TCP events can be of many types—retransmissions, sliding window events, ACKs, and so on. To see the number of TCP events over time, we can use the I/O graph with the advanced feature and COUNT (Y Axis) parameter.
In the following example, CAP_1674_06_10, we have two TCP streams:
To configure the I/O graph, go through the following steps:
- Open the IO graph from the Statistics menu.
- Configure the display filter columns; in this example, these are as follows:
- The first graph: ip.addr==10.0.0.1 && tcp.port==57449 && ip.addr==92.122.12.174 && tcp.port==80
- The second graph: ip.addr==10.0.0.1 && tcp.port==57627 && ip.addr==88.221.159.148 && tcp.port==80
To configure the filters, you can right-click on the stream line in the conversations window, prepare a filter that will appear in the display filter window, and copy it to the I/O graph window. You can also right-click on one of the packets in the stream and choose to follow the TCP stream.
- Configure the Y Axis parameters:
- Configure COUNT FRAMES (Y Field).
- On the Y Field, configure the filter—in this example, this is tcp.analysis for all TCP events, but it can be any specific filter, such as tcp.analysis.retransmissions, tcp.analysis.zero_window, or any other.
-
- In this example, you will get the graph shown in the following screenshot:
In the last screenshot, we can see two periods of events. We can zoom in on one of them—for example, on the first group of events—and we will get the next screenshot.