831 [PSH, ACK] Seq=5868 Ack=3911 Win=17680 Len=251 TSV=720058973 TSER=84371804
1401    37977.882354    172.11.105.5    172.250.10.10   TCP 41831 > 13824 [ACK] Seq=3911 Ack=6119 Win=2003 Len=0 TSV=84371926 TSER=720058973

Sample highlighted image:

alt text

capture-filter tcp display-filter

asked 17 Nov '14, 22:41

Ragav
6●2●2●5
accept rate: 0%