Wireshark mailing list archives
Re: Graph number of concurrent HTTP connections?
From: noah davids <ndav1 () cox net>
Date: Sun, 22 May 2016 06:56:14 -0700
The following will give you a running count of the number of connections in column 1. You can then use your favorite graphing routine to graph the count. This assumes bash or some similar shell command.
c=0 tshark -r foo.pcap -Y "not tcp.analysis.retransmission && (tcp.flags.syn == 1 || tcp.flags.fin == 1 || tcp.flags.reset == 1) && tcp.port == 80" -T fields -e tcp.flags.syn -e tcp.flags.fin -e tcp.flags.reset | while read s f r; do ((c=$c+$s-$f-$r)); echo $c $s $f $r;done > foo
This will give you a sorted list of the number of connections along with the time stamp from the trace. This might be easier to correlate with any proxy logs.
$ c=0 tshark -r foo.pcap -Y "not tcp.analysis.retransmission && (tcp.flags.syn == 1 || tcp.flags.fin == 1 || tcp.flags.reset == 1) && tcp.port == 80" -T fields -e tcp.flags.syn -e tcp.flags.fin -e tcp.flags.reset -e frame.time | while read s f r t; do ((c=$c+$s-$f-$r)); echo $c $s $f $r $t;done | sort -nk1
One other thought. If you are interesting in the number of connections would it make more sense to filter on SYN-ACKs instead of SYN's?
For the record I am using Ubuntu 16.04 LTS (Xenial Xerus) On 05/22/2016 05:00 AM, wireshark-users-request () wireshark org wrote:
I have been looking into an issue where I suspect that the client can?t connect to a proxy server due to the limit of concurrent connections. As I have a full packet capture of such an incident I was looking for a way to make a graph of the amount of connections over the duration of the packet capture. I could do a rough estimate if I filter with: ((tcp.flags.syn == 1) || (tcp.flags.fin == 1) || (tcp.flags.reset == 1)) && (tcp.dstport == 80) But is there a way to calculate the concurrent sessions? Regards, Hugo.
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Graph number of concurrent HTTP connections? Hugo van der Kooij (May 19)
- Re: Graph number of concurrent HTTP connections? asad (May 21)
- <Possible follow-ups>
- Re: Graph number of concurrent HTTP connections? noah davids (May 22)