Hi Abdu,
You'll find a lot of usefull information in the user guide:
http://www.wireshark.org/docs/wsug_html/
In a nutshell...
Add a column to display the packete length(bytes)
Edit - Preferences - User interface - Columns
Select : New
Properties:
Title: change the title to Length
Format: select Packete length(bytes)
Apply - OK
Use capture and/or display filters.
http://wiki.wireshark.org/CaptureFilters
http://wiki.wireshark.org/DisplayFilters
You can use a capture filter to capture only http traffic
Capture - Option - Capture filter
select: Filter name: HTTP TCP port (80) Filter string: tcp port http
You can use filters to capture traffic to/from specific host:
capture filter:
to/from: host 192.168.100.44
to: dst host 192.168.100.44
from: src host 192.168.100.44
display filter:
to/from : ip.addr == 192.168.100.44
to : ip.dst == 192.168.100.44
from : ip.src == 192.168.100.44
While capturing you for instance can look at:
Analyze - Expert Info Composite
Statistics - Conversations
In the "Conversations Window" you can right-click on a
interesting conversation to apply a filter.
Hope this helps
Joan
On Tue, 21 Oct 2008 00:03:21 +0000 abdu bukres wrote:
> I have been using Wireshark in a simple usage looking at the data.
>
> Can Wireshark be used to query the data a bit like SQL, something like:
> List the top 10 ip addresses which caused the most number
> of hits or tcp traffic during the last 10 minutes?
>
> I don't know if Wireshark can capture number of bytes sent
> out in http responses, so can it list which ip addresses are causing
> a lot of outbound traffic?
>
> I would like to query the data captured by Wireshark and
> query it like a database.
>
> Simple examples can get me going fast.
>
> If Wireshark can't do it, any ideas for other sniffers?