This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Plotting TCP Sequence Number Against Timestamp Option Value?

0

Hi there,

Does anyone know of a way to take a packet capture and plot TCP sequence numbers against timestamp option values?

Thanks, Harry

asked 07 Dec '14, 11:56

pottedcactus's gravatar image

pottedcactus
16114
accept rate: 0%


One Answer:

1

You could try the standard TCP Stream Graph, maybe that's "good enough" for your purpose.

Statistics -> TCP Stream Graph -> Time Sequence Graph

Please be aware, that you will get different graphs, if you choose a frame from C->S versus S->C!

If you really need a graph the the TCP timestamp option, you'll have to create the graph yourself.

tshark -nr input.pcap -Y "display filter" -T fields -e frame.number -e tcp.seq -e tcp.options.timestamp.tsval

Please replace "display filter" with the wireshark display filter you need to extract data from the right connection in the pcap file.

Then take that output and feed it into Excel or another spreadsheet software to create the graph.

Regards
Kurt

answered 08 Dec '14, 05:12

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 08 Dec '14, 05:13