- Posts: 20
- Thank you received: 0
packet sniffing / monitoring question
- floppyraid
- Topic Author
- Offline
- Junior Member
Less
More
14 years 9 months ago #33369
by floppyraid
packet sniffing / monitoring question was created by floppyraid
Greetings,
I have been watching traffic on our network with Wireshark, and its very detailed, but, I am wanting to do something rather simple and straightforward and I am not sure that wireshark is the best solution for what im trying to do.
I want to be able to easily see, at a whims notice, which host on our network is generating the most traffic (both up and down). we have limited bandwidth, and id like to be able to see if someone is having large sustained file transfers when the network gets slow.
using the IOGraph in wireshark, i can set up 5 filters to things like "ip.addr == 192.168.1.0/24" for example, so that i can see on a graph if it is the 192.168.1.x subnet that is saturating the network, but this doesnt give me a real idea of which node.
if I use the conversations or endpoints sections, they are very detailed and nice, but it takes some time--- if wireshark is up and running for over 10 minutes ill have well over 100,000 packets-- so if i then run conversations or endpoints, it takes some time to compile the statistics.
so for example, is there a plugin for wireshark that will export the statistics, live, to another node on the network which can sift through them easily in real time-- or, is there a different application that is free that you know of that will give a breakdown of individual hosts on a network, and which node is saturating the network?
I have been watching traffic on our network with Wireshark, and its very detailed, but, I am wanting to do something rather simple and straightforward and I am not sure that wireshark is the best solution for what im trying to do.
I want to be able to easily see, at a whims notice, which host on our network is generating the most traffic (both up and down). we have limited bandwidth, and id like to be able to see if someone is having large sustained file transfers when the network gets slow.
using the IOGraph in wireshark, i can set up 5 filters to things like "ip.addr == 192.168.1.0/24" for example, so that i can see on a graph if it is the 192.168.1.x subnet that is saturating the network, but this doesnt give me a real idea of which node.
if I use the conversations or endpoints sections, they are very detailed and nice, but it takes some time--- if wireshark is up and running for over 10 minutes ill have well over 100,000 packets-- so if i then run conversations or endpoints, it takes some time to compile the statistics.
so for example, is there a plugin for wireshark that will export the statistics, live, to another node on the network which can sift through them easily in real time-- or, is there a different application that is free that you know of that will give a breakdown of individual hosts on a network, and which node is saturating the network?
- skepticals
- Offline
- Elite Member
Less
More
- Posts: 783
- Thank you received: 0
14 years 9 months ago #33372
by skepticals
Replied by skepticals on topic Re: packet sniffing / monitoring question
I do not think Wireshark is the best method. What type of switch do you have? You could use SNMP or Netflow to get a better look at the traffic. You could also use MRTG (free) or a host of other network monitoring platforms.
- floppyraid
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 20
- Thank you received: 0
14 years 9 months ago #33375
by floppyraid
Replied by floppyraid on topic greetings
we have a number of different vendors.
the main core L3 switch is netgear
the main L2 switches are Linksys newer, basically cisco (SGE2000/SRW208s and 2008's)
about to put in also another L2 switch, an older Cisco Catalyst 3500XL
is there any open source or free SNMP software that would collect info from all of these vendors? also, what is netflow?
thanks
the main core L3 switch is netgear
the main L2 switches are Linksys newer, basically cisco (SGE2000/SRW208s and 2008's)
about to put in also another L2 switch, an older Cisco Catalyst 3500XL
is there any open source or free SNMP software that would collect info from all of these vendors? also, what is netflow?
thanks
14 years 9 months ago #33376
by Alans
always Face your Fears...
Replied by Alans on topic Re: packet sniffing / monitoring question
I think "Win ARP spoofer" will show you uplink and downlink bw for LAN users.
always Face your Fears...
14 years 9 months ago #33377
by TheBishop
Replied by TheBishop on topic Re: packet sniffing / monitoring question
If your switch supports RMON you could use any one of the many RMON collection and graphing utilities out there. 'Top talkers' is one of the many things you can get from such data
14 years 8 months ago #33800
by Josephy
Replied by Josephy on topic Re: packet sniffing / monitoring question
Hi you can try to use ProteMac Meter.It’s tool record of your network and display internet traffic.It’s must be helpful to your.But only for Mac.
Time to create page: 0.129 seconds