packet captures with wireshark for network protocols

datchchadatchcha Senior MemberMember Posts: 265
Forum,
I am setting up my switching network, and wanted to play around with wireshark and my 2950 and L3 switches. I am generating traffic to check everything and my setup, but i want to know what is more importent (1) total bytes or (2) the duration. Not sure, so if someone can clue me in...would be great.

thank you,
Jason
Arrakis

Comments

  • networker050184networker050184 Went to the dark side.... Mod Posts: 11,962 Mod
    I'm not sure what you are trying to test here. Wireshark is just a sniffer and will not really test anything.
    An expert is a man who has made all the mistakes which can be made.
  • datchchadatchcha Senior Member Member Posts: 265
    I understand, but what i am looking at is my traffic, and trying to understand wireshark and the principles of packet captures. When i see the capture i am not sure what type of traffic is worse.

    Example: 44501339 bytes for 207.xxx duration, or 21097015 bytes for 428.xxx duration.

    which traffic will cause more problems?

    thank you,
    Dat.
    Arrakis
  • networker050184networker050184 Went to the dark side.... Mod Posts: 11,962 Mod
    Neither are a bad thing. High rates of traffic may not cause any problems, or it could cause lots of problems. Wireshark wouldn't be the best for monitoring something like this. You would want a traffic analyzer to better track flows of traffic.

    In a lab situation without some kind of traffic generator (or a whole bunch of large pings) you are not going to get enough traffic to cause an issue.
    An expert is a man who has made all the mistakes which can be made.
  • tmlerdaltmlerdal Member Member Posts: 80 ■■□□□□□□□□
    Really you'd pick which you want (total bytes or duration) depending on what it is you are watching. In traces I take, I'll do packet slicing so that I can get more packets in an individual capture file, unless there is something deeper I need to look at.

    I think from you are describing if you are just trying to watch network utilization basically, packet slicing would be fine.
  • datchchadatchcha Senior Member Member Posts: 265
    I am doing sql replication, on 5 different servers, and want to see what will my numbers be.

    can you recommend a Traffic Anaylzer to me.
    Arrakis
  • Forsaken_GAForsaken_GA Senior Member Member Posts: 4,024
    Well it depends on what you're looking for. As was mentioned, Wireshark/Ethereal are just packet sniffers. They have some limited ability to do traffic analysis for the periods of time when they're capturing.

    If what you're basically wanting to do is trend traffic patterns, you probably want something more along the lines of MRTG or any of the packages that are RRDTool based that will poll periodically and graph that information (I'm a big fan of Cacti personally).

    If it's just straight tcp analysis you want though, look into web100.
  • datchchadatchcha Senior Member Member Posts: 265
    Well it depends on what you're looking for. As was mentioned, Wireshark/Ethereal are just packet sniffers. They have some limited ability to do traffic analysis for the periods of time when they're capturing.

    If what you're basically wanting to do is trend traffic patterns, you probably want something more along the lines of MRTG or any of the packages that are RRDTool based that will poll periodically and graph that information (I'm a big fan of Cacti personally).

    If it's just straight tcp analysis you want though, look into web100.
    Wow, Cacti looks nice...i am going to have to install that.
    Arrakis
  • datchchadatchcha Senior Member Member Posts: 265
    datchcha wrote:
    Well it depends on what you're looking for. As was mentioned, Wireshark/Ethereal are just packet sniffers. They have some limited ability to do traffic analysis for the periods of time when they're capturing.

    If what you're basically wanting to do is trend traffic patterns, you probably want something more along the lines of MRTG or any of the packages that are RRDTool based that will poll periodically and graph that information (I'm a big fan of Cacti personally).

    If it's just straight tcp analysis you want though, look into web100.
    Wow, Cacti looks nice...i am going to have to install that. thank you
    Arrakis
Sign In or Register to comment.