how to calculate service response time for SAML ?

I need to calculate the service response time between an appliance (if this is of interest for you: a Google Search Appliance) and our internal SAML identity provider.

There are some restrictions / conditions I have to live with:

• I can't run a dumper on the appliance itself, neither on the network between the appliance and the IDP or the IDP itself
• the appliance is able to run tcpdump for me but I can't influence the command line (one exception below)
• the appliance allows me to enter an ip restriction that it will then send to tcpdump which will then create a .cap file for me which I will then be able to download later
• the cap file is limited to 1 GB in size (should be sufficient to log a lot of transactions)
• I am not able to decrypt the traffic because I don't have access to the keys

I read some posts about http response times but this can't be used for http over tlsv1. What looks most promising to me is this: because the SAML process consists of one single https URL being processed I would be able to calculate the response time by calculating time between first packet and last packet. Having a look at an example trace I downloaded it should be possible to "group" all tcp packages that belong to one transaction by using for example tcp.stream eq 4. In addition to this I enabled Edit -> Preferences -> Protocols -> TCP -> Calculate conversation timestamps and added tcp.time_delta and tcp.time_relative to my displayed columns.

The figures of tcp.time_relative for the last package in the transaction look good, this seems to be the time elapsed between first and last packet. I tried a filter like tcp.time_relative > 0.5 but I am not able to express && packet is final packet.

Can you tell me if my approach is correct ? And how to specify the filter ?