Wireshark has very nice and descriptive guide with examples on their official documentation page.
To select a TCP/UDP stream in a pcap, use tcp.stream
filter, for e.g., tcp.stream eq 1
or udp.stream eq 0
. If you are analysing a packet in a pcap and want to see the entire TCP/UDP session contaning that packet, you can do this as following: right click on the packet -> select Follow
-> select TCP Stream
or UDP Stream
. You can also do the same thing by shorcut option + shift + cmd + U
for UDP and option + shift + cmd + T
for TCP on mac.
To see various statistics of different protocols use -z option on Wireshark/tshark command, for e.g., Wireshark -z conv,eth your.pcap
. Same can be done by going to the menubar and selecting Statistics
-> Coversations
from the Wireshark GUI. For more options related to this see tshark [man page](https://www.wireshark