You can tell Wireshark to only capture x bytes, so lets say you
only want to capture the first 100 bytes, this field would tell you Captures
100 but the full packet size was 1300 (or whatever it was) incase that is
something you care about. Its also nice to use when someone limits a capture
for you and doesn’t tell you and none of the dissectors are making any
sense…
If you go to Statistics, Conversations you can see the bytes listed
(click around the tabs for different perspectives) If you need a nice graphs you
should have a look at Pilot (http://www.cacetech.com/products/cace_pilot.html)
it’s a super cool tool written by Cace (the guys who do a lot of the work
on Wireshark) its not free but very cool, or if you have a router, smart
switch, ect in there you might want to try a monitoring program like cacti (http://www.cacti.net/)
Hope that helps
From:
wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx]
On Behalf Of Collin D Wainscott
Sent: Tuesday, January 12, 2010 11:37 AM
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] Noob Questions
Hey Wireshark Users,
I am pretty new to understanding wireshark and need to know a few things for a
project I am doing. First off, what exactly does the line "x bytes
on wire, x bytes captured" refer to? Also I am looking for some
confirmation on the direction of my project or advice. I am trying to
monitor exactly how much data is being sent to and from a specific IP
address. Would the previously mentioned line tell me this
information? If this is worded awkwardly, just tell me and I will try to
specify what I am looking for.
Thanks and godspeed,
Collin Wainscott
