I'm looking to filter data by how long the TCP handshake took. By this, I mean the time between the first SYN and the last ACK (after the FIN-ACK). Is this something I can do in wireshark, or something I'm going to have to sort through by hand? asked 02 Apr '14, 09:21  TrolliOlli |
One Answer:
The connections overview will show this (to some extend).
Then sort the conversations for the column 'duration'. Hint: This will also show not yet 'completed' TCP sessions, simply because the capture process was ended while the connections were still active! Regards answered 02 Apr '14, 12:36  Kurt Knochner ♦ |
