This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to find each session in wireshark?

0

hi,

my question is how to find each session in wireshark?

i cant find any session id in pcap file in wireshark...

or i need try other filter conditions without session id?

asked 11 Mar '15, 21:56

dong0129's gravatar image

dong0129
6113
accept rate: 0%

edited 11 Mar '15, 21:56

What kind of "session id" are you talking about?

(12 Mar '15, 01:13) Kurt Knochner ♦

One Answer:

0

i cant find any session id in pcap file in wireshark

Perhaps the protocols in the capture have no session ID fields.

For some protocols, there is no notion of a session; that's the case for NFS.

Some other protocols that use TCP have one session per TCP connection, so you would have to filter on, for example, the TCP connection number field (which is assigned by Wireshark; it's not part of the protocol - Wireshark determines TCP connections based on the source and destination addresses and ports and on connection initiation (3-way handshake) and termination (FIN handshake).

For what protocols are you trying to find sessions?

answered 12 Mar '15, 20:43

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%