No announcement yet.

packet sniffing / monitoring question

  • Filter
  • Time
  • Show
Clear All
new posts

  • packet sniffing / monitoring question


    I have been watching traffic on our network with Wireshark, and its very detailed, but, I am wanting to do something rather simple and straightforward and I am not sure that wireshark is the best solution for what im trying to do.

    I want to be able to easily see, at a whims notice, which host on our network is generating the most traffic (both up and down). we have limited bandwidth, and id like to be able to see if someone is having large sustained file transfers when the network gets slow.

    using the IOGraph in wireshark, i can set up 5 filters to things like "ip.addr ==" for example, so that i can see on a graph if it is the 192.168.1.x subnet that is saturating the network, but this doesnt give me a real idea of which node.

    if I use the conversations or endpoints sections, they are very detailed and nice, but it takes some time--- if wireshark is up and running for over 10 minutes ill have well over 100,000 packets-- so if i then run conversations or endpoints, it takes some time to compile the statistics.

    so for example, is there a plugin for wireshark that will export the statistics, live, to another node on the network which can sift through them easily in real time-- or, is there a different application that is free that you know of that will give a breakdown of individual hosts on a network, and which node is saturating the network?

  • #2
    Re: packet sniffing / monitoring question

    While I've used Wireshark quite a bit, I don't use it for the purpose you're using it for. I would recommend using PRTG and setting up a packet sniffer sensor. There are a number of ways to configure this type of sensor: If you're switch supports port mirroring you can mirror the internet connected port to the port where your workstation is connected and set up the packet sniffer sensor on your workstation. Another way to do it would be to plug a hub in between your router and your switch and connect your workstation to the same hub. Both methods will allow the PRTG packet sniffer on your workstation to see all inbound and outbound internet traffic. The packet sniffer sensor has a much simpler interface than Wireshark and will give you quick and easy to read graphs and charts for all connections, including the top endpoints, top talkers, top protocols, etc. If I remember PRTG allows you to use it free for a limited number of semsors.


    • #3
      Re: packet sniffing / monitoring question

      you could also take a look at cacti.