 | 1 | initial version |
Since we're talking about TCP connections here (not part of the question, but clarified in a comment) the start would be identified by the SYN flag and the end by the FIN or RES flag. Together with the generated stream # this should be it.
