Wireshark-users: Re: [Wireshark-users] aggregating packages in one messages
Date: Thu, 3 Sep 2009 16:50:53 +0200
Hi Andrej,

Right-click a packet and select Follow TCP Stream.


Statistics -> Conversations -> TCP 
Right-click a stream and select Apply as Filter -> Selected -> A <--> B

You can save the displayed packets to a new capture file:
File -> Save as -> Packet Range: Displayed.

Hope this helps

On 3 Sep 2009 22:56:35 +0900 Andrej van der Zee wrote:
>Maybe a silly question, but I am looking for a way to aggregate
>packages that belong to one message (I am not sure if I am using the
>right terminology). I mean, suppose I send a 10k message from A to B,
>then the message is broken up into lets say 10 packages of 1k that
>appear in my cap file. I would like to deduct the size of the total
>message and the timestamp of the first package of the message from the
>cap file. How should I do this?
>Thank you,