Although wireshark is a very useful tool there are some limitations that bother me:
I have found that scapy and pylab can fill some of the gaps. Here is an example using the python interactive interpreter:
from scapy.all import IP,TCP,rdpcap
from pylab import *
#Import the Capture File
a = rdpcap('smaller-out_00000_20110214101853')
#Filter the Capture File
b = [ pkt for pkt in a if IP in pkt and
(pkt[IP].src == '10.7.0.12' or pkt[IP].dst == '10.7.0.12') ]
#Create an array of TCP Window sizes from the capture
wins = [ int(win[TCP].window) for win in b if TCP in win ]
#Create the Histogram
hist(wins, bins=100)
#Display it
ylabel('Frequency')
xlabel('TCP Window Size')
show()
