<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /></head><body style='font-size: 10pt; font-family: Verdana,Geneva,sans-serif'>
<p>Hey, Joshua. Honestly, you're "doing it wrong," for a few reasons.</p>
<p>* Capturing *everything* would be huge -- almost certainly fill up your hard disk in relatively short order.</p>
<p>* Wireshark isn't the thing to capture it with. If you want that, dump it using "tcpdump" (or its Windows equivalent), and then look at it later, with Wireshark.</p>
<p>* But, as noted in the initial point, that gets big, VERY fast. Instead, I would recommend just watching metrics -- does Windows show byte counts on an interface? If so, monitor that minute-by-minute. Or -- probably an even better choice -- get some software that will monitor per-IP usage. Though others may have actual suggestions on software to use, as I don't.</p>
<p>However, NONE of that will even work if you don't have a switch set up with port mirroring. Ethernet these days is switched, which means that simply plugging into the same switch will only show you broadcast traffic, not point-to-point traffic. So you'd miss out on something like 99% of the data. Given the scenario you mention (basically, "Comcast modem"), I think you'll probably need to pick up a smart Ethernet switch -- one that has port mirroring -- to even get started down this road.</p>
<p>All of this is relatively non-trivial, but could probably be worked through if you're really trying to make it happen.</p>
<p>-Ken</p>
<p><br /></p>
<p>On 2018-05-04 13:09, jsf wrote:</p>
<blockquote type="cite" style="padding: 0 0.4em; border-left: #1010ff 2px solid; margin: 0"><!-- html ignored --><!-- head ignored --><!-- meta ignored -->
<div dir="ltr">Hi friends,
<div> </div>
<div>I am IT dir. at a small independent school in CT nowadays. I have a comcast modem. my firewall plugs into a wired port in the comcast modem. I have an old PC running windows 8.1. I have installed wireshark on the old PC. I have plugged the old PC's network interface into another wired port on the comcast modem. Ideally I would like to use wireshark to capture EVERYTHING going across the modem - basically everything that is going in and out of the connection between the modem and my firewall. I am at a loss w/r/t how to set this up properly.</div>
<div> </div>
<div>a step-by-step how to, or even a quick shared screen session or phone call would be appreciated.</div>
<div> </div>
<div>I am trying to get a sense regarding the schools' bandwidth usage.. we have 150/25 over coax. i think performance is pretty good most of the time (we are a small school).. but not everyone agrees with me. If we have too little bandwidth (are hitting a max periodically) I'd like to know that.</div>
<div> </div>
<div>Thanks in advance for help with this and recommendations about anything else I should put on this old PC to help with this exercise.</div>
<div> </div>
<div>best wishes,</div>
<div> </div>
<div>Joshua<br clear="all" />
<div> </div>
-- <br />
<div class="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div><a href="http://www.linkedin.com/in/jfreeman"><img src="cid:15254546805aec97589b412395267498@jots.org" alt="View Joshua S. Freeman's profile on LinkedIn" width="160" height="33" border="0" /></a><br /><br /></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br />
<div class="pre" style="margin: 0; padding: 0; font-family: monospace">_______________________________________________<br /> gnhlug-discuss mailing list<br /> <a href="mailto:gnhlug-discuss@mail.gnhlug.org">gnhlug-discuss@mail.gnhlug.org</a><br /> <a href="http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/">http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/</a></div>
</blockquote>
<p><br /></p>
</body></html>