This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

track tcp established connections on a particular port

0

Is there a tool out there that can show me the # of established connections, per second, on a specific port?

We have an application that listens on a custom port that was developed by a 3rd party. there's no internal tools provided by them that tracks the # of established socketed connections to a specific port. THey're using a Java SocketServer Class library, but i don't know much more than that.

we were using netstat -an to try and get some data about this, but as you know, it doesnt' really count established connections, and i can't find a way to limit to just one port.

i also saw that MS PERFMON has a TCP counter that's "established connections" but that's not per port (server only).

what i'm trying to do is some testing to trend the # of established connections to a particular port for a 2 minute interval.

any advice would be great.

asked 11 Apr '11, 09:05

bubbawny69's gravatar image

bubbawny69
1333
accept rate: 0%


2 Answers:

0

You can use wireshark's IO graph. The final ACK of the 3-way-handhsake has tcp.len=0 and SEQ=1 and ACK=1 (when using relative sequence numbers). So you can create an IO graph based on that filter.

  1. Select "Advanced" at the "unit" dropdown.
  2. Use the filter "tcp.len==0 and tcp.seq==1 and tcp.ack==1", calc: "COUNT(*)" and fill in "tcp.seq" to count.
  3. Click on "Graph 1".

You might want to change the tick frequency and/or pixels per tick to get a nicely formatted graph.

answered 11 Apr '11, 11:22

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

edited 11 Apr '11, 14:17

0

You might also want to look at the answer given to your other question

answered 11 Apr '11, 14:19

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%