Security Basics mailing list archives
RE: using promiscuous mode to tabulate network statistics
From: Jerry Sell <Jerry_Sell () byu edu>
Date: Wed, 26 Nov 2008 08:47:54 -0700
Even though it has some memory problems on large networks, I have found NTOP to be very good for usage statistics. Thank you, Jerry Sell, CISSP Security Analyst Brigham Young University (801)422-2730 Jerry_Sell () byu edu -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Daniel G. Rohan Sent: Wednesday, November 26, 2008 12:48 AM To: Terra Frost; security-basics () securityfocus com Subject: RE: using promiscuous mode to tabulate network statistics Hi Terra, Wireshark will indeed do what you are looking for in the first described scenario. After you capture, or open up a saved capture, you can click on Statistics > IP Address > Create Stats (do not filter). As far as viewing real-time statistics, Wireshark used to provide an interface for very simple stats (percentage of protocols, bytes captured, etc), but I don't see that option anymore (perhaps it's there and buried). You might want to download an old version of Ethereal (previous name of Wireshark) and use that to provide your real-time analysis and then use the Wireshark for any post-capture needs. If this is just a lab environment, this method might suffice. If it's a more permanent or production environment, I would suggest using Cisco netflow and a collector box to gather the statistics you are looking for. Good luck, Dan -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Terra Frost Sent: Tuesday, November 25, 2008 8:51 PM To: security-basics () securityfocus com Subject: using promiscuous mode to tabulate network statistics I have four computers all plugged into a hub and I'd like to see which one (well, which IP address) is sending / receiving the most data. To do this, I was thinking I could just install a package that would tabulate such statistics using promiscuous mode. Wireshark can sniff packets via promiscuous mode but if it can be used in this manner, I'm unsure of how. I'm also not interested in real time statistics - I just want to know how much data has been sent / received since the analysis program has been running. Any ideas?
Current thread:
- using promiscuous mode to tabulate network statistics Terra Frost (Nov 25)
- Message not available
- Re: using promiscuous mode to tabulate network statistics Terra Frost (Nov 26)
- Message not available
- Re: using promiscuous mode to tabulate network statistics Chris Teodorski (Nov 26)
- Re: using promiscuous mode to tabulate network statistics reflect ocean (Nov 26)
- Re: using promiscuous mode to tabulate network statistics Tremaine Lea (Nov 26)
- Re: using promiscuous mode to tabulate network statistics Michael Boman (Nov 26)
- RE: using promiscuous mode to tabulate network statistics Daniel G. Rohan (Nov 26)
- RE: using promiscuous mode to tabulate network statistics Jerry Sell (Nov 26)