Version 1.6.6 should make a distinction between two sessions with the same ip/port combinations. Are you able to post the file here (if not to big) or else create a bug-report on bugs.wireshark.org? You can also mail me directly if you want to limit the exposure of the file.

Cheers,

Sake

On 23 mei 2012, at 17:21, nangergong wrote:

Version 1.6.6

On Wed, May 23, 2012 at 5:09 PM, Sake Blok <sake-dNWzXRSXXtjz+pZb47iToQ@public.gmane.org> wrote:

Those sessions should be treated as separate. This has been implemented a few years ago already. Which version of Wireshark are you using?

Cheers,

Sake

On 23 mei 2012, at 16:31, nangergong wrote:

yes

On Wed, May 23, 2012 at 4:22 PM, <kcullimo-fHTHtPhtvzrQT0dZR+AlfA@public.gmane.org> wrote:

----- Start Original Message -----
Sent: Wed, 23 May 2012 14:56:39 +0200
From: nangergong <nangergong-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>

To: Community support list for Wireshark <wireshark-users-IZ8446WsY0/dtAWm4Da02A@public.gmane.org>

Subject: Re: [Wireshark-users] what does the TCP stream mean in wireshark

> I used a mobile browser in a HTC smartphone to access some websites and I
> used wireshark to capture the packets between the mobile browser and the
> website servers.

Multiple handshakes wherein the same source & destination ports were re-used?

>

> On Wed, May 23, 2012 at 2:49 PM, Boonie <newsboonie-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>

> > **

> > Were that packets of a cheap embeded device? Sounds like a buggy TCP stack
> > to me.
> >
> >
> > ----- Original Message -----

> > *From:* nangergong a <nangergong-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>

> > *To:* Community support list for Wireshark <wireshark-users <at> wireshark.org>
> > *Sent:* Wednesday, May 23, 2012 2:13 PM
> > *Subject:* Re: [Wireshark-users] what does the TCP stream mean in

> > wireshark
> >
> > Thanks! But previously I saw a tcp stream where there are several TCP
> > connections (I mean mutiple SYN-SYN/ACK-ACK handshakes)
> >
> > On Wed, May 23, 2012 at 12:48 PM, Martin Visser <martinvisser99-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>wrote:
> >
> >> Nangergong,
> >>
> >> A TCP stream is a single connection between two IP addresses, between the
> >> two same ports. If you see the beginning you'll see the SYN-SYN/ACK-ACK
> >> handshake, an will also see the sequence numbers increasing. Some protocols
> >> like HTTP/1.1 can have multiple higher level conversations on the one
> >> connection, so I am not sure that is what you might be seeing?
> >>
> >> Regards, Martin
> >>
> >> MartinVisser99-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
> >>
> >>
> >>  On 23 May 2012 20:28, nangergong <nangergong-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> >>
> >>> HI, all:
> >>>
> >>>     In wireshark there is an option "Follow the TCP stream", I'm
> >>> wondering what does it mean? it seems that in such a TCP stream there are
> >>> multiple TCP connections.
> >>>
> >>
> > ___________________________________________________________________________
> > Sent via:    Wireshark-users mailing list <wireshark-users <at> wireshark.org>
> > Archives:    http://www.wireshark.org/lists/wireshark-users
> > Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> >             mailto:wireshark-users-request <at> wireshark.org
> > ?subject=unsubscribe
> >
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users-IZ8446WsY09bUvnAld5oAA@public.gmane.orgg>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>              mailto:wireshark-users-request-IZ8446WsY09bUvnAld5oAA@public.gmane.orgg?subject=unsubscribe

----- End Original Message -----

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users-IZ8446WsY0/dtAWm4Da02A@public.gmane.org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request-IZ8446WsY0/dtAWm4Da02A@public.gmane.org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users <at> wireshark.org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request <at> wireshark.org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users-IZ8446WsY0/dtAWm4Da02A@public.gmane.org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request-IZ8446WsY0/dtAWm4Da02A@public.gmane.org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users <at> wireshark.org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request <at> wireshark.org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users-IZ8446WsY0/dtAWm4Da02A@public.gmane.org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request-IZ8446WsY0/dtAWm4Da02A@public.gmane.org?subject=unsubscribe