This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Number of established TCP connections in time

0

Hi,

is it possible to graph number of established tcp connections in to the endpoint using IO graph in wireshark? We can graph number of TCP.SYN or TCP.FIN/RST packets but don't know how to create graph with establised sessions.

asked 17 Aug '16, 01:16

razor85's gravatar image

razor85
6112
accept rate: 0%

One Answer:

1

No. With the IO Graph you can plot only value of fields or count fields. You can´t graph session states, if there is no field in Wireshark.

So from my Point of view you have different options to do that kind of Graph:

  1. You can Export the SYN and FFIN/RST Packets to Excel (CSV Export) and use the Functions or macros to count the number of concurrent sseions.

  2. You can write your own field in Wireshark and graph that.

  3. You can achieve that goal with a LUA script.

  4. You can use tshark to print the SYN/FIN/RST packets to console or file and script something around that new file.

I have done this once with Excel.

answered 18 Aug '16, 13:13

Christian_R's gravatar image

Christian_R
1.8k2625
accept rate: 16%

edited 18 Aug '16, 13:16