Plotting TCP Sequence Number Against Timestamp Option Value?


Hi there,

Does anyone know of a way to take a packet capture and plot TCP sequence numbers against timestamp option values?

Thanks, Harry

One Answer:


You could try the standard TCP Stream Graph, maybe that's "good enough" for your purpose.

Statistics -> TCP Stream Graph -> Time Sequence Graph

Please be aware, that you will get different graphs, if you choose a frame from C->S versus S->C!

If you really need a graph the the TCP timestamp option, you'll have to create the graph yourself.

tshark -nr input.pcap -Y "display filter" -T fields -e frame.number -e tcp.seq -e tcp.options.timestamp.tsval

Please replace "display filter" with the wireshark display filter you need to extract data from the right connection in the pcap file.

Then take that output and feed it into Excel or another spreadsheet software to create the graph.


