 | 1 | initial version |
I don't know if you can do this in Wireshark (I don't think so), but you can get pretty good results using tshark I think. For example:
tshark -r file.pcap -z conv,tcp -q
This will produce output such as follows:
================================================================================
TCP Conversations
Filter:<no filter="">
| <- | | -> | | Total | Relative | Duration |
| Frames Bytes | | Frames Bytes | | Frames Bytes | Start | |
192.168.112.101:39611 <-> 69.4.231.52:http 20545 26190636 13022 707804 33567 26898440 0.000000000 32.8158
================================================================================
With the capture file I tested, there was only a single TCP connection; therefore there's only a single row of data in this output.
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.