This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How can I know the number of open TCP streams in the pcap file?

0	How can I know the number of open TCP streams in the pcap file? streams tcp asked 18 May '11, 04:23 AlexLA 1●1●1●2 accept rate: 0% What do you mean by "open"? TCP stream that are still ongoing when the trace ended, or just any connection that had data transfers? (18 May '11, 05:13) Jasper ♦♦

One Answer:

If you just want to know how many TCP streams are in a pcap file you can use the Conversations Statistics and look at the number given on the TCP tab.

If you then want to find out how many TCP streams are still open at the end of the trace file you need to find out how many of the total TCP streams have terminated within the trace file. Filter for tcp.flags.reset==1 or tcp.flags.fin==1 and open the conversation statistics again, select the "Limit to display filter" option at the bottom and take a look at how many TCP conversations are left. This the number of streams that have been terminated either with a reset packet or a fin packet. Substract that number from your total stream count and you should be done.

answered 18 May '11, 09:39

Jasper ♦♦
23.8k●5●51●284
accept rate: 18%