I took a tcpdump to capture all my application connections to data base server. I can filter the tcpudmp data and extract the session that are relevant by using standard tcpdump filters.
How to find a duration of a tcp session without manually checking packets and calculating the elapsed time.
There are many tools that can read and understand a tcpudmp file. One of them is tcptrace. An example of how to use it to find the time is demonstrated below.
root@db1:~# tcptrace -n -l -o1 1 arg remaining, starting with 'google.pcap' Ostermann's tcptrace -- version 6.6.7 -- Thu Nov 4, 2004 12 packets seen, 12 TCP packets traced elapsed wallclock time: 0:00:00.001738, 6904 pkts/sec analyzed trace file elapsed time: 0:00:07.092266 TCP connection info: 1 TCP connection traced: TCP connection 1: host a: 2a00:1a48:7805:0111:8cfc:cf10:ff08:0a2f:55939 host b: 2a00:1450:400c:0c05::0063:80 complete conn: yes first packet: Wed Oct 24 22:49:59.166611 2012 last packet: Wed Oct 24 22:50:06.258878 2012 elapsed time: 0:00:07.092266 total packets: 12 filename: google.pcap a->b: b->a: total packets: 6 total packets: 6 ack pkts sent: 5 ack pkts sent: 6 ...