hi, my question is how to find each session in wireshark? i cant find any session id in pcap file in wireshark... or i need try other filter conditions without session id? asked 11 Mar '15, 21:56 dong0129 edited 11 Mar '15, 21:56 |
One Answer:
Perhaps the protocols in the capture have no session ID fields. For some protocols, there is no notion of a session; that's the case for NFS. Some other protocols that use TCP have one session per TCP connection, so you would have to filter on, for example, the TCP connection number field (which is assigned by Wireshark; it's not part of the protocol - Wireshark determines TCP connections based on the source and destination addresses and ports and on connection initiation (3-way handshake) and termination (FIN handshake). For what protocols are you trying to find sessions? answered 12 Mar '15, 20:43 Guy Harris ♦♦ |
What kind of "session id" are you talking about?