bandwidth capture question
dan at garthwaite.org
Fri May 4 14:01:56 EDT 2018
It _would_ be interesting to capture all the SYN packets and it would be
many orders of magnitude less to capture.
On Fri, May 4, 2018 at 1:51 PM, jsf <jfreeman at gmail.com> wrote:
> Hi Michael,
> Can you recommend a good SNMP capturing tool and a link to a setup how to?
> .. I'm really most interested in just seeing how we're doing with our
> 150/25 circuit and whether or not we should increase/move to fiber/move to
> On Fri, May 4, 2018 at 1:37 PM, <contact at 41magnum.net> wrote:
>> A network tap might work if you are only looking for mirrored traffic
>> from one port. One thing to keep in mind is that this is full duplex (TX &
>> RX) so you will most likely need 2 capture interfaces + 3rd for remote
>> access if you need that. It might be possible to mirror a port off the
>> firewall, but if it's a 1 for 1 mirror you may end up in a situation where
>> you don't see all the traffic (1Gbps TX + 1Gbps RX on 1Gbos link).
>> If all you are looking for is bandwidth, a SNMP monitoring tool might be
>> a better choice for you. Most of these will show you the average bandwidth
>> over the polling period. Not precise, but usually good enough.
>> On Friday, May 4, 2018 at 1:24 PM, Ken D'Ambrosio <ken at jots.org> wrote:
>> Hey, Joshua. Honestly, you're "doing it wrong," for a few reasons.
>> * Capturing *everything* would be huge -- almost certainly fill up your
>> hard disk in relatively short order.
>> * Wireshark isn't the thing to capture it with. If you want that, dump
>> it using "tcpdump" (or its Windows equivalent), and then look at it later,
>> with Wireshark.
>> * But, as noted in the initial point, that gets big, VERY fast. Instead,
>> I would recommend just watching metrics -- does Windows show byte counts on
>> an interface? If so, monitor that minute-by-minute. Or -- probably an
>> even better choice -- get some software that will monitor per-IP usage.
>> Though others may have actual suggestions on software to use, as I don't.
>> However, NONE of that will even work if you don't have a switch set up
>> with port mirroring. Ethernet these days is switched, which means that
>> simply plugging into the same switch will only show you broadcast traffic,
>> not point-to-point traffic. So you'd miss out on something like 99% of the
>> data. Given the scenario you mention (basically, "Comcast modem"), I think
>> you'll probably need to pick up a smart Ethernet switch -- one that has
>> port mirroring -- to even get started down this road.
>> All of this is relatively non-trivial, but could probably be worked
>> through if you're really trying to make it happen.
>> On 2018-05-04 13:09, jsf wrote:
>> Hi friends,
>> I am IT dir. at a small independent school in CT nowadays. I have a
>> comcast modem. my firewall plugs into a wired port in the comcast modem.
>> I have an old PC running windows 8.1. I have installed wireshark on the
>> old PC. I have plugged the old PC's network interface into another wired
>> port on the comcast modem. Ideally I would like to use wireshark to
>> capture EVERYTHING going across the modem - basically everything that is
>> going in and out of the connection between the modem and my firewall. I am
>> at a loss w/r/t how to set this up properly.
>> a step-by-step how to, or even a quick shared screen session or phone
>> call would be appreciated.
>> I am trying to get a sense regarding the schools' bandwidth usage.. we
>> have 150/25 over coax. i think performance is pretty good most of the time
>> (we are a small school).. but not everyone agrees with me. If we have too
>> little bandwidth (are hitting a max periodically) I'd like to know that.
>> Thanks in advance for help with this and recommendations about anything
>> else I should put on this old PC to help with this exercise.
>> best wishes,
>> [View Joshua S. Freeman's profile on LinkedIn]
>> gnhlug-discuss mailing list
>> gnhlug-discuss at mail.gnhlug.org
> [image: View Joshua S. Freeman's profile on LinkedIn]
> gnhlug-discuss mailing list
> gnhlug-discuss at mail.gnhlug.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the gnhlug-discuss