Wireshark-users: Re: [Wireshark-users] Number of connections to host IP address?

From: "Sheahan, John" <John.Sheahan@xxxxxxxxxxxxx>
Date: Fri, 4 Dec 2009 07:08:40 -0500

My suggestion would be to write a simple script that logs into the server via ssh each hour, runs the netstat command, takes the output and greps for established connections, counts them and logs them.

I'd be happy to put one together if you think it would help you.

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Jaap Keuter
Sent: Thursday, December 03, 2009 5:54 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Number of connections to host IP address?

Hi,

Sounds like a job for ntop maybe?

Thanks,
Jaap

dkraut wrote:
> I've been asked to find out if Wireshark has the ability to determine 
> the active number of connections at a given time?  For example, If 
> I perform a capture of all traffic to/from our DB server from 3pm to 
> 4pm, is there anyway to tell how many active connections there 
> were to the DB IP address at 3pm, 3:15pm, 3:30pm, etc.?
>  
> The problem we're trying to solve here is that there appear to be far 
> too many connections to this server at certain times during the day and 
> the server admins believe that someone is attacking the server in 
> someway and have asked me to investigate for any anomalies 
>  
> Thanks! 
>  

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe