Wireshark mailing list archives

Re: Number of connections to host IP address?

From: "Mathew Brown" <mathewbrown () fastmail fm>
Date: Fri, 04 Dec 2009 04:25:03 -0800

Wireshark probably isn't the solution to this problem.  You're better
off looking at capturing netflow traffic.  Argus can help you out here -
http://qosient.com/argus/  Using Argus, you can capture netflow traffic
to your server over time.  ratop can give you real-time visibility into
the traffic going to your server including the amount of data
transferred.

On Fri, 04 Dec 2009 07:08 -0500, "Sheahan, John"
<John.Sheahan () priceline com> wrote:

My suggestion would be to write a simple script that logs into the server
via ssh each hour, runs the netstat command, takes the output and greps
for established connections, counts them and logs them.

I'd be happy to put one together if you think it would help you.

-----Original Message-----
From: wireshark-users-bounces () wireshark org
[mailto:wireshark-users-bounces () wireshark org] On Behalf Of Jaap Keuter
Sent: Thursday, December 03, 2009 5:54 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Number of connections to host IP address?

Hi,

Sounds like a job for ntop maybe?

Thanks,
Jaap

dkraut wrote:

I've been asked to find out if Wireshark has the ability to determine 
the active number of connections at a given time?  For example, If 
I perform a capture of all traffic to/from our DB server from 3pm to 
4pm, is there anyway to tell how many active connections there 
were to the DB IP address at 3pm, 3:15pm, 3:30pm, etc.?
 
The problem we're trying to solve here is that there appear to be far 
too many connections to this server at certain times during the day and 
the server admins believe that someone is attacking the server in 
someway and have asked me to investigate for any anomalies 
 
Thanks!


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

-- 
  Mathew Brown
  mathewbrown () fastmail fm

-- 
http://www.fastmail.fm - Access all of your messages and folders
                          wherever you are

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Number of connections to host IP address? dkraut (Dec 03)
- Re: Number of connections to host IP address? Sake Blok (Dec 03)
- Re: Number of connections to host IP address? Jaap Keuter (Dec 03)
  - Re: Number of connections to host IP address? Sheahan, John (Dec 04)
    - Re: Number of connections to host IP address? Mathew Brown (Dec 04)
- Re: Number of connections to host IP address? James Taylor (Dec 07)
  - Re: Number of connections to host IP address? John Hinckley (Dec 07)
    - Re: Number of connections to host IP address? Hansang Bae (Dec 11)