This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Filter by TCP Connection (handshake) time.

0

I'm looking to filter data by how long the TCP handshake took.

By this, I mean the time between the first SYN and the last ACK (after the FIN-ACK).

Is this something I can do in wireshark, or something I'm going to have to sort through by hand?

asked 02 Apr '14, 09:21

TrolliOlli's gravatar image

TrolliOlli
1111
accept rate: 0%


One Answer:

0

The connections overview will show this (to some extend).

Statistics -> Conversations -> TCP [tab]

Then sort the conversations for the column 'duration'.

Hint: This will also show not yet 'completed' TCP sessions, simply because the capture process was ended while the connections were still active!

Regards
Kurt

answered 02 Apr '14, 12:36

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%