Detect Suspicious Traffic with "TCP Conversation Completeness"

In my last blog entry, I explained how Wireshark calculates TCP Conversation Completeness based on the TCP flags and whether data is seen in a TCP conversation (stream).

To use this feature, I recommend that you add three columns to Wireshark:

• tcp.stream

• tcp.completeness

• tcp.completeness.str

Heres the link to the full post

https://www.chappell-university.com/post/detect-suspicious-traffic-with-tcp-completeness