Hi everyone. I urgently need to find the best way to
have Wireshark tell me the ports/protocols on the network so I can tighten down
some firewall rules. I have a Span port on the firewall and am able to do
a trace. Since there are batch jobs and other things that happen only
once a day, I had to let a trace run for 24 hours.
The issue I have is that there were a million packets.
Even if I look at conversations, there is simply too much to review. Is
there a way within Wireshark or using a separate 3rd party
application, free or paid, that can easily take these traces and just tell me
source IP, destination IP, protocol, and destination port? I don’t
want to see an HTTP conversation that occurred 500 times between 2 hosts.
I just need to note it one time for the firewall rules.
I don’t have much recent experience with Wireshark as
I am primarily a network designer. I apologize in advance if this has
been asked many times, but I didn’t find anything in the archives yet.
John Kaberna
