I have lots of hosts on this network, I want to find out who is the "noisiest", I captured 500k packets and many hosts have TCP dup ack (and other things), what regex should I use to sort by and then order output to show worst offender IP? If I just click the 'info' column it just shows scrolls of pages, would like to narrow it down.
Asked
Active
Viewed 435 times
1 Answers
0
If I understand correctly from your question, you want to find out which hosts are sending the most duplicate ACKs.
To show only the duplicate ACKs I'd use the filter tcp.analysis.duplicate_ack
To sort by the host sending the mot of them I'd select Satistics > conversations > IPv4 from the menu bar, and check the "limit to display filter" box in the bottom left. You can then chose to sort by either the number of bytes or the number of packets for each pair of communicating hosts to determine who your "noisiest" hosts are. Do this by clicking the column heading.
