Wireshark mailing list archives
Want to monitor a port, count bytes transferred, record who transferred, nothing else
From: wireshark () timares com (Brian Excarnate)
Date: Fri, 20 Apr 2012 10:45:25 -0500
Hi,I went through the man pages, searched Google, searched the FAQ, searched the Wiki, searched the mail list archives, and if I missed what I'm looking for, just point me at it and perhaps suggest a useful search string.
I have several Linux servers, each serving several users their own database, each database has its own port. I have root.
What I want to do is see who (which IP address) connects when, how much is transferred (in and out), when they disconnect. Maybe more based on what things look initially, but that's the core of what I want.
I don't want to capture packets (for various reasons including load), which is where I have trouble figuring out how to get Wireshark to work.
So my first question is: Is there some other tool that is a better choice, and if so which?
Assuming Wireshark can do what I want (can it?): How?I'm not looking for fancy, in fact I prefer simple, and naturally something with minimal load on the box. A file with lines something like this:
10.11.12.13 1334933001 11534336 698351616 1334934052 10.11.12.14 1334934053 1572864 1572864 1334935001 10.11.12.15 1334933000 76546048 456150656 1334937017That is: IP, date +%s start time, bytes to server, bytes from server, date +%s end time. Presumably written as each connection closes. I'm OK with counting in memory, but don't require it!
I'm OK with, but don't prefer, a file similar to: OPEN 10.11.12.15 1334933000 OPEN 10.11.12.13 1334933001 CLOSE 10.11.12.13 1334934052 11534336 698351616 OPEN 10.11.12.14 1334934053 CLOSE 10.11.12.14 1334935001 1572864 1572864 CLOSE 10.11.12.15 1334937017 76546048 456150656I found a program that sounded like it was written to do this, but when it failed to compile for me I asked a programmer friend about it, and said something along the lines of "since he did foo, then it is bar, and you shouldn't use it even if you could get it to compile".
Brian -- As you read my email, keep in mind what Ryan North posits: "Every day each of us says the dumbest thing we are going to say that day." ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Want to monitor a port, count bytes transferred, record who transferred, nothing else Brian Excarnate (Apr 20)