I'm analyzing our network and have some confusion about the terms: this is the 2-packet output from source to destination.
from these i have to get some features as describe, pls make me clear...
packets with at least a bytes of TCP data payload: it seems tcp.len>0;
The minimum segment size (confusion is headers are included or or not)
The average segment size observed during the lifetime of the connection, the definition: is calculated as the value reported in the actual data bytes divided by the actual data pkts reported.
Total bytes in IP packets, should be ip_len value.
Total bytes in (Ethernet)
The total number of bytes sent
probably related to frame.len and frame.cap_len these two terms are describes as, also make me clear about these two terms.
- frame.cap_len: Frame length stored into the capture file
- frame.len: Frame length on the wire
The "minimum segment size" is something I would normally consider to be "the lowest frame.len value where TCP fragmentation has been used", not "the minimum frame.len size sent", as anything that's smaller than the minimum frame ever sent.