Ask Your Question

Revision history [back]


This will be difficult because is using HTTPS.

If the file was downloaded over HTTP then you could simply check the size before exporting it from the capture using

File - Export Objects - HTTP...

You would see the size (in KB) for your file.

(You may need to enable "Allow subdissector to reassemble TCP streams" in TCP protocol preferences)

But because this 7-zip file is served over HTTPS everything is encrypted.

You can always "eyeball it" by using "Follow TCP." (CTRL+ALT+SHIFT+T)

Using the correct TCP stream index, you can "follow" the TCP stream in a new Window that displays the data.

This data is encrypted but Wireshark does calculate the size of this "conversation.”

In the bottom left corner there is a drop-down menu.

Select the correct direction (Probably SERVER_IP:443 -> YOUR_IP:YOUR_PORT)

You should see the size of all the packets for that direction.

It won't be equal the exact size of your file because of the packet headers.

Assuming headers for Ethernet (14), IPv4 (20) and TCP (20) you can multiply the number of packets for that direction by 54.

This will more or less precisely give you the size of all the packet headers.

So if you need a 1000 packets to transfer the file than you may subtract 54 000 bytes from the size of the conversation in "Follow TCP" for that direction. (About 52,7 KB)

This should give you something close to the "real" size.

Hope this helps.