Need to monitor traffic to one IP. Need to then alert if traffic stops.

asked 2020-04-01 21:50:06 +0000

dorlow gravatar image

I am trying to capture traffic to one particular IP address. I go to Capture --> Options. There I have in the "Capture filter for selected interfaces: the IP address of the server I need to know about the traffic. On the output tab, I have an output file. It is set to "promiscuous mode on all interfaces." On my first server, I'm running the wireshark and it's capturing a ton of traffic. I have attempted to start it on two other servers and I'm getting almost no output. There is some, but not much. All the servers are exporting files to a SAN share.

What my ultimate goal is I somehow need to get alerted if files cease to be being created to the SAN share. (I worked with my department that sets up server alerts. They could alert me if a file is created. But they can't alert me if for a 2 hour time period, no files are created and that's what I need to know.) We've looked down other ways of doing this and haven't found a way. So, now I'm trying to figure out if this is possible with Wireshark. Right now, I would like to get Wireshark working on all the servers and just log all the output. The next time the exports mess up, I'm hoping I can look at the wireshark log about that time and see if there's anything I can filter on. Then, I don't know if this is possible, but somehow generate an email to be sent to an SMTP server alerting me that the packet alert happened.

But, like I said earlier, the other servers I'm running the logs on is getting almost no output.

edit retag flag offensive close merge delete


Can you describe the SAN environment? Windows? Linux? SMB? NFS? SAN hardware?

Chuckc gravatar imageChuckc ( 2020-04-01 22:18:51 +0000 )edit

Be honest, I'm not on the storage team. I'm on the email team. I maintain the email servers. It's the storage's team responsibility to know the storage. All I know is I have a SAN storage that can be accessed via a UNC path that my application can use to write data.

dorlow gravatar imagedorlow ( 2020-04-01 23:00:21 +0000 )edit