This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

packet count

0

How to count the number of "syn", "syn+ack", and "ack" packets transferred in each second for some hours. I need to build a time series on that. Thanks in advance

Varun

asked 11 Jun '14, 03:08

Varun%20Tharol's gravatar image

Varun Tharol
6114
accept rate: 0%

do you mean "all ACK packets" or just the ones that are part of a TCP handshake?

(11 Jun '14, 03:18) Jasper ♦♦

The ones that are part of a TCP handshake.

(12 Jun '14, 01:21) Varun Tharol

One Answer:

1

You can use the IO graph for that

Statistics -> IO Graph

Then use the following filters

Graph1: tcp.flags eq 0x02 (SYN)
Graph2: tcp.flags eq 0x12 (SYN-ACK)
Graph3: tcp.flags.ack eq 1 and tcp.seq eq 1 and tcp.ack eq 1 and tcp.len eq 0 (ACK)

The last filter is a bit long (maybe there is a better one) and it will only work if you have enabled relative sequence numbers for the TCP protocol (default setting in Wireshark).

Let Wireshark draw the graphs (X-Axis tick interval 1 second) and then click on the 'Copy' button. This will copy the values for the three graphs into the clipboard from where you can copy it to a spreadsheet or an editor.

Regards
Kurt

answered 11 Jun '14, 10:58

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

It works. Thank you very much brother.

(12 Jun '14, 01:17) Varun Tharol

good!

Hint: If a supplied answer resolves your question can you please "accept" it by clicking the checkmark icon next to it. This highlights good answers for the benefit of subsequent users with the same or similar questions.

(12 Jun '14, 04:58) Kurt Knochner ♦

Sure.......

(14 Jun '14, 05:35) Varun Tharol