Question: How to identify connections attempt number (biggest poluter) via NetMon ? RRS feed

  • Question

  • Hi guys,

    I recently installed NetMon tool and the TopUser by Conversation plug-in tool. It was extremely good to find the top trafic talkers but i cant find a way to find the IP with the most conenction attempts to a server. Any idea what must be set in order to achieve that >?


    • Edited by relaxe7 Wednesday, November 14, 2012 1:09 PM
    Wednesday, November 14, 2012 9:29 AM

All replies

  • The TopUsers tool doesn't have a way to provide that kind of information.  The code is open source, so you could extend it to provide this functionallity.

    However, another option is using the evantual replacement for Network Monitor, Message Analyzer.  You'll have to join our program to access the beta.  The cool feature here is grouping on abritrary data, which is like the conversation tree, but you can use any field to pivot.  So in this case, you can Gorup by Destination address, and then show only Syn connects using a filter of (tcp.syn==true && tcp.ack==false).  The result of which is a display showing each destination and a count of the total Syn messages underneath, like:

    Destination (12):

    Destination (4):




    Thursday, November 15, 2012 3:05 PM