packet captures with wireshark for network protocols

Forum,
I am setting up my switching network, and wanted to play around with wireshark and my 2950 and L3 switches. I am generating traffic to check everything and my setup, but i want to know what is more importent (1) total bytes or (2) the duration. Not sure, so if someone can clue me in...would be great.

thank you,
Jason

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

networker050184

I'm not sure what you are trying to test here. Wireshark is just a sniffer and will not really test anything.

datchcha

I understand, but what i am looking at is my traffic, and trying to understand wireshark and the principles of packet captures. When i see the capture i am not sure what type of traffic is worse.

Example: 44501339 bytes for 207.xxx duration, or 21097015 bytes for 428.xxx duration.

which traffic will cause more problems?

thank you,
Dat.

networker050184

Neither are a bad thing. High rates of traffic may not cause any problems, or it could cause lots of problems. Wireshark wouldn't be the best for monitoring something like this. You would want a traffic analyzer to better track flows of traffic.

In a lab situation without some kind of traffic generator (or a whole bunch of large pings) you are not going to get enough traffic to cause an issue.

tmlerdal

Really you'd pick which you want (total bytes or duration) depending on what it is you are watching. In traces I take, I'll do packet slicing so that I can get more packets in an individual capture file, unless there is something deeper I need to look at.

I think from you are describing if you are just trying to watch network utilization basically, packet slicing would be fine.

datchcha

I am doing sql replication, on 5 different servers, and want to see what will my numbers be.

can you recommend a Traffic Anaylzer to me.

Forsaken_GA

Well it depends on what you're looking for. As was mentioned, Wireshark/Ethereal are just packet sniffers. They have some limited ability to do traffic analysis for the periods of time when they're capturing.

If what you're basically wanting to do is trend traffic patterns, you probably want something more along the lines of MRTG or any of the packages that are RRDTool based that will poll periodically and graph that information (I'm a big fan of Cacti personally).

If it's just straight tcp analysis you want though, look into web100.

datchcha

Forsaken_GA wrote:

Well it depends on what you're looking for. As was mentioned, Wireshark/Ethereal are just packet sniffers. They have some limited ability to do traffic analysis for the periods of time when they're capturing.

If what you're basically wanting to do is trend traffic patterns, you probably want something more along the lines of MRTG or any of the packages that are RRDTool based that will poll periodically and graph that information (I'm a big fan of Cacti personally).

If it's just straight tcp analysis you want though, look into web100.

Wow, Cacti looks nice...i am going to have to install that.

datchcha

datchcha wrote:

Forsaken_GA wrote:

Well it depends on what you're looking for. As was mentioned, Wireshark/Ethereal are just packet sniffers. They have some limited ability to do traffic analysis for the periods of time when they're capturing.

If what you're basically wanting to do is trend traffic patterns, you probably want something more along the lines of MRTG or any of the packages that are RRDTool based that will poll periodically and graph that information (I'm a big fan of Cacti personally).

If it's just straight tcp analysis you want though, look into web100.

Wow, Cacti looks nice...i am going to have to install that. thank you