[Ed.Staszko@xxxxxxxxxxxxxxxxx]

If you are looking for a per/second rate, you can use the IO Graph
function, set to Packet/tick, and put your filter:

(tcp.flags.syn eq 1 and tcp.flags.ack eq 0)

 in the "filter" section.

This will give you a TCP connection connection rate.  If want it for a
particular server, just add it to your filter as an "and (ip.address==xxx)"

Ed Staszko
Telecomm Analyst
Mutual of Omaha
402-351-4272




                                                                           
             "Jeffrey Ross"                                                
             <jeff@xxxxxxxxxx>                                             
             Sent by:                                                   To 
             wireshark-users-b         wireshark-users@xxxxxxxxxxxxx       
             ounces@wireshark.                                          cc 
             org                                                           
                                                                   Subject 
                                       [Wireshark-users] Better way?       
             03/07/2007 08:45                                              
             AM                                                            
                                                                           
                                                                           
             Please respond to                                             
                "Community                                                 
             support list for                                              
                Wireshark"                                                 
             <wireshark-users@                                             
              wireshark.org>                                               
                                                                           
                                                                           




This is more for future edification as I already found a method that
worked (this time) to pull out the information I wanted, but is there a
better way?

I recently had an issue where I was receiving a large number of TCP
session initiation requests from an application server to my database
server.  In order to get the count per second I used the following display
filter:

(tcp.flags.syn eq 1 and tcp.flags.ack eq 0)

This showed me all the packets with only the initial syn and nothing else.
 I then looked at the starting source port noted that they increased
sequentially and then took the last port number subtracted the first from
the last and added 1 to get the total number of session requests in that
capture.  From there it was just divide that number by the total number of
seconds between the first and the last packets.

So my question is, is this the best way to do this, or is there a better
way?

TIA, Jeff

_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users



This e-mail and any files transmitted with it are confidential and are solely for the use of the addressee.  It may contain material that is legally privileged, proprietary or subject to copyright belonging to Mutual of Omaha Insurance Company and its affiliates, and it may be subject to protection under federal or state law.  If you are not the intended recipient, you are notified that any use of this material is strictly prohibited.  If you received this transmission in error, please contact the sender immediately by replying to this e-mail and delete the material from your system.  Mutual of Omaha Insurance Company may archive e-mails, which may be accessed by authorized persons and may be produced to other parties, including public authorities, in compliance with applicable laws.