Wireshark · Ethereal-users: RE: [Ethereal-users] Collecting data for detailed traffic analyses

Ethereal-users: RE: [Ethereal-users] Collecting data for detailed traffic analyses

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Visser, Martin" <martin.visser@xxxxxx>

Date: Fri, 21 Apr 2006 15:49:35 +1000

Ethereal can certainly do this - it just depends how long you want to
run this for. If my maths serves me correctly T1 at 1.5Mbps full-duplex
will carry about 300kB per second max. This equates to a bit over 1GB
per hour, 24GB per day.

If you configure Ethereal to capture say just the first 128 bytes of
each packet you might be able to get this down to 1/10th of the size -
so you could allow for say 3GB per day. 

You would probably want to split the capture into 1 hour long files for
ease of management while you are capturing. (You can also then compress
your captures in batch mode).

Ethereal can produce conversation matrices if you want at IP and TCP/UDP
port level.

The alternative tool that specifically allows you to view conversational
data and can use ethereal captured data, or natively capture data is
Ntop - http://www.ntop.org

Regards, Martin


Martin Visser

Technology Consultant 
Consulting & Integration
Technology Solutions Group - HP Services

410 Concord Road
Rhodes NSW  2138
Australia 

Mobile: +61-411-254-513
Fax: +61-2-9022-1800     
E-mail: martin.visserAThp.com

This email (including any attachments) is intended only for the use of
the individual or entity named above and may contain information that is
confidential, proprietary or privileged. If you are not the intended
recipient, please notify HP immediately by return email and then delete
the email, destroy any printed copy and do not disclose or use the
information in it.


-----Original Message-----
From: ethereal-users-bounces@xxxxxxxxxxxx
[mailto:ethereal-users-bounces@xxxxxxxxxxxx] On Behalf Of Mike Armstrong
Sent: Friday, 21 April 2006 3:55 AM
To: ethereal-users@xxxxxxxxxxxx
Subject: [Ethereal-users] Collecting data for detailed traffic analyses

I need a way to collect basic traffic packet data (source IP & port,
destination IP & port, byte count) at T1 speeds.  Ultimately I want to
produce an in/out matrix showing where traffic originated and where it
went. 
Any suggestions how this might be accomplished?  Basically, I'd like to
record just packet header information for later analysis. 

_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users

Prev by Date: Re: [Ethereal-users] Collecting data for detailed traffic analyses
Next by Date: [Ethereal-users] Problem with text2pcap
Previous by thread: Re: [Ethereal-users] Collecting data for detailed traffic analyses
Next by thread: [Ethereal-users] Ethereal 0.99.0pre1 available for testing
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$