Isara Anantavrasilp wrote:
I would like to know if there is anyway to obtain some information of
each connection (or flow or I think it is called "conversation" in
Ethereal).
I amusing Windows version of Ethereal.
In Conversations window, one can obtain some relavant info such as
source/destination addresses, ports, packets sent and received, etc.
However, in my application, I need more details of each connection,
namely, application name (who opened the connection),
You're not going to get that if you're reading a capture file of packet
data - that information isn't available in the packet data.
In theory, it might be possible, on some operating systems, get that
information while the traffic is being captured *IF* the packet is being
sent to or from the machine running Ethereal - of course, that would
only give you the name of the application that has that connection open;
if it was the peer that opened the connection, you wouldn't be able to
get that information without some protocol being available on the peer
to ask it what process has a particular address/port connection endpoint.
However, Ethereal doesn't support that, and I don't know of any projects
to add that. There *might* be programs that get that sort of
information; you might want to look at
http://www.sysinternal.com/
for utilities to do that on Windows.
average bandwidth and if it could, peak bandwidth and burst rate.
Some raw numbers are available from the Statistics->Conversations menu
item; more statistics, and a way to request statistics for a particular
conversation rather than statistics about all conversations, might be
useful.
I don't know whether ntop:
http://www.ntop.org/
would provide those statistics.
