I'm looking to filter data by how long the TCP handshake took.
By this, I mean the time between the first SYN and the last ACK (after the FIN-ACK).
Is this something I can do in wireshark, or something I'm going to have to sort through by hand?
asked 02 Apr '14, 09:21
The connections overview will show this (to some extend).
Then sort the conversations for the column 'duration'.
Hint: This will also show not yet 'completed' TCP sessions, simply because the capture process was ended while the connections were still active!
answered 02 Apr '14, 12:36
Kurt Knochner ♦