Wireshark-users: Re: [Wireshark-users] Number of connections to host IP address?

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Sake Blok" <sake@xxxxxxxxxx>
Date: Thu, 3 Dec 2009 22:10:02 +0100
There is no (easy) way to graph the amoutn of concurrent connections. But I would use the IO graphs to plot the amount of TCP-SYN's to your DB server over time. And maybe also plot the TCP-FIN and TCP-RST's in the same graph to get an idea on connection teardowns as well. If you're not sure how to use the IO-graphs, just say so and I'll help you through it...
 
Cheers,
 
 
Sake
 
----- Original Message -----
From: dkraut
Sent: Thursday, December 03, 2009 8:58 PM
Subject: [Wireshark-users] Number of connections to host IP address?

I've been asked to find out if Wireshark has the ability to determine the active number of connections at a given time?  For example, If I perform a capture of all traffic to/from our DB server from 3pm to 4pm, is there anyway to tell how many active connections there were to the DB IP address at 3pm, 3:15pm, 3:30pm, etc.?
 
The problem we're trying to solve here is that there appear to be far too many connections to this server at certain times during the day and the server admins believe that someone is attacking the server in someway and have asked me to investigate for any anomalies 
 
Thanks! 
 
 

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe