On 2009-12-04, dkraut wrote:
> I've been asked to find out if Wireshark has the ability to
determine the
> active number of connections at a given time? For example, If I
perform
> a capture of all traffic to/from our DB server from 3pm to 4pm,
is there
> anyway to tell how many active connections there were to the DB
IP address
> at 3pm, 3:15pm, 3:30pm, etc.?
Mon, Dec 7, 2009 at 7:47 AM, James Taylor <gmane@xxxxxxxxxxxxxxxxxxx
<mailto:gmane@xxxxxxxxxxxxxxxxxxx>> wrote:
Wireshark can't do this, but you can simply run the capture file
through
Ostermann's tcptrace <http://www.tcptrace.org/> to produce a graph of
the number of open connections over time. The options would be
something
like this:
I think you're over thinking this. If you bring up the conversation
list, you can see all the TCP connections. The thing is that display
doesn't sort by time by default. Bring up the table (Statistics,
Conversations, TCP) then sort by REL START time.
Since you have the start time and duration, you can quickly copy it into
a spreadsheet and produce a chart that shows the active connections.
Email me at hbae at nyc.rr.com if you want to see an example.
--
Thanks,
Hansang