 | 1 | initial version |
One way I start is by using the filter tcp.len>0 to view only the TCP packets with payload. That will remove all the SYN, RST and ACK packets that might confuse you. Then you can also use statistics -> conversations (TCP tab) and enable "Limit to display filter" to get an overview of how much data was transferred in the sessions that do have payload data.
Is there a (public) link to the pcap file to look at?
