How can I know which packet belongs to a specific TCP session? In my experiment, a client establishes a TCP session with the web server every 5 seconds using wget
command (I also noticed it uses different port number each time). When I trace the packets in Wireshark, I use port number of the client side to filter the packets that belong to each session. Is that practical? I thought I can use sequence numbers but this will be tedious !!!
TCP – How to Refer Packets That Belong to Specific TCP Session
cisconetwork-coretcpwireshark
Best Answer
TCP creates connections between the TCP peers. Each TCP peer creates a socket, which is identified by the TCP address (port) and IP address. The pair of sockets (one in each TCP peer) uniquely identifies the connection. To identify which TCP segments belong to which TCP connection, you need to identify the source and destination IP addresses and source and destination TCP addresses (ports).
RFC 793, TRANSMISSION CONTROL PROTOCOL explains this:
Your question says that you are only using one criterion of the four criteria that identify a unique TCP connection.
As you discovered, each time an HTTP client requests a connection to an HTTP server, it will use a different, random TCP address, know as an ephemeral port. There is a port range in your OS (varies by OS) for these ephemeral ports. The IANA recommendation for ephemeral ports is to use ports
49152
to65535
, but different OSes use different ranges.FYI:
The TCP datagrams are usually referred to a segments because TCP segments the data stream. Packet is used to refer to a layer-3 datagram, e.g. an IP packet, but TCP is a layer-4 protocol.