 | 1 | initial version |
Apart from the (very flexible) Lua solution, you could also use the TCP completeness filter to achieve (kind of) the same. The filter tcp.completeness & 62 == 34will display all TCP sessions in which there was seen:
I'm leaving out the SYN(1) as there might be sessions where the capture started straight after the SYN, if you only want sessions in which the SYN is also present, you can just use tcp.completeness == 35
