[Rikard Svenningsen <wireshark@xxxxxxxxxxxxxx>]

Hi everyone 

I have made a bash script counting from 1 to whatever need.
It run a filter as tcp.stream == $count and do what you can see...

1. tshark -r capture.cap -R "tcp.stream == $count" > capture$count.stream
2. tshark -r capture.cap -R "tcp.stream == $count" -w capture$count.cap
3. tshark -r capture.cap -q -z io,stat,120 > capture$count.csv

In the first file I take the first packet and the last packet and calculate the difference as when did the stream start and end.
The next and third file I count number of packet and number of bytes.

Doing that I found out that there might bee some gaps between streams as 1, 2, 3, 5, 7, 8, 9, 10.
How is that?
I thought Wireshark / tshark counted the stream and numbered in a series.



-- 
Med venlig hilsen
Rikard Svenningsen
Smalager 36
DK-7120