While doing research on Cisco firewall logins, I stumbled on some information that discusses a Wireshark feature called “Follow TCP Stream”.  This feature allows you to follow a particular TCP conversation between two or more hosts. It finds all the TCP packets between a particular source and destination and reassembles the data that was transferred in that particular exchange into something parsable. In effect, the “Follow TCP Stream” feature acts as a filter, but is not limited to a single IP address or protocol.  It will pick up any packets sent to/from the designated host.


To get the feature to work, simply start Wireshark and select an already recorded packet you are interested in by right clicking and selecting “Follow TCP Stream”.  Users can also elect to follow UDP or SSL streams.