This is a static archive of our old Q&A Site. Please post any new questions and answers at

packet count


How to count the number of "syn", "syn+ack", and "ack" packets transferred in each second for some hours. I need to build a time series on that. Thanks in advance


asked 11 Jun '14, 03:08

Varun%20Tharol's gravatar image

Varun Tharol
accept rate: 0%

do you mean "all ACK packets" or just the ones that are part of a TCP handshake?

(11 Jun '14, 03:18) Jasper ♦♦

The ones that are part of a TCP handshake.

(12 Jun '14, 01:21) Varun Tharol

One Answer:


You can use the IO graph for that

Statistics -> IO Graph

Then use the following filters

Graph1: tcp.flags eq 0x02 (SYN)
Graph2: tcp.flags eq 0x12 (SYN-ACK)
Graph3: tcp.flags.ack eq 1 and tcp.seq eq 1 and tcp.ack eq 1 and tcp.len eq 0 (ACK)

The last filter is a bit long (maybe there is a better one) and it will only work if you have enabled relative sequence numbers for the TCP protocol (default setting in Wireshark).

Let Wireshark draw the graphs (X-Axis tick interval 1 second) and then click on the 'Copy' button. This will copy the values for the three graphs into the clipboard from where you can copy it to a spreadsheet or an editor.


answered 11 Jun '14, 10:58

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
accept rate: 15%

It works. Thank you very much brother.

(12 Jun '14, 01:17) Varun Tharol


Hint: If a supplied answer resolves your question can you please "accept" it by clicking the checkmark icon next to it. This highlights good answers for the benefit of subsequent users with the same or similar questions.

(12 Jun '14, 04:58) Kurt Knochner ♦


(14 Jun '14, 05:35) Varun Tharol