This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Bytes in flight - wireshark

0

Is there a field for a "bytes in flight" in Wireshark? How do we calculate or add a field for bytes in flight for each packet on Wireshark?

asked 28 Feb '17, 08:53

armodes's gravatar image

armodes
16181923
accept rate: 0%


One Answer:

2

Yes, the field is named tcp.analysis.bytes_in_flight.

The easy way to display this is to open a capture file, select a TCP packet other than one of the three initial handshake packets, expand the TCP details in the packet details pane, expand the SEQ/ACK Analysis item and then right click the [Bytes in flight: xxx] item and select "Apply As Column" from the context menu.

answered 28 Feb '17, 09:17

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

edited 28 Feb '17, 09:25

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142

The protocol preference "Analyze TCP sequence numbers" should be enabled to use "bytes_in_flight".

(28 Feb '17, 09:20) Uli

@Uli,

Good spot, the TCP preference "Track number of bytes in flight" also needs to be enabled.

(28 Feb '17, 10:32) grahamb ♦