Wireshark mailing list archives

Re: Number of connections to host IP address?

From: "Sake Blok" <sake () euronet nl>
Date: Thu, 3 Dec 2009 22:10:02 +0100

There is no (easy) way to graph the amoutn of concurrent connections. But I would use the IO graphs to plot the amount 
of TCP-SYN's to your DB server over time. And maybe also plot the TCP-FIN and TCP-RST's in the same graph to get an 
idea on connection teardowns as well. If you're not sure how to use the IO-graphs, just say so and I'll help you 
through it...

Cheers,


Sake
 
  ----- Original Message ----- 
  From: dkraut 
  To: wireshark-users () wireshark org 
  Sent: Thursday, December 03, 2009 8:58 PM
  Subject: [Wireshark-users] Number of connections to host IP address?


  I've been asked to find out if Wireshark has the ability to determine the active number of connections at a given 
time?  For example, If I perform a capture of all traffic to/from our DB server from 3pm to 4pm, is there anyway to 
tell how many active connections there were to the DB IP address at 3pm, 3:15pm, 3:30pm, etc.?

  The problem we're trying to solve here is that there appear to be far too many connections to this server at certain 
times during the day and the server admins believe that someone is attacking the server in someway and have asked me to 
investigate for any anomalies  

  Thanks!  




------------------------------------------------------------------------------


  ___________________________________________________________________________
  Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
  Archives:    http://www.wireshark.org/lists/wireshark-users
  Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
               mailto:wireshark-users-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Number of connections to host IP address? dkraut (Dec 03)
- Re: Number of connections to host IP address? Sake Blok (Dec 03)
- Re: Number of connections to host IP address? Jaap Keuter (Dec 03)
  - Re: Number of connections to host IP address? Sheahan, John (Dec 04)
    - Re: Number of connections to host IP address? Mathew Brown (Dec 04)
- Re: Number of connections to host IP address? James Taylor (Dec 07)
  - Re: Number of connections to host IP address? John Hinckley (Dec 07)
    - Re: Number of connections to host IP address? Hansang Bae (Dec 11)