Revision history [back]

I have a couple huge Wireshark captures that I need to analyze and report on. Basically I am trying to prove 'what' and 'how' is talking to a pair of servers due to be commissioned.

After I apply my filter (basically for the RFC1918 ranges used by the company) I still end up with over a million packets on each server.

I just need to report on which IPs are talking to these servers, and on which port in an excel format. Something like:

Source: 10.1.1.1 Port: 430 Server responded (y/n): yes

Obviously this is a pcap, so its not just a single traffic, and in the case of SMB its scattered all over the place and may be thousands of packets for what will eventually be a single row in my excel sheet.

Is there any way I can filter each source-IP/dest-port combination into a single entry, without having to manually go over these gigantic captures?

Many thanks,

Josh

I have a couple huge Wireshark captures that I need to analyze and report on. Basically I am trying to prove 'what' and 'how' is talking to a pair of servers due to be commissioned. decommissioned.

After I apply my filter (basically for the RFC1918 ranges used by the company) I still end up with over a million packets on for each server.

I just need to report on which IPs are talking to these servers, and on which port in an excel format. Something like:

Source: 10.1.1.1 Port: 430 Server responded (y/n): yes

Obviously this is a pcap, so its not just a single traffic, and in the case of SMB its scattered all over the place and may be thousands of packets for what will eventually be a single row in my excel sheet.

Is there any way I can filter each source-IP/dest-port combination into a single entry, without having to manually go over these gigantic captures?

Many thanks,

Josh