Wireshark-users: Re: [Wireshark-users] aggregating packages in one messages

From: Andrej van der Zee <andrejvanderzee@xxxxxxxxx>
Date: Fri, 4 Sep 2009 14:21:55 +0900
Hi,

> Hi Andrej,
>
> Yep:)
>
> To see the different streams:
> $ tshark -r test.pcap -q -z conv,tcp

Thank you so much again! This is great.

What does "conversation" actually mean? Is this all the data that is
transmitted back and forth for the duration of the connection? I mean,
what event makes the conversation actually start and when does it end,
provided that the capture file contains the whole conversation?

Thank you,
Andrej