Re: using promiscuous mode to tabulate network statistics

["Terra Frost" <terrafrost () gmail com>]

Hadn't thought about that.  On Windows XP, though, it (well, the Local
Area Connection Status thing) doesn't tell you how many bytes (or KB,
MB, or whatever) it's sent, but rather, how many packets.  Since
packets can be of any arbitrary size, that seems to be of limited
usefulness.

Also, the stats reset when you turn the machine off.  I'd like to be
able to just leave this one machine on for a few days and see which
computer has sent the most, be it in one "session" or not.  All the
computers have static IP addresses, so correlating them by IP address
shouldn't be a problem.

On Tue, Nov 25, 2008 at 2:01 PM, s0h0us <s0h0us () yahoo com> wrote:
> how about just looking at the nic stats of each pc?
>
>
>
> ----- Original Message ----
> From: Terra Frost <terrafrost () gmail com>
> To: security-basics () securityfocus com
> Sent: Tuesday, November 25, 2008 12:51:18 PM
> Subject: using promiscuous mode to tabulate network statistics
>
> I have four computers all plugged into a hub and I'd like to see which
> one (well, which IP address) is sending / receiving the most data.  To
> do this, I was thinking I could just install a package that would
> tabulate such statistics using promiscuous mode.  Wireshark can sniff
> packets via promiscuous mode but if it can be used in this manner, I'm
> unsure of how.
>
> I'm also not interested in real time statistics - I just want to know
> how much data has been sent / received since the analysis program has
> been running.
>
> Any ideas?