[Wireshark-bugs] [Bug 16716] New: Add support for TCP Conversation Completeness tracking

Sun, 19 Jul 2020 11:24:01 -0700 

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16716

            Bug ID: 16716
           Summary: Add support for TCP Conversation Completeness tracking
           Product: Wireshark
           Version: Git
          Hardware: All
                OS: All
            Status: UNCONFIRMED
          Severity: Enhancement
          Priority: Low
         Component: Dissection engine (libwireshark)
          Assignee: bugzilla-ad...@wireshark.org
          Reporter: eugene.ad...@gmail.com
  Target Milestone: ---

Build Information:
3.3.0 (v3.3.0rc0-1594-ga0b2ff45f52a)

Compiled (64-bit) with Qt 5.12.4, with libpcap, with POSIX capabilities
(Linux),
with libnl 3, with GLib 2.62.4, with zlib 1.2.11, with SMI 0.4.8, with c-ares
1.15.0, with Lua 5.2.4, with GnuTLS 3.6.9 and PKCS #11 support, with Gcrypt
1.8.4, with MIT Kerberos, with MaxMind DB resolver, with nghttp2 1.39.2,
without
brotli, with LZ4, without Zstandard, with Snappy, with libxml2 2.9.4, with
QtMultimedia, without automatic updates, with SpeexDSP (using bundled
resampler).

Running on Linux 5.3.0-59-generic, with Intel(R) Core(TM) i7-6700HQ CPU @
2.60GHz (with SSE4.2), with 2963 MB of physical memory, with locale
en_US.UTF-8,
with light display mode, without HiDPI, with libpcap version 1.9.1 (with
TPACKET_V3), with GnuTLS 3.6.9, with Gcrypt 1.8.4, with zlib 1.2.11, binary
plugins supported (18 loaded).

Built using gcc 9.2.1 20191008.

--
In practice I often need to work on TCP streams for which I at least have the
Establishment Handshake, but more likely I am interested in a full TCP flow
with both initial and closing handshakes. Probably a lot of Wireshark users
have the same need, and checking TCP streams one by one or relying on an
external tool just are acceptable answers but unluckily time consuming.

I'll talk about TCP conversation completeness for these streams that show both
initial and closing handshakes, with or without any payload.

The suggested enhancement goal is to track the conversations and store the
completeness information at the conversation level then we can later filter TCP
packets matching (or not) this completeness property.

I have been testing some code and will post it.

-- 
You are receiving this mail because:
You are watching all bug changes.
___________________________________________________________________________
Sent via:    Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives:    https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
             mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

Reply via email to