Re: number of peers per endpoint?

["Dana J. Dawson" <Dana.Dawson () CenturyLink com>]

I think the easiest way to do this would be to copy the contents of the conversations pane you're interested in into a 
CSV file using the "Copy" button at the bottom of that window, and then open that file in Excel (or any other 
spreadsheet) and use the tools available there, such as a pivot table.  It's easier than it sounds.

Dana
---
Dana J. Dawson
Principal CPE Engineer, CCIE #1937 (R&S)
CenturyLink, CPE-CTAC
600 Stinson Blvd., Flr 1S
Minneapolis  MN  55413-2620



On Mar 14, 2014, at 7:00 AM, wireshark-users-request () wireshark org wrote:

> Hello List,
>
> For network troubleshooting, I often I use the statistics->conversations 
> overview.
>
> However, one type of network problem are endpoints that are misbehaving 
> by connecting to many different peers (scanners, worms, peer-to-peer 
> gotten out of hand etc.). These endpoints may not be generating much 
> traffic, but they are creating many sessions and they are suspicious by 
> the nature of their behaviour..
>
> Does Wireshark provide an easy way to get the number of peers per 
> endpoint, preferably sortable by number of peers?
>
> If not:
> In the overview statitistics->endpoints, I was looking for a column 
> #of_peers or something like that. But there is no such column. Should be 
> easy to calculate I think? Could this be a new feature to request? For 
> ethernet it could show the number of ethernet peers per MAC, for ipv4 
> the number of ipv4 peers per ipv4, voor tcp, the number of tcp-sessions, 
> etc.
>
> Anne Blankert
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe