Wireshark
the world's foremost network protocol analyzer
Wireshark-users: Re: [Wireshark-users] Number of connections to host IP address?
From: Hansang Bae <for_list_hbae@xxxxxxxxxx>
Date: Fri, 11 Dec 2009 21:51:12 -0500
On 2009-12-04, dkraut wrote:
> I've been asked to find out if Wireshark has the ability to
determine the
> active number of connections at a given time? For example, If I
perform
> a capture of all traffic to/from our DB server from 3pm to 4pm,
is there
> anyway to tell how many active connections there were to the DB
IP address
> at 3pm, 3:15pm, 3:30pm, etc.?
Wireshark can't do this, but you can simply run the capture file
through
Ostermann's tcptrace <http://www.tcptrace.org/> to produce a graph of
the number of open connections over time. The options would be
something
like this:
I think you're over thinking this. If you bring up the conversation list, you can see all the TCP connections. The thing is that display doesn't sort by time by default. Bring up the table (Statistics, Conversations, TCP) then sort by REL START time.
Since you have the start time and duration, you can quickly copy it into a spreadsheet and produce a chart that shows the active connections. Email me at hbae at nyc.rr.com if you want to see an example.
-- Thanks, Hansang
- References:
- [Wireshark-users] Number of connections to host IP address?
- From: dkraut
- Re: [Wireshark-users] Number of connections to host IP address?
- From: James Taylor
- Re: [Wireshark-users] Number of connections to host IP address?
- From: John Hinckley
- [Wireshark-users] Number of connections to host IP address?
- Prev by Date: Re: [Wireshark-users] Regarding tcp.stream filtering.
- Next by Date: [Wireshark-users] RTP, SIP and RTCP
- Previous by thread: Re: [Wireshark-users] Number of connections to host IP address?
- Next by thread: [Wireshark-users] New mirror in Brno, CZ, EU
- Index(es):