bandwidth capture question

jsf jfreeman at gmail.com
Fri May 4 13:51:22 EDT 2018


Hi Michael,

Can you recommend a good SNMP capturing tool and a link to a setup how to?
.. I'm really most interested in just seeing how we're doing with our
150/25 circuit and whether or not we should increase/move to fiber/move to
symmetrical...

Thanks!

Joshua

On Fri, May 4, 2018 at 1:37 PM, <contact at 41magnum.net> wrote:

> Joshua,
>
> A network tap might work if you are only looking for mirrored traffic from
> one port.  One thing to keep in mind is that this is full duplex (TX & RX)
> so you will most likely need 2 capture interfaces + 3rd for remote access
> if you need that.  It might be possible to mirror a port off the firewall,
> but if it's a 1 for 1 mirror you may end up in a situation where you don't
> see all the traffic (1Gbps TX + 1Gbps RX on 1Gbos link).
>
> If all you are looking for is bandwidth, a SNMP monitoring tool might be a
> better choice for you.  Most of these will show you the average bandwidth
> over the polling period.  Not precise, but usually good enough.
>
> Michael
>
> On Friday, May 4, 2018 at 1:24 PM, Ken D'Ambrosio <ken at jots.org> wrote:
>
>
> Hey, Joshua.  Honestly, you're "doing it wrong," for a few reasons.
>
> * Capturing *everything* would be huge -- almost certainly fill up your
> hard disk in relatively short order.
>
> * Wireshark isn't the thing to capture it with.  If you want that, dump it
> using "tcpdump" (or its Windows equivalent), and then look at it later,
> with Wireshark.
>
> * But, as noted in the initial point, that gets big, VERY fast.  Instead,
> I would recommend just watching metrics -- does Windows show byte counts on
> an interface?  If so, monitor that minute-by-minute.  Or -- probably an
> even better choice -- get some software that will monitor per-IP usage.
> Though others may have actual suggestions on software to use, as I don't.
>
> However, NONE of that will even work if you don't have a switch set up
> with port mirroring.  Ethernet these days is switched, which means that
> simply plugging into the same switch will only show you broadcast traffic,
> not point-to-point traffic.  So you'd miss out on something like 99% of the
> data.  Given the scenario you mention (basically, "Comcast modem"), I think
> you'll probably need to pick up a smart Ethernet switch -- one that has
> port mirroring -- to even get started down this road.
>
> All of this is relatively non-trivial, but could probably be worked
> through if you're really trying to make it happen.
>
> -Ken
>
>
>
> On 2018-05-04 13:09, jsf wrote:
>
> Hi friends,
>
> I am IT dir. at a small independent school in CT nowadays.  I have a
> comcast modem.  my firewall plugs into a wired port in the comcast modem.
> I have an old PC running windows 8.1.  I have installed wireshark on the
> old PC.  I have plugged the old PC's network interface into another wired
> port on the comcast modem.  Ideally I would like to use wireshark to
> capture EVERYTHING going across the modem - basically everything that is
> going in and out of the connection between the modem and my firewall.  I am
> at a loss w/r/t how to set this up properly.
>
> a step-by-step how to, or even a quick shared screen session or phone call
> would be appreciated.
>
> I am trying to get a sense regarding the schools' bandwidth usage.. we
> have 150/25 over coax.  i think performance is pretty good most of the time
> (we are a small school).. but not everyone agrees with me.  If we have too
> little bandwidth (are hitting a max periodically) I'd like to know that.
>
> Thanks in advance for help with this and recommendations about anything
> else I should put on this old PC to help with this exercise.
>
> best wishes,
>
> Joshua
>
> --
> [View Joshua S. Freeman's profile on LinkedIn]
> <http://www.linkedin.com/in/jfreeman>
>
>
> _______________________________________________
> gnhlug-discuss mailing list
> gnhlug-discuss at mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
>
>
>
>


-- 
[image: View Joshua S. Freeman's profile on LinkedIn]
<http://www.linkedin.com/in/jfreeman>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/pipermail/gnhlug-discuss/attachments/20180504/75240cb8/attachment.html 


More information about the gnhlug-discuss mailing list