Wireshark-users: Re: [Wireshark-users] Statistics grouped by port?
From: Brad Johnson <[email protected]>
Date: Wed, 7 Feb 2007 13:11:44 -0500 (EST)
Hi Stephen,

Good point - it isn't ideal, but it's certainly workable! I just assumed
that this feature must already be in Wireshark somewhere since it seems
(to me anyway) to be a common thing you'd want to do with a packet dump,
and I figured I was just stupidly missing where it was. Hopefully it can
be a feature request for a future version. The developers can probably use
a variation of the code that does the Endpoint statistics and add it very
easily. It'd be a nice feature to have, because if this was a repetitive
task, it'd be a pain to have to keep copying my output from Ethereal over
to Excel and manually sum the columns myself.

The Excel spreadsheet option works in the interim for this one-time deal,
though. Thanks for the idea!

- Brad

On Tue, 6 Feb 2007, Stephen Fisher wrote:

> On Tue, Feb 06, 2007 at 03:41:08PM -0500, Brad Johnson wrote:

> Hello everyone - longtime Ethereal/Wireshark user, first time poster.

Welcome to the list!

> Wireshark will group packets by "TCP endpoints", in other words 
> pairings of IP addresses and TCP destination ports. It will tell me 
> how many packets and bytes went IP address X on port Y. That's great 
> and all, but what I want to know is how many packets and bytes went to 
> port Y REGARDLESS of the IP. So basically a list like:

Is a spreadsheet workable?  The TCP endpoints screen has a "Copy" button 
that copies the data to the clipboard in comma separated (CSV) format.  
You could then filter out the ports you don't want an sum() the byte 
columns left.

