bandwidth capture question

contact at contact at
Fri May 4 14:13:55 EDT 2018

I know several other places have used Nagios, and it should be in most 
linux distribution repositories.  I've not set up or used it myself, 
but should be some tutorials around the web.

On Friday, May 4, 2018 at 1:51 PM, jsf <jfreeman at> wrote:
> Hi Michael,
> Can you recommend a good SNMP capturing tool and a link to a setup 
> how to? .. I'm really most interested in just seeing how we're doing 
> with our 150/25 circuit and whether or not we should increase/move to 
> fiber/move to symmetrical...
> Thanks!
> Joshua
> On Fri, May 4, 2018 at 1:37 PM, <contact at> wrote:
>> Joshua,
>> A network tap might work if you are only looking for mirrored 
>> traffic from one port.  One thing to keep in mind is that this is 
>> full duplex (TX & RX) so you will most likely need 2 capture 
>> interfaces + 3rd for remote access if you need that.  It might be 
>> possible to mirror a port off the firewall, but if it's a 1 for 1 
>> mirror you may end up in a situation where you don't see all the 
>> traffic (1Gbps TX + 1Gbps RX on 1Gbos link). 
>> If all you are looking for is bandwidth, a SNMP monitoring tool 
>> might be a better choice for you.  Most of these will show you the 
>> average bandwidth over the polling period.  Not precise, but usually 
>> good enough. 
>> Michael
>> On Friday, May 4, 2018 at 1:24 PM, Ken D'Ambrosio <ken at> 
>> wrote:
>>> Hey, Joshua.  Honestly, you're "doing it wrong," for a few reasons.
>>> * Capturing *everything* would be huge -- almost certainly fill up 
>>> your hard disk in relatively short order.
>>> * Wireshark isn't the thing to capture it with.  If you want that, 
>>> dump it using "tcpdump" (or its Windows equivalent), and then look 
>>> at it later, with Wireshark.
>>> * But, as noted in the initial point, that gets big, VERY fast.  
>>> Instead, I would recommend just watching metrics -- does Windows 
>>> show byte counts on an interface?  If so, monitor that 
>>> minute-by-minute.  Or -- probably an even better choice -- get some 
>>> software that will monitor per-IP usage.  Though others may have 
>>> actual suggestions on software to use, as I don't.
>>> However, NONE of that will even work if you don't have a switch set 
>>> up with port mirroring.  Ethernet these days is switched, which 
>>> means that simply plugging into the same switch will only show you 
>>> broadcast traffic, not point-to-point traffic.  So you'd miss out 
>>> on something like 99% of the data.  Given the scenario you mention 
>>> (basically, "Comcast modem"), I think you'll probably need to pick 
>>> up a smart Ethernet switch -- one that has port mirroring -- to 
>>> even get started down this road.
>>> All of this is relatively non-trivial, but could probably be worked 
>>> through if you're really trying to make it happen.
>>> -Ken
>>> On 2018-05-04 13:09, jsf wrote:
>>>> Hi friends,
>>>> I am IT dir. at a small independent school in CT nowadays.  I have 
>>>> a comcast modem.  my firewall plugs into a wired port in the 
>>>> comcast modem.  I have an old PC running windows 8.1.  I have 
>>>> installed wireshark on the old PC.  I have plugged the old PC's 
>>>> network interface into another wired port on the comcast modem.  
>>>> Ideally I would like to use wireshark to capture EVERYTHING going 
>>>> across the modem - basically everything that is going in and out 
>>>> of the connection between the modem and my firewall.  I am at a 
>>>> loss w/r/t how to set this up properly.
>>>> a step-by-step how to, or even a quick shared screen session or 
>>>> phone call would be appreciated.
>>>> I am trying to get a sense regarding the schools' bandwidth 
>>>> usage.. we have 150/25 over coax.  i think performance is pretty 
>>>> good most of the time (we are a small school).. but not everyone 
>>>> agrees with me.  If we have too little bandwidth (are hitting a 
>>>> max periodically) I'd like to know that.
>>>> Thanks in advance for help with this and recommendations about 
>>>> anything else I should put on this old PC to help with this 
>>>> exercise.
>>>> best wishes,
>>>> Joshua
>>>> --
>>>> [View Joshua S. Freeman's profile on LinkedIn] 
>>>> <>
>>>> _______________________________________________
>>>> gnhlug-discuss mailing list
>>>> gnhlug-discuss at
> --
> [View Joshua S. Freeman's profile on LinkedIn] 
> <>
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the gnhlug-discuss mailing list