 Hello, I got some questions about the DCP stream and HDDP stream features in Wireshark and I'm going to illustrate this here. So this is a capture file that I created and where I just visited my website and then later on example.com website. I also had a ping running in the background so that there is a bit of traffic so you can see here the pings, the DNS, here the TCP, HDDP, then more pings and DNS and then again another TCP connection. Now couple of things that I want to show here. If you select the first TCP packet and you go here in the TCP die sector you will find a field that is called the stream index. Now first of all this field is between square brackets and a field in a die sector in Wireshark that is between square brackets indicates a field that is not present in the data itself. So this is a field that Wireshark itself the die sector has added. It's not present in the TCP data. This is something that Wireshark has added. And Wireshark will give an index to each stream that it sees in the capture file and it starts numbering those streams with zero. So this is the first stream, stream zero. Here this one here another SYN packet you can see this is stream one. That's another TCP connection here in this case. Now what I like to do is to have this stream index here displayed as a column in my view and you can do this by selecting stream index here right clicking and then say apply as column and then here you have the stream index as column and then you can see what protocols have streams and their number. So of course TCP here has numbers now ICMP and DNS no stream index. So here you can see the two TCP HTTP connections here when I visit my website and then later when I go to the example.com website here that's another TCP HTTP stream with index two. Now a thing you can do when you have streams like TCP HTTP is you can select a packet and then right click and say here follow. And here you have a couple of options and the only option that is available here to us now is TCP stream. Now watch here so my display filter here is empty and when I say follow TCP stream and I click on these two things will happen. First of all I will have a dialog box here that displays the content of the TCP stream so all the packets together. And here also the display filter has changed it has become TCP dot stream equals zero so only to display the packets of stream zero and nothing else. And here in that stream view in that TCP stream view in pink we see the packets coming from the client and in blue the packets are coming from the server. This is my HTML page that you see coming back pink is client you can see it below here and blue is a server. If you change here that display to one for example then you can see all the packets of TCP stream with index one. And last one here in this capture is number two here you see all those packets. This one here is when I visit example.com now let me show you again TCP follow TCP stream and here you can see that I visit the website example.com here with HTTP. Now remark the following in reply from the server you can see your content encoding gzip so the content is compressed. And if you look here after the headers what you have from data here it's something that is not readable that's because this is gzip compressed. And the same here for the request for the fav icon here not found gzip compressed and here we have data that is compressed. Now here we selected TCP but if you select something a packet that is recognized as an HTTP packet then if you go into follow then the HTTP stream is also enabled as an option. So not only do you have TCP stream in that case but also HTTP stream. Let's click on this. And now you get a slightly different view and still pink and blue for what is coming from the client and from the server but this time here although it is compressed into HTTP follow stream view the content has been decompressed. So here you can actually see the HTML that has been sent here example domain this domain is established for to be used for illustrative examples in documents. And here the request for fav icon with a 404 and here you can see the 404 response. So that is the difference between TCP and HTTP stream and also to have the options you have to select the right packet. If you select the TCP packet then it is only the TCP stream option that you have but if you select a packet that has also been dissected as HTTP then not only do you have TCP because it is TCP but also HTTP stream because it is HTTP.