Home page logo
/

wireshark logo Wireshark mailing list archives

number of peers per endpoint?
From: Anne Blankert <anne.blankert () geodan nl>
Date: Thu, 13 Mar 2014 15:58:33 +0100

Hello List,

For network troubleshooting, I often I use the statistics->conversations overview.

However, one type of network problem are endpoints that are misbehaving by connecting to many different peers (scanners, worms, peer-to-peer gotten out of hand etc.). These endpoints may not be generating much traffic, but they are creating many sessions and they are suspicious by the nature of their behaviour..

Does Wireshark provide an easy way to get the number of peers per endpoint, preferably sortable by number of peers?

If not:
In the overview statitistics->endpoints, I was looking for a column #of_peers or something like that. But there is no such column. Should be easy to calculate I think? Could this be a new feature to request? For ethernet it could show the number of ethernet peers per MAC, for ipv4 the number of ipv4 peers per ipv4, voor tcp, the number of tcp-sessions, etc.

Anne Blankert
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org?subject=unsubscribe


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault