Revision history [back]
tshark -r <file.pcap> -Y "tcp.stream==278 && tcp.len==1460" | wc -l
or get an overview of all the lengths:
tshark -r <file.pcap> -Y "tcp.stream==278" -T fields -e tcp.len | sort -rn | uniq -c
tshark -r <file.pcap> -Y "tcp.stream==278 && tcp.len==1460" | wc -l
or get an overview of all the lengths:
tshark -r <file.pcap> -Y "tcp.stream==278" -T fields -e tcp.len | sort -rn | uniq -c