This is more for future edification as I already found a method that worked (this time) to pull out the information I wanted, but is there a better way?
I recently had an issue where I was receiving a large number of TCP session initiation requests from an application server to my database server. In order to get the count per second I used the following display filter: (tcp.flags.syn eq 1 and tcp.flags.ack eq 0) This showed me all the packets with only the initial syn and nothing else. I then looked at the starting source port noted that they increased sequentially and then took the last port number subtracted the first from the last and added 1 to get the total number of session requests in that capture. From there it was just divide that number by the total number of seconds between the first and the last packets. So my question is, is this the best way to do this, or is there a better way? TIA, Jeff _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
