As each new segment of data is appended, the stream is offered to the dissector, which looks for application messages and documents contained in it. Although plugins can access packets directly, they generally rely on the TCP reassembly that Wireshark implements: for each direction of a TCP connection, it takes the payload from all the packets, orders it by sequence number, and concatenates it to reconstruct the byte-stream. Wireshark provides a view of network packet captures that operates at both levels: it primarily shows individual packets, but is also equipped with plugins that enable it to parse application messages exchanged in those packets. That is, the byte-stream model that the TCP socket API offers means that there can be both one-to-many and many-to-one relationships between messages and packets.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |