I think something like
$ netstat -nf inet | grep -c ESTABLISHED
on the server would be more helpful, easy and reliable than
attempting to do it with ethereal which is not good for guessing the
"current state" of things.
On 2/21/06, Marcus Hager <mhager@xxxxxxxxxxx> wrote:
>
> Hi list,
>
> I am searching for a tool which extracts out of a given capture file the
> number of concurrent tcp connections to a given server ip and tcp port.
> I'd like to see this number of connections over the time, from the start
> until the end of the capture.
>
> The idea is to reproduce the number of "connected" sockets the target server
> had during the capture.
> Of course some information from before the start of the capture will be
> missing, but if the capture is big enough and most connections are
> short-term (http) this shouldn't matter.
>
> Is it possible to extract this infomation somehow by using ethereal ? If
> not, does anyone know a tool which is capable of this ?
> Or wouldn't this be a nice new ethereal statistics feature ? ;-))
>
> Thanks & regards,
> Marcus
>
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>
>
>
--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan