bandwidth capture question

contact at 41magnum.net contact at 41magnum.net
Fri May 4 13:37:41 EDT 2018 

Joshua,

A network tap might work if you are only looking for mirrored traffic 
from one port.  One thing to keep in mind is that this is full duplex 
(TX & RX) so you will most likely need 2 capture interfaces + 3rd for 
remote access if you need that.  It might be possible to mirror a port 
off the firewall, but if it's a 1 for 1 mirror you may end up in a 
situation where you don't see all the traffic (1Gbps TX + 1Gbps RX on 
1Gbos link). 

If all you are looking for is bandwidth, a SNMP monitoring tool might 
be a better choice for you.  Most of these will show you the average 
bandwidth over the polling period.  Not precise, but usually good 
enough. 

Michael
 
On Friday, May 4, 2018 at 1:24 PM, Ken D'Ambrosio <ken at jots.org> wrote:
 

> Hey, Joshua.  Honestly, you're "doing it wrong," for a few reasons.
> 
> * Capturing *everything* would be huge -- almost certainly fill up 
> your hard disk in relatively short order.
> 
> * Wireshark isn't the thing to capture it with.  If you want that, 
> dump it using "tcpdump" (or its Windows equivalent), and then look at 
> it later, with Wireshark.
> 
> * But, as noted in the initial point, that gets big, VERY fast. 
>  Instead, I would recommend just watching metrics -- does Windows 
> show byte counts on an interface?  If so, monitor that 
> minute-by-minute.  Or -- probably an even better choice -- get some 
> software that will monitor per-IP usage.  Though others may have 
> actual suggestions on software to use, as I don't.
> 
> However, NONE of that will even work if you don't have a switch set 
> up with port mirroring.  Ethernet these days is switched, which means 
> that simply plugging into the same switch will only show you 
> broadcast traffic, not point-to-point traffic.  So you'd miss out on 
> something like 99% of the data.  Given the scenario you mention 
> (basically, "Comcast modem"), I think you'll probably need to pick up 
> a smart Ethernet switch -- one that has port mirroring -- to even get 
> started down this road.
> 
> All of this is relatively non-trivial, but could probably be worked 
> through if you're really trying to make it happen.
> 
> -Ken
> 
>  
> 
> On 2018-05-04 13:09, jsf wrote:
> 
>> Hi friends,
>>  
>> I am IT dir. at a small independent school in CT nowadays.  I have a 
>> comcast modem.  my firewall plugs into a wired port in the comcast 
>> modem.  I have an old PC running windows 8.1.  I have installed 
>> wireshark on the old PC.  I have plugged the old PC's network 
>> interface into another wired port on the comcast modem.  Ideally I 
>> would like to use wireshark to capture EVERYTHING going across the 
>> modem - basically everything that is going in and out of the 
>> connection between the modem and my firewall.  I am at a loss w/r/t 
>> how to set this up properly.
>>  
>> a step-by-step how to, or even a quick shared screen session or 
>> phone call would be appreciated.
>>  
>> I am trying to get a sense regarding the schools' bandwidth usage.. 
>> we have 150/25 over coax.  i think performance is pretty good most 
>> of the time (we are a small school).. but not everyone agrees with 
>> me.  If we have too little bandwidth (are hitting a max 
>> periodically) I'd like to know that.
>>  
>> Thanks in advance for help with this and recommendations about 
>> anything else I should put on this old PC to help with this 
>> exercise.
>>  
>> best wishes,
>>  
>> Joshua
>>  
>> --
>> [View Joshua S. Freeman's profile on LinkedIn] 
>> <http://www.linkedin.com/in/jfreeman>
>>  
>>  
>> _______________________________________________
>> gnhlug-discuss mailing list
>> gnhlug-discuss at mail.gnhlug.org
>> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
> 
>  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/pipermail/gnhlug-discuss/attachments/20180504/7b22b33e/attachment-0001.html

More information about the gnhlug-discuss mailing list