Detect Suspicious Traffic with "TCP Conversation Completeness"

top of page

NetworkDataPedia the knowledge hub for network analysts

Tony Fortunato
- Mar 11
- 1 min read

Detect Suspicious Traffic with "TCP Conversation Completeness"

In my last blog entry, I explained how Wireshark calculates TCP Conversation Completeness based on the TCP flags and whether data is seen in a TCP conversation (stream).

To use this feature, I recommend that you add three columns to Wireshark:

Heres the link to the full post

https://www.chappell-university.com/post/detect-suspicious-traffic-with-tcp-completeness

Recent Posts

Using Wireshark to Baseline HTTP-Ping

Wireshark Tip: Filtering on Subnet Addresses (Laura Chappell)

Why You Need To Use A DHCP Filter

bottom of page