I captured a 70MB tcpdump of a linux client that downloads many big files with curl. At some point curl aborts the download with the errror
transfer closed with 3304876121 bytes remaining to read
(the bytes differ every time)
I now want to gather more details about the cause of that so I decided to create and analyze a tcpdump. The Problem now is, that I don't have much experience with tcpdump analyzing except basic filtering and following streams.
Could you please advice me on how I can find the right stream and gather some info's regarding the cause of the abortion?
I'm using wireshark 2.2.3 on Win10 to analyze the traffic.
Best Answer
You can use source and destination filter in wireshark: ip.src==192.168.0.1 and ip.dst==192.168.0.2 if it's http you can add filter: tcp.port == 80 or tcp.port == 443 for ssl. When you find your stream you can click "Follow TCP Stream". You can compare time of failed download and apply time filter to narrow yours search.
Unfortunately there is no way to filter failed download unless you know reason for fail or some additional information.