Given a pcap that contains hundreds of thousands of packets, find the first connection to a particular server/service where the TCP SYN-ACK took more than 300ms to appear after the initial SYN There are situations, however, where the ability to process a pcap programmatically becomes extremely useful. And for good reason too - Wireshark provides an excellent GUI that not only displays the contents of individual packets, but also analysis and statistics tools that allow you to, for example, track individual TCP conversations within a pcap, and pull up related metrics.
For most situations involving analysis of packet captures, Wireshark is the tool of choice.
0 kommentar(er)
