Very new to wireshark. I am trying to find average timer between 2 messages in about 50-60 separate wireshark traces collected. The messages are (1) "Get URL" message and (2)the first packet with size >1400 Bytes. Is it possible to write a query or any other method to find this in single trace or for all traces at once?
asked 04 Feb '16, 07:09
Wireshark, as well as tshark which may be more useful for you as you talk about handling multiple files, uses a "display filter" to limit the display of packets (frames) to those matching some conditions. The conditions compare real fields of the packets (such as
Lucky for you, this is the case for http: for the first packet of an http response, the dissector calculates a pseudo-field
Now for your purpose, you would probably use a script, calling a tshark with all your 60 files as parameters and calculating the average from the displayed values. The command for a single file looks as follows:
This outputs only the http response times found in the file, one per line.
answered 04 Feb '16, 22:37