Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-users: Re: [Ethereal-users] Flow characteristics

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Isara Anantavrasilp <isara.a@xxxxxxxxx>
Date: Tue, 19 Jul 2005 00:15:51 +0200
Thanks a lot for your reply.
I have checked on the sites u gave me, I think ntop would do the job.
Well, I havent had chance to take a look in details.

What I need is flow characteristics. Well, if it must, I can map application name by hand.
I mean as long as the program can give me characteristic of each flow without app name, its ok.

What about Linux program?
Is there anything can help me get as much info from each flow or connection as possible?

-- Isara

On 7/18/05, Guy Harris <gharris@xxxxxxxxx> wrote:
Isara Anantavrasilp wrote:

> I would like to know if there is anyway to obtain some information of
> each connection (or flow or I think it is called "conversation" in
> Ethereal).
>
> I amusing Windows version of Ethereal.
> In Conversations window, one can obtain some relavant info such as
> source/destination addresses, ports, packets sent and received, etc.
> However, in my application, I need more details of each connection,
> namely, application name (who opened the connection),

You're not going to get that if you're reading a capture file of packet
data - that information isn't available in the packet data.

In theory, it might be possible, on some operating systems, get that
information while the traffic is being captured *IF* the packet is being
sent to or from the machine running Ethereal - of course, that would
only give you the name of the application that has that connection open;
if it was the peer that opened the connection, you wouldn't be able to
get that information without some protocol being available on the peer
to ask it what process has a particular address/port connection endpoint.

However, Ethereal doesn't support that, and I don't know of any projects
to add that.  There *might* be programs that get that sort of
information; you might want to look at

         http://www.sysinternal.com/

for utilities to do that on Windows.

> average bandwidth and if it could, peak bandwidth and burst rate.

Some raw numbers are available from the Statistics->Conversations menu
item; more statistics, and a way to request statistics for a particular
conversation rather than statistics about all conversations, might be
useful.

I don't know whether ntop:

         http://www.ntop.org/

would provide those statistics.


Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube