bandwidth capture question

Ken D'Ambrosio ken at jots.org
Fri May 4 13:24:40 EDT 2018


Hey, Joshua.  Honestly, you're "doing it wrong," for a few reasons. 

* Capturing *everything* would be huge -- almost certainly fill up your
hard disk in relatively short order. 

* Wireshark isn't the thing to capture it with.  If you want that, dump
it using "tcpdump" (or its Windows equivalent), and then look at it
later, with Wireshark. 

* But, as noted in the initial point, that gets big, VERY fast. 
Instead, I would recommend just watching metrics -- does Windows show
byte counts on an interface?  If so, monitor that minute-by-minute.  Or
-- probably an even better choice -- get some software that will monitor
per-IP usage.  Though others may have actual suggestions on software to
use, as I don't. 

However, NONE of that will even work if you don't have a switch set up
with port mirroring.  Ethernet these days is switched, which means that
simply plugging into the same switch will only show you broadcast
traffic, not point-to-point traffic.  So you'd miss out on something
like 99% of the data.  Given the scenario you mention (basically,
"Comcast modem"), I think you'll probably need to pick up a smart
Ethernet switch -- one that has port mirroring -- to even get started
down this road. 

All of this is relatively non-trivial, but could probably be worked
through if you're really trying to make it happen. 

-Ken 

On 2018-05-04 13:09, jsf wrote:

> Hi friends, 
> 
> I am IT dir. at a small independent school in CT nowadays.  I have a comcast modem.  my firewall plugs into a wired port in the comcast modem.  I have an old PC running windows 8.1.  I have installed wireshark on the old PC.  I have plugged the old PC's network interface into another wired port on the comcast modem.  Ideally I would like to use wireshark to capture EVERYTHING going across the modem - basically everything that is going in and out of the connection between the modem and my firewall.  I am at a loss w/r/t how to set this up properly. 
> 
> a step-by-step how to, or even a quick shared screen session or phone call would be appreciated. 
> 
> I am trying to get a sense regarding the schools' bandwidth usage.. we have 150/25 over coax.  i think performance is pretty good most of the time (we are a small school).. but not everyone agrees with me.  If we have too little bandwidth (are hitting a max periodically) I'd like to know that. 
> 
> Thanks in advance for help with this and recommendations about anything else I should put on this old PC to help with this exercise. 
> 
> best wishes, 
> 
> Joshua
> -- 
> 
> [1]
> 
> _______________________________________________
> gnhlug-discuss mailing list
> gnhlug-discuss at mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

 

Links:
------
[1] http://www.linkedin.com/in/jfreeman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/pipermail/gnhlug-discuss/attachments/20180504/57a7c179/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: blocked.gif
Type: image/gif
Size: 118 bytes
Desc: not available
Url : http://mail.gnhlug.org/pipermail/gnhlug-discuss/attachments/20180504/57a7c179/attachment.gif 


More information about the gnhlug-discuss mailing list