Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: Re: [Wireshark-users] TCP Conversations Question

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: Hansang Bae <hbae@xxxxxxxxxx>
Date: Fri, 04 Apr 2008 23:25:24 -0400

Tom.Saurer wrote:
Is there a way to have Wireshark only gather IP conversation stats (source IP/Port and destination IP/Port) as it watches a nic? We don’t need the full packet information. We need to gather this data for several weeks and it would be to hard to analyze a packet capture to pull that information.
There is no "Monitor" function built into Wireshark. It was actually discussed during Sharkfest (about adding support for this support).
But you can capture it with ring buffers/multiple files. It would be a pain, but then you can run tshark to gather the info you want.
Incidentally, Cacetech announced "Pilot" during Sharkfest. It's main purpose in life is to process pcap files that are large (hundreds of megabytes, for example). 


--

Thanks,
Hansang
  • References:
    • [Wireshark-users] TCP Conversations Question
      • From: Tom . Saurer
  • Prev by Date: Re: [Wireshark-users] doubts about wireshark
  • Next by Date: Re: [Wireshark-users] A little help with a connection issue required
  • Previous by thread: Re: [Wireshark-users] TCP Conversations Question
  • Next by thread: Re: [Wireshark-users] TCP Conversations Question
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation