I would like to know how long the TCP connection lasted using tshark, in wiresahrk this info is represented in the conversation statistics asked 18 Oct '11, 17:20  ddayan |
One Answer:
If you know the TCP stream index for the connection, you can pull out the frame.time_epoch field for the first and last frames and subtract them. That will print out the arrival times for each packet in the stream. You can subtract the first number from the last to get the total duration as Wireshark would calculate it. answered 24 Oct '11, 18:15  zachad |
