Follow tcp stream - Where does field "Stream index" come from?

Wireshark has a that feature call开发者_JS百科ed "follow tcp stream", under the menu item "Analyze".

When I use it, a screen capture filter is generated, something like:

tcp.stream eq 1

Where does this index come from?

I can't find any field in the packet that contains it...

the stream index is an internal Wireshark mapping to: [IP address A, TCP port A, IP address B, TCP port B]

All the packets for the same tcp.stream value should have the same values for these fields (though the src/dest will be switched for A->B and B->A packets)

see the Statistics/Conversations/TCP tab in Wireshark to show a summary of these streams

Stream indexes are Wireshark-internal. It just uses a number to uniquely identify a TCP stream.

Besides having same source and destination IPs and ports, packages within a stream conform a whole open-transmit-close communication sequence. So I guess Wireshark internally creates a new stream ID when SYN-ed package arrives and keeps track of all packages in this dialogue until both ends finish it (FIN/RST flags).

Filtering packages with tcp.stream filter is very useful to analyze a particular sequence.