Ethereal-users: Re: [Ethereal-users] count the number of packets

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Tue, 14 Oct 2003 16:52:40 -0700

On Oct 14, 2003, at 2:35 PM, Suhail Hussain wrote:


I wanted to know if there is
a way to capture the NUMBER of packets leaving a host machine. Does Ethereal do 
this for us
No - at least not conveniently. You'd have to capture traffic and then, for example, use a display filter to select the packets leaving that machine and see how many packets there were. 


 or do we have to make modifications to its source code.
If you wanted to use Ethereal to do *only* that, you'd have to modify it.
However, using Ethereal to do that is overkill. I'd write a simple program to do it, using libpcap (which tcpdump and Ethereal/Tethereal, along with snort and Kismet and a pile of other programs, use to capture packets) or Net::Pcap (a Perl interface to libpcap) or....