Hi I am new to networking and have a question about protocols. I analyze wireshark capture files, some are http some are ftp but some are plain TCP. For example; I started a video on youtube and all the stream data is shown as a plain TCP connection. My questions are;
I am just trying to understand what i must understand when i see TCP protocol name in the protocol column. Thanks... asked 11 Nov '11, 15:51 sawque |
2 Answers:
As JK7 notes, Wireshark could show a packet with a protocol of "TCP" because it doesn't know what protocol is being used for the packet. If the packet has no payload, such as an initial SYN packet with no data or an ACK packet with no data, Wireshark will show it as TCP as well. answered 11 Nov '11, 18:28 Guy Harris ♦♦ |
If wireshark doesn't know TCP based application layer protocol,it will simply display protocol as "TCP" with layer 7 (Data) info. answered 11 Nov '11, 17:04 JK7 |
Thank you all.
OK. When I see TCP I must understand: either wireshark doesn't know what protocol is being used or if there is not a payload it can be SYN or ACK packet.
just one more question for to be sure.
So we can't say that TCP protocol can be without application layer protocol Right?(except sync, ack vs..)
We can say it for ARP (because ARP protocol's data doesn't contain any information related with above Layer -2, I means it ends at layer-2)
but if it is TCP, and also it has payloads, that means this payload(Like youtube video stream data) belongs to a protocol.
Thanks again
Yes, transport-layer protocols such as TCP and UDP are not "top-layer" protocols like ARP; they exist to transport other protocols, so, other than packets containing only TCP-layer control information, such as those used to set up or tear down a connection, there has to be some form of protocol, even if it's a trivial protocol such as the data transfer protocol for FTP, in which the file being transferred is just streamed over the connection.
Thank you Guy Harris;
I have some conclusions;
Can we say TCP and IP exist for other protocols but other protocols exist for themselves.
This is the differences between Tcp/IP and other protocols.
And this is why we call them tcp/ip protocol suites.
Are all these conclusions right?
We can say that:
there are protocols that exist solely to transport other protocols, such as TCP, IP, and SCTP, even if the other protocol is trivial, such as the "protocol" on FTP data connections;
there are protocols that do not transport other protocols, such as FTP;
there are protocols that can exist for themselves and transport other protocols, such as HTTP (which can be used for itself to fetch Web pages, and can also transport messages for higher-level protocols);
TCP and IP aren't the only protocols that exist solely to transport other protocols.