First time here? Check out the FAQ!
answered 2023-07-31 15:02:15 +0000
What about just opening the pcap file using a Read Filter (File -> Open -> File name: foo.pcap, Read filter: tcp.stream eq 0)?
The equivalent of this in tshark is:
tshark
tshark -r foo.pcap -2R "tcp.stream == 0"
