Hi, I am trying to figure out a way to see the SYN packets that belong to the HTTP and HTTPS request I am looking into.
If I filter with "http.request || ssl.handshake.type == 1" I get a good view of the various webpages that are requested. But I see the TCP stream numbers are not in the expected order: [cid:image001.png@01D573A4.C0880C70] So I would like to see the SYN packets for each of these as well as they might explain my view. It works for some of the connections with: tcp.flags == 0x0002 || http.request || ssl.handshake.type == 1 But the examples above it failed to find the SYN packets. I had to use: tcp.flags == 0x0002 || tcp.flags == 0x00c2 || http.request || ssl.handshake.type == 1 To catch them all. Hugo van der Kooij network engineer +31 15 888 0 345 hugo.van.der.ko...@qsight.nl Delft | Delftechpark 35-37 The information transmitted is intended only for use by the addressee and may contain confidential and/or privileged material. Any review, re-transmission, dissemination or other use of it, or the taking of any action in reliance upon this information by persons and/or entities other than the intended recipient is prohibited. If you received this in error, please inform the sender and/or addressee immediately and delete the material. Thank you.
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-requ...@wireshark.org?subject=unsubscribe
