This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi,

I would like to capture on real time the traffic that came from clients to a specific TCP port on my server. I am a newbie on wireshark and I would like some help to build a bash script that give the network bandwidth for each connection to my server.

Thanks for any help.

SP

This question is marked "community wiki".

asked 15 Dec '15, 15:16

sperezz's gravatar image

sperezz
6112
accept rate: 0%


Firstly note that neither Wireshark or tshark are great for long running captures as they will run out of memory due to state tracking between packets, see the Wiki page on this issue for more information.

Given the above, when you have a capture file, Wireshark can show statistics by IP address which will relate to your client connections. This is in the Statistics -> Conversations tables, then select the TCP tab.

For tshark, the corresponding option uses the -z conv,tcp arguments, see the man page for more info.

permanent link

answered 16 Dec '15, 04:12

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×752
×69
×57

question asked: 15 Dec '15, 15:16

question was seen: 1,131 times

last updated: 16 Dec '15, 04:12

p​o​w​e​r​e​d by O​S​Q​A