2019年7月16日 星期二

Network Monitor TCP Filtering

Data Fields:

Field
Description
Example
TCP.PortFilters on the Source or Destination port.  Used to find traffic based on port which is often associated with an application.TCP.Port==80
TCP.Flags.ResetCan be used to test and see if the reset flag is set.TCP.Flags.Reset==1
TCP.WindowWindow Size of the current TCP frame, but ignoring the scale factor. See Property.TCPWindowSize below.TCP.Window == 0

 Properties:

PropertyDescriptionExample
TCPRetransmitA property that is set when a TCP retransmit is found.  Retransmits are often an indication of a network infrastructure problem and network congestion.Property.TCPRetransmit == 1
TCPPayloadLengthRepresents the TCP Payload Size.TCPPayloadLength == 0
TCPCheckSumStatus This is a string that represents if the check sum is valid or not.  This could be "Good" or "Bad". TCPCheckSumStatus != "Good"
TCPDescription A property to show the TCP Description for the current frame as opposed to the top most protocol description.  This is useful as a frame summary column.  You can also use it to search for specific retransmitted frames by searching for the text in the TCP summary, as the example shows.TCPDescription.Contains("#472")
TCPAckNumber The current frame's Acknowledgement NumberTCPAckNumber==1234
TCPSeqNumber The current frame's Sequence NumberTCPSeqNumber==1234
TCPSeqeunceRange The TCP Sequence range, as a string, which is the current seq number to the current seq plus the length of the TCP payload.TCPSequenceRange.Contains("1234")
TCPShortAckNumber A WORD representation of the Ack number to make it easy to compare and remember.TCPShortAckNumber==1000
TCPShortSeqNumber A WORD representation of the Seq number to make it easy to compare and remember.TCPShortSeqNumber==1000
TCPFlags A string representation of the various TCP flags for the frame: CWR, ECE, Urgent, Ack, Push, Reset, Syn, Fin. TCPFlags.Contains("R")
TCPWindowSize The Window Size for the current frame including the scaling factor if the 3 way handshake is available in the same trace.TCPWindowSize==0

沒有留言:

張貼留言