Hi, i dont think this is possible but i thought id check. i want to audit which ips are being accessed by one source host over a certain link. this bit easy as i can see all ips in the dump... how ever i want to only see one hit to the destination ips in the output...not all traffic so that i can make a list of servers remote side for my audit....i plan on running this for a few days hence not wanting all traffic to each host...just need to knw which servers are accessed from the source host. be bice if i cld see a list of all ips in a row just listed once thanks! This question is marked "community wiki". asked 15 Feb '12, 09:05  jesh1980 edited 15 Feb '12, 09:07 |
2 Answers:
wouldn't the Statistics -> Endpoint report help? answered 15 Feb '12, 09:15  thetechfirm |
You can also use Tshark with a bit of scripting as shown in the answer to this question (which is remarkably similar to yours). For Windows PowerShell users the equivalent recipes are: answered 15 Feb ‘12, 09:53  grahamb ♦ edited 15 Feb ‘12, 10:00 thanks..i have knw idea how to do that so may go with the first option (16 Feb ‘12, 03:45) jesh1980 Tshark is the command line version of wireshark, and outputs text strings corresponding to the input capture, live or from a file. The advantage of using Tshark is that the output can then be processed by other applications. My example for Windows users and uses PowerShell, the replacement for the old CMD shell and the linked example is for *nix users. (16 Feb ‘12, 04:11) grahamb ♦ |
that actually looks like what i want...can i extract all this?
you can use the Copy Button at the bottom and paste the data into Excel and muck around all you want.
yea i tried that, looks like i can only one line at a time...
huh?, Go to Statistics - >Endpoints and click on the IP tab. Then if you press on the Copy button and paste the results into notepad you should see the CSV formatted data.
Are you saying that when you paste the data, you only see one line?
ok i got it, im all good!
thanks for you help :)
appreciated buddy!