I just can't figure out what the 8 stands for in (tcp.stream eq 8)? asked 26 Oct '11, 07:42  0xffff0 |
One Answer:
It indicates that this is the 8th TCP or UDP stream found in the trace. Before we had stream numbers a filter to identify the stream would specify a pair of IP addresses and port numbers, resulting in much longer display filters. answered 26 Oct '11, 08:57  packethunter |
I.e., the 8 has no deep significance - it's just a number that Wireshark uses internally.
When tcp.stream was implemented, the number had no significance and would show some gaps. In recent (development) versions of Wireshark the number represents order in which wireshark detected tcp streams, the first gets tcp.stream==0, the next tcp.stream==1 etc.