<div dir="ltr">Thanks Ken,<div><br></div><div>I do have Dell switches on the other side of the firewall. I guess I could mirror the port on the switch that is connected to the firewall (which is connected to the modem?)</div><div><br></div><div>J.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, May 4, 2018 at 1:24 PM, Ken D'Ambrosio <span dir="ltr"><<a href="mailto:ken@jots.org" target="_blank">ken@jots.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="font-size:10pt;font-family:Verdana,Geneva,sans-serif">
<p>Hey, Joshua. Honestly, you're "doing it wrong," for a few reasons.</p>
<p>* Capturing *everything* would be huge -- almost certainly fill up your hard disk in relatively short order.</p>
<p>* Wireshark isn't the thing to capture it with. If you want that, dump it using "tcpdump" (or its Windows equivalent), and then look at it later, with Wireshark.</p>
<p>* But, as noted in the initial point, that gets big, VERY fast. Instead, I would recommend just watching metrics -- does Windows show byte counts on an interface? If so, monitor that minute-by-minute. Or -- probably an even better choice -- get some software that will monitor per-IP usage. Though others may have actual suggestions on software to use, as I don't.</p>
<p>However, NONE of that will even work if you don't have a switch set up with port mirroring. Ethernet these days is switched, which means that simply plugging into the same switch will only show you broadcast traffic, not point-to-point traffic. So you'd miss out on something like 99% of the data. Given the scenario you mention (basically, "Comcast modem"), I think you'll probably need to pick up a smart Ethernet switch -- one that has port mirroring -- to even get started down this road.</p>
<p>All of this is relatively non-trivial, but could probably be worked through if you're really trying to make it happen.</p>
<p>-Ken</p><div><div class="h5">
<p><br></p>
<p>On 2018-05-04 13:09, jsf wrote:</p>
</div></div><blockquote type="cite" style="padding:0 0.4em;border-left:#1010ff 2px solid;margin:0"><div><div class="h5">
<div dir="ltr">Hi friends,
<div> </div>
<div>I am IT dir. at a small independent school in CT nowadays. I have a comcast modem. my firewall plugs into a wired port in the comcast modem. I have an old PC running windows 8.1. I have installed wireshark on the old PC. I have plugged the old PC's network interface into another wired port on the comcast modem. Ideally I would like to use wireshark to capture EVERYTHING going across the modem - basically everything that is going in and out of the connection between the modem and my firewall. I am at a loss w/r/t how to set this up properly.</div>
<div> </div>
<div>a step-by-step how to, or even a quick shared screen session or phone call would be appreciated.</div>
<div> </div>
<div>I am trying to get a sense regarding the schools' bandwidth usage.. we have 150/25 over coax. i think performance is pretty good most of the time (we are a small school).. but not everyone agrees with me. If we have too little bandwidth (are hitting a max periodically) I'd like to know that.</div>
<div> </div>
<div>Thanks in advance for help with this and recommendations about anything else I should put on this old PC to help with this exercise.</div>
<div> </div>
<div>best wishes,</div>
<div> </div>
<div>Joshua<br clear="all">
<div> </div>
-- <br>
<div class="m_-299942232865797119gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div><a href="http://www.linkedin.com/in/jfreeman" target="_blank"><img src="cid:15254546805aec97589b412395267498@jots.org" alt="View Joshua S. Freeman's profile on LinkedIn" width="160" height="33" border="0"></a><br><br></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
</div></div><div class="m_-299942232865797119pre" style="margin:0;padding:0;font-family:monospace">______________________________<wbr>_________________<br> gnhlug-discuss mailing list<br> <a href="mailto:gnhlug-discuss@mail.gnhlug.org" target="_blank">gnhlug-discuss@mail.gnhlug.org</a><br> <a href="http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/" target="_blank">http://mail.gnhlug.org/<wbr>mailman/listinfo/gnhlug-<wbr>discuss/</a></div>
</blockquote>
<p><br></p>
</div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><a href="http://www.linkedin.com/in/jfreeman" target="_blank"><img src="https://static.licdn.com/scds/common/u/img/webpromo/btn_viewmy_160x33.png" width="160" height="33" border="0" alt="View Joshua S. Freeman's profile on LinkedIn"></a><br><br></div></div></div></div></div></div></div></div></div>
</div>