Wireshark-users: Re: [Wireshark-users] Better way?

From: "Hans Nilsson" <hasse_gg@xxxxxxxx>
Date: Wed, 07 Mar 2007 04:12:05 -1100
If you simply want to know how many packets a certain display filter is
displaying you can look at the bottom by "D:".


On Wed, 7 Mar 2007 09:45:51 -0500 (EST), "Jeffrey Ross"
<jeff@xxxxxxxxxx> said:
> This is more for future edification as I already found a method that
> worked (this time) to pull out the information I wanted, but is there a
> better way?
> 
> I recently had an issue where I was receiving a large number of TCP
> session initiation requests from an application server to my database
> server.  In order to get the count per second I used the following
> display
> filter:
> 
> (tcp.flags.syn eq 1 and tcp.flags.ack eq 0)
> 
> This showed me all the packets with only the initial syn and nothing
> else.
>  I then looked at the starting source port noted that they increased
> sequentially and then took the last port number subtracted the first from
> the last and added 1 to get the total number of session requests in that
> capture.  From there it was just divide that number by the total number
> of
> seconds between the first and the last packets.
> 
> So my question is, is this the best way to do this, or is there a better
> way?
> 
> TIA, Jeff
> 
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
-- 
  Hans Nilsson
  hasse_gg@xxxxxxxx

-- 
http://www.fastmail.fm - Choose from over 50 domains or use your own