Hello!
I've been asked by our client why our server doesn't work properly. I have a 200MB pcap dump. Quickly watching I've seen many reasons why it could happen: client sends RST after SYN-ACK, ACK to FIN sometime takes about a whole second, big amount of data as response ( not a problem actually ) and so on.
So, I would like to find out which a problem is dominated to dig into a problem further. Result I would like to see is all tcp-stream getting by specified filters.
Well, my question is how to get all tcp-streams by specified filters and how to write a filter where time between FIN and ACK more then says 500ms ?
Can wireshark do it ? Thank you!
