TCP data communication
Once the three-way connection is established, the data is communicated by exchanging the segments and the PUSH flag is set to indicate that the data flows on a connection as a stream of octets, as shown in the following figure:
Select packet#4 from the normal-connection.pcap file as shown in the following screenshot; expand the TCP section in the Packet Details pane:
As you can see in the preceding screenshot:
- The server is sending data to the client as shown in the packet.
- The server sets
tcp.flags.push = 1. - The server sets
tcp.flags.ack =1. - The server data is (29 bytes) and the data value is:
414e495348204e415448204e4f524d414c20434f4e4e4543.... - The server sets
(tcp.flags.ack == 1) && (tcp.flags.push == 1); that is, the[PSH,ACK]flag indicates that the host is acknowledging receipt of some previous data and also transmitting some more data.
The useful Wireshark display filters are:
data: Displays the packet that contains the data information, for all IPs:
data &...
