I'm basically trying to detect "incomplete" TCP or HTTP communication in a capture file.
Is it possible to display only TCP streams that consist of a SYN without a corresponding SYN ACK? Or streams with no FINs? Or to display HTTP requests that do not receive an HTTP response?
asked 08 Jul '11, 11:27