Home page logo
/

wireshark logo Wireshark mailing list archives

Re: number of peers per endpoint?
From: "Dana J. Dawson" <Dana.Dawson () CenturyLink com>
Date: Fri, 14 Mar 2014 11:48:26 -0500

I think the easiest way to do this would be to copy the contents of the conversations pane you're interested in into a 
CSV file using the "Copy" button at the bottom of that window, and then open that file in Excel (or any other 
spreadsheet) and use the tools available there, such as a pivot table.  It's easier than it sounds.

Dana
---
Dana J. Dawson
Principal CPE Engineer, CCIE #1937 (R&S)
CenturyLink, CPE-CTAC
600 Stinson Blvd., Flr 1S
Minneapolis  MN  55413-2620



On Mar 14, 2014, at 7:00 AM, wireshark-users-request () wireshark org wrote:

Hello List,

For network troubleshooting, I often I use the statistics->conversations 
overview.

However, one type of network problem are endpoints that are misbehaving 
by connecting to many different peers (scanners, worms, peer-to-peer 
gotten out of hand etc.). These endpoints may not be generating much 
traffic, but they are creating many sessions and they are suspicious by 
the nature of their behaviour..

Does Wireshark provide an easy way to get the number of peers per 
endpoint, preferably sortable by number of peers?

If not:
In the overview statitistics->endpoints, I was looking for a column 
#of_peers or something like that. But there is no such column. Should be 
easy to calculate I think? Could this be a new feature to request? For 
ethernet it could show the number of ethernet peers per MAC, for ipv4 
the number of ipv4 peers per ipv4, voor tcp, the number of tcp-sessions, 
etc.

Anne Blankert
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault