Wireshark mailing list archives
Re: Number of connections to host IP address?
From: "Sheahan, John" <John.Sheahan () priceline com>
Date: Fri, 4 Dec 2009 07:08:40 -0500
My suggestion would be to write a simple script that logs into the server via ssh each hour, runs the netstat command, takes the output and greps for established connections, counts them and logs them. I'd be happy to put one together if you think it would help you. -----Original Message----- From: wireshark-users-bounces () wireshark org [mailto:wireshark-users-bounces () wireshark org] On Behalf Of Jaap Keuter Sent: Thursday, December 03, 2009 5:54 PM To: Community support list for Wireshark Subject: Re: [Wireshark-users] Number of connections to host IP address? Hi, Sounds like a job for ntop maybe? Thanks, Jaap dkraut wrote:
I've been asked to find out if Wireshark has the ability to determine the active number of connections at a given time? For example, If I perform a capture of all traffic to/from our DB server from 3pm to 4pm, is there anyway to tell how many active connections there were to the DB IP address at 3pm, 3:15pm, 3:30pm, etc.? The problem we're trying to solve here is that there appear to be far too many connections to this server at certain times during the day and the server admins believe that someone is attacking the server in someway and have asked me to investigate for any anomalies Thanks!
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Number of connections to host IP address? dkraut (Dec 03)
- Re: Number of connections to host IP address? Sake Blok (Dec 03)
- Re: Number of connections to host IP address? Jaap Keuter (Dec 03)
- Re: Number of connections to host IP address? Sheahan, John (Dec 04)
- Re: Number of connections to host IP address? Mathew Brown (Dec 04)
- Re: Number of connections to host IP address? Sheahan, John (Dec 04)
- Re: Number of connections to host IP address? James Taylor (Dec 07)
- Re: Number of connections to host IP address? John Hinckley (Dec 07)
- Re: Number of connections to host IP address? Hansang Bae (Dec 11)
- Re: Number of connections to host IP address? John Hinckley (Dec 07)