Wireshark · Wireshark-users: Re: [Wireshark-users] TCP Conversations Question

Wireshark-users: Re: [Wireshark-users] TCP Conversations Question

From: Hansang Bae <hbae@xxxxxxxxxx>

Date: Fri, 04 Apr 2008 23:25:24 -0400

Tom.Saurer wrote:

Is there a way to have Wireshark only gather IP conversation stats(source IP/Port and destination IP/Port) as it watches a nic? We donï¿½tneed the full packet information. We need to gather this data forseveral weeks and it would be to hard to analyze a packet capture topull that information.

There is no "Monitor" function built into Wireshark. It was actuallydiscussed during Sharkfest (about adding support for this support).

But you can capture it with ring buffers/multiple files. It would be apain, but then you can run tshark to gather the info you want.

Incidentally, Cacetech announced "Pilot" during Sharkfest. It's mainpurpose in life is to process pcap files that are large (hundreds ofmegabytes, for example).



--

Thanks,
Hansang

References:
- [Wireshark-users] TCP Conversations Question
  - From: Tom . Saurer

Prev by Date: Re: [Wireshark-users] doubts about wireshark
Next by Date: Re: [Wireshark-users] A little help with a connection issue required
Previous by thread: Re: [Wireshark-users] TCP Conversations Question
Next by thread: Re: [Wireshark-users] TCP Conversations Question
Index(es):
- Date
- Thread