Wireshark · Ethereal-users: RE: [Ethereal-users] count the number of packets

Ethereal-users: RE: [Ethereal-users] count the number of packets

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Alistair.McGlinchy@xxxxxxxxxxxxxxxxxxxxx

Date: Wed, 15 Oct 2003 12:41:32 +0100

Suhail

> I am a newbie to Ethereal and I need a little help. I wanted 
> to know if there is a way to capture the NUMBER of packets 
> leaving a host machine. Does Ethereal do this for us or do we 
> have to make modifications to its source code. I would like 
> to do this to use the this of number packets as a metric to 
> maybe use it as a prevention against DoS attacks. Any 
> suggestions and useful links truly appreciated. Thanks. suhail.

Although you could use Ethereal to help you with this problem. There are a
few more appropriate tools.  

First off there's the "netstat" command.  The flags and output format vary
on NT and various UNIX's but it will tell you the number of packets sent and
received since the PC was booted (or stats last cleared). For example
d:\>netstat -e
Interface Statistics

                           Received            Sent

Bytes                    2861863136      2772881997
Unicast packets            75495343        66732680
Non-unicast packets          622497           11379
Discards                          0               0
Errors                            0               0
Unknown protocols           1326118

If you want to monitor these stats remotely and for a long term then I
suggest you use MRTG to collect these statistics via SNMP.  The MIB entries
you are looking at are interfaces.ifTable.ifEntry.ifInOctets and
interfaces.ifTable.ifEntry.ifOutOctets
http://people.ee.ethz.ch/~oetiker/webtools/mrtg/

I like to think of MRTG as binoculars looking into the past, where as
Ethereal provides more of a microscope. Your question appears to need
binoculars rather than a microscope.

Cheers,


Alistair


-----------------------------------------------------------------------


Registered Office:
Marks & Spencer p.l.c
Michael House, Baker Street,
London, W1U 8EP
Registered No. 214436 in England and Wales.

Telephone (020) 7935 4422 
Facsimile (020) 7487 2670

www.marksandspencer.com

Please note that electronic mail may be monitored.

This e-mail is confidential. If you received it by mistake, please let us know and then delete it from your system; you should not copy, disclose, or distribute its contents to anyone nor act in reliance on this e-mail, as this is prohibited and may be unlawful.

The registered office of Marks and Spencer Financial Services PLC, Marks and Spencer Unit Trust Management Limited, Marks and Spencer Life Assurance Limited and Marks and Spencer Savings and Investments Limited is Kings Meadow, Chester, CH99 9FB. These firms are authorised and regulated by the Financial Services Authority.

Prev by Date: [Ethereal-users] Gdk-WARNING Messages with 0.9.15 on Win2k
Next by Date: [Ethereal-users] rtp statistics--how is delay calculated?
Previous by thread: Re: [Ethereal-users] count the number of packets
Next by thread: [Ethereal-users] Can't find the interface
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$