Wireshark-users: [Wireshark-users] newbie question: reassembled package stats

From: Jonsson, Håkan 1 <Hakan1.Jonsson@xxxxxxxxxxxxxxxx>
Date: Thu, 4 Mar 2010 13:37:42 +0100



I have been trying to find a way to get statistics on reassembled HTTP packages, but have not been able to find a way even though I have read the manual, tried all the export and save features, tsharks –z io,stat options, googled etc.


I have a pcap file which captures lots of http requests to different sites as well as other traffic. Now I want to get statistics on the http requests to a specified domain, including total and average size of assembled http requests and responses. I can apply a http contains domainname to filter out the http requests in an io graph, but when doing copy or save, I only get the sizes of one of the TCP packets, not the reassembled request or response.


Sorry for asking this newbie question on the list, but I have simply not been able to find this out myself, even though I am sure it is possible some way.