Hi, I would like to capture on real time the traffic that came from clients to a specific TCP port on my server. I am a newbie on wireshark and I would like some help to build a bash script that give the network bandwidth for each connection to my server. Thanks for any help. SP This question is marked "community wiki". asked 15 Dec '15, 15:16 sperezz |
One Answer:
Firstly note that neither Wireshark or tshark are great for long running captures as they will run out of memory due to state tracking between packets, see the Wiki page on this issue for more information. Given the above, when you have a capture file, Wireshark can show statistics by IP address which will relate to your client connections. This is in the Statistics -> Conversations tables, then select the TCP tab. For tshark, the corresponding option uses the -z conv,tcp arguments, see the man page for more info. answered 16 Dec '15, 04:12 grahamb ♦ |