On Aug 13, 2009, at 12:52 AM, Selçuk Cevher wrote: > The implementation of "Follow TCP Stream" command should be more > complicated since it should cover handling the dropped, duplicated > and out-of-order TCP packets. > > How does Wireshark handle this issues ? Where is the implementation > of "Follow TCP Stream" command in the source tree
Take a look at gtk/follow_stream.c for the shared GUI portion of each of the follow types (TCP, UDP, SSL). gtk/follow_tcp.c contains a good portion of the follow TCP implementation. epan/follow.[ch] contains the rest of the code for following streams. As you predicted, the TCP following logic is a lot more complicated than say the UDP. You might want to start there to understand the ideas better before jumping into TCP or SSL. Steve ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
