Hi,
You may want to look into CACE tech Pilot program. It's designed to
work with Wireshark for such large capture analysis.
Thanx,
Jaap
Sent from my iPhone
On 22 mrt 2009, at 20:55, "John Kaberna" <jkaberna@xxxxxxxxx> wrote:
Hi everyone. I urgently need to find the best way to have Wireshark
tell me the ports/protocols on the network so I can tighten down
some firewall rules. I have a Span port on the firewall and am able
to do a trace. Since there are batch jobs and other things that
happen only once a day, I had to let a trace run for 24 hours.
The issue I have is that there were a million packets. Even if I
look at conversations, there is simply too much to review. Is there
a way within Wireshark or using a separate 3rd party application,
free or paid, that can easily take these traces and just tell me
source IP, destination IP, protocol, and destination port? I don’t
want to see an HTTP conversation that occurred 500 times between 2 h
osts. I just need to note it one time for the firewall rules.
I don’t have much recent experience with Wireshark as I am primarily
a network designer. I apologize in advance if this has been asked
many times, but I didn’t find anything in the archives yet.
John Kaberna
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx
>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
