packet captures with wireshark for network protocols

datchcha · August 2008

Forum,
I am setting up my switching network, and wanted to play around with wireshark and my 2950 and L3 switches. I am generating traffic to check everything and my setup, but i want to know what is more importent (1) total bytes or (2) the duration. Not sure, so if someone can clue me in...would be great.

thank you,
Jason

networker050184 · August 2008

I'm not sure what you are trying to test here. Wireshark is just a sniffer and will not really test anything.

datchcha · August 2008

I understand, but what i am looking at is my traffic, and trying to understand wireshark and the principles of packet captures. When i see the capture i am not sure what type of traffic is worse.

Example: 44501339 bytes for 207.xxx duration, or 21097015 bytes for 428.xxx duration.

which traffic will cause more problems?

thank you,
Dat.

networker050184 · August 2008

Neither are a bad thing. High rates of traffic may not cause any problems, or it could cause lots of problems. Wireshark wouldn't be the best for monitoring something like this. You would want a traffic analyzer to better track flows of traffic.

In a lab situation without some kind of traffic generator (or a whole bunch of large pings) you are not going to get enough traffic to cause an issue.

tmlerdal · August 2008

Really you'd pick which you want (total bytes or duration) depending on what it is you are watching. In traces I take, I'll do packet slicing so that I can get more packets in an individual capture file, unless there is something deeper I need to look at.

I think from you are describing if you are just trying to watch network utilization basically, packet slicing would be fine.

datchcha · August 2008

I am doing sql replication, on 5 different servers, and want to see what will my numbers be.

can you recommend a Traffic Anaylzer to me.

Forsaken_GA · August 2008

Well it depends on what you're looking for. As was mentioned, Wireshark/Ethereal are just packet sniffers. They have some limited ability to do traffic analysis for the periods of time when they're capturing.

If what you're basically wanting to do is trend traffic patterns, you probably want something more along the lines of MRTG or any of the packages that are RRDTool based that will poll periodically and graph that information (I'm a big fan of Cacti personally).

If it's just straight tcp analysis you want though, look into web100.

datchcha · August 2008

Forsaken_GA wrote:

Well it depends on what you're looking for. As was mentioned, Wireshark/Ethereal are just packet sniffers. They have some limited ability to do traffic analysis for the periods of time when they're capturing.

If what you're basically wanting to do is trend traffic patterns, you probably want something more along the lines of MRTG or any of the packages that are RRDTool based that will poll periodically and graph that information (I'm a big fan of Cacti personally).

If it's just straight tcp analysis you want though, look into web100.

Wow, Cacti looks nice...i am going to have to install that.

datchcha · August 2008

datchcha wrote:

Forsaken_GA wrote:

Well it depends on what you're looking for. As was mentioned, Wireshark/Ethereal are just packet sniffers. They have some limited ability to do traffic analysis for the periods of time when they're capturing.

If what you're basically wanting to do is trend traffic patterns, you probably want something more along the lines of MRTG or any of the packages that are RRDTool based that will poll periodically and graph that information (I'm a big fan of Cacti personally).

If it's just straight tcp analysis you want though, look into web100.

Wow, Cacti looks nice...i am going to have to install that. thank you

packet captures with wireshark for network protocols

Comments