Discussion:
number of peers per endpoint?
Anne Blankert
2014-03-13 14:58:33 UTC
Permalink
Hello List,

For network troubleshooting, I often I use the statistics->conversations
overview.

However, one type of network problem are endpoints that are misbehaving
by connecting to many different peers (scanners, worms, peer-to-peer
gotten out of hand etc.). These endpoints may not be generating much
traffic, but they are creating many sessions and they are suspicious by
the nature of their behaviour..

Does Wireshark provide an easy way to get the number of peers per
endpoint, preferably sortable by number of peers?

If not:
In the overview statitistics->endpoints, I was looking for a column
#of_peers or something like that. But there is no such column. Should be
easy to calculate I think? Could this be a new feature to request? For
ethernet it could show the number of ethernet peers per MAC, for ipv4
the number of ipv4 peers per ipv4, voor tcp, the number of tcp-sessions,
etc.

Anne Blankert
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users-IZ8446WsY0/***@public.gmane.org>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request-IZ8446WsY0/***@public.gmane.org?subject=unsubscribe
Dana J. Dawson
2014-03-14 16:48:26 UTC
Permalink
I think the easiest way to do this would be to copy the contents of the conversations pane you're interested in into a CSV file using the "Copy" button at the bottom of that window, and then open that file in Excel (or any other spreadsheet) and use the tools available there, such as a pivot table. It's easier than it sounds.

Dana
---
Dana J. Dawson
Principal CPE Engineer, CCIE #1937 (R&S)
CenturyLink, CPE-CTAC
600 Stinson Blvd., Flr 1S
Minneapolis MN 55413-2620
Post by Anne Blankert
Hello List,
For network troubleshooting, I often I use the statistics->conversations
overview.
However, one type of network problem are endpoints that are misbehaving
by connecting to many different peers (scanners, worms, peer-to-peer
gotten out of hand etc.). These endpoints may not be generating much
traffic, but they are creating many sessions and they are suspicious by
the nature of their behaviour..
Does Wireshark provide an easy way to get the number of peers per
endpoint, preferably sortable by number of peers?
In the overview statitistics->endpoints, I was looking for a column
#of_peers or something like that. But there is no such column. Should be
easy to calculate I think? Could this be a new feature to request? For
ethernet it could show the number of ethernet peers per MAC, for ipv4
the number of ipv4 peers per ipv4, voor tcp, the number of tcp-sessions,
etc.
Anne Blankert
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users-IZ8446WsY0/***@public.gmane.org>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request-IZ8446WsY0/***@public.gmane.org?subject=unsubscribe
Continue reading on narkive:
Loading...