This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Traffic monitor with filters

0

I would like to perform some specific traffic monitoring. I wonder if I can achieve it with Wireshark in any way (GUI, Lua, or scripting tshark). These are monitoring criteria I'd like to implement:

  • display average bandwidth load in real-time;
  • capture traffic during some period (can be days) and calculate traffic size (upload/download separately) after it stopped capturing;
  • filter the above by the process name or id (browser, email client, web server, any other process);
  • filter the above by IP or domain (if applicable);
  • Filter http requests according to regex rules (e.g., if certain Content-Type is present)

In first two cases, I believe its important not to keep all the captured packets in memory - just calculate size/bandwidth and discard the content.

If Wireshark is not the tool to achieve it, what would you recommend? Thanks

asked 27 Mar '14, 14:36

Naz's gravatar image

Naz
11112
accept rate: 0%