packet count


How to count the number of "syn", "syn+ack", and "ack" packets transferred in each second for some hours. I need to build a time series on that. Thanks in advance


asked 11 Jun '14, 03:08

Varun Tharol
do you mean "all ACK packets" or just the ones that are part of a TCP handshake?

(11 Jun '14, 03:18) Jasper

The ones that are part of a TCP handshake.

(12 Jun '14, 01:21) Varun Tharol

One Answer:


You can use the IO graph for that

Statistics -> IO Graph

Then use the following filters

Graph1: tcp.flags eq 0x02 (SYN)
Graph2: tcp.flags eq 0x12 (SYN-ACK)
Graph3: tcp.flags.ack eq 1 and tcp.seq eq 1 and tcp.ack eq 1 and tcp.len eq 0 (ACK)

The last filter is a bit long (maybe there is a better one) and it will only work if you have enabled relative sequence numbers for the TCP protocol (default setting in Wireshark).

Let Wireshark draw the graphs (X-Axis tick interval 1 second) and then click on the 'Copy' button. This will copy the values for the three graphs into the clipboard from where you can copy it to a spreadsheet or an editor.


answered 11 Jun '14, 10:58

Kurt Knochner
It works. Thank you very much brother.

(12 Jun '14, 01:17) Varun Tharol


(12 Jun '14, 04:58) Kurt Knochner


(14 Jun '14, 05:35) Varun Tharol