This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

grouping by conversations

0

I have a very big TCP dump between two servers. There are only two IP addresses so each conversation is defined by the TCP ports used. My question is how do I group the the data by conversations such that all the output is still there just grouped by unique conversation

asked 08 Nov '13, 13:29

mrw_1955's gravatar image

mrw_1955
11112
accept rate: 0%

2 Answers:

0

There is no such grouping feature in Wireshark, at least not in the 'main' GUI.

What you can do:

  • View Conversations: Statistics -> Conversations -> TCP (tab). Then select one conversation and click on 'Follow Stream'. That will create a display filter to show only that single conversation
  • Set a display filter manually: tcp.stream eq 0 or tcp.stream eq 1 etc.

Regards
Kurt

answered 08 Nov '13, 15:36

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

0

try using Splitcap tool, its excellent, works very fast and has various options to manipulate the capture file

answered 10 Nov '13, 22:52

deepacket's gravatar image

deepacket
31224
accept rate: 0%