This is a static archive of our old Q&A Site. Please post any new questions and answers at

Grouping set of packets in filter


Just started using wireshark, and I am trying to follow server / client TCP flow..

We are running ATM business where i just want to make sure TCP flow is as expected from socket.

For example, if I want to group these message with custom color what should be done:

Client to Server request (PSH MSG)----
---       Server to Client (PSH ACK)
    Server to Client (PSH ACK)-----

For the above flow I have manually HIGHIGHTED a set of packet. Need guidance in handling these type of filters with wireshark.

1398    37977.393994   TCP 41831 > 13824 [PSH, ACK] Seq=3792 Ack=5868 Win=2003 Len=119 TSV=84371804 TSER=720051399
1399    37977.518972    TCP 13824 > 41831 [ACK] Seq=5868 Ack=3911 Win=17680 Len=0 TSV=720058937 TSER=84371804
1400    37977.882262    TCP 13824 > 41831 [PSH, ACK] Seq=5868 Ack=3911 Win=17680 Len=251 TSV=720058973 TSER=84371804
1401    37977.882354   TCP 41831 > 13824 [ACK] Seq=3911 Ack=6119 Win=2003 Len=0 TSV=84371926 TSER=720058973

Sample highlighted image:

alt text

asked 17 Nov '14, 22:41

Ragav's gravatar image

accept rate: 0%