First time here? Check out the FAQ!

Ask Your Question
0

Continuous counting of packets on a port
 
  
 
  
 
 
 
 
 
 
    
        
        asked Aug 22 '0  
 
 feisufa gravatar image  
 
 
 
 
 
Is it possible to use wireshark to maintain a counter for the number of packets that ingress and egress a port? The idea is to get daily counts on 10Gig ports, so the numbers will be large.  
 
Preview: (hide)
 
 
 
 
          
 
add a comment
 
 
 
 
 
 2 Answers
    
 
 
                    Sort by »
                     oldest newest most voted 
 
 
 
 
 
  
 
 
 
 
0
 
 
  
 
 
 
 
 
 
 
 
    
        
        answered Aug 23 '0  
 
 Guy Harris gravatar image  
 
 
 
 
 
You could try running Wireshark's "dumpcap" utility, using the -S command-line option, although that will report traffic on all interfaces it finds.  (That's the option that's used in Wireshark to display the "sparkline" graphs on the welcome screen.)
 
Preview: (hide)
 
 
 
 
         
        link
        
 
Comments
Thank you Guy!
feisufa gravatar imagefeisufa (
    
        Aug 23 '0
    )
add a comment
 
 
 
 
   
 
 
 
 
0
 
 
  
 
 
 
 
 
 
 
 
    
        
        answered Aug 22 '0  
 
 Bob Jones gravatar image  
 
 
 
 
 
You could use wireshark but it’s the wrong tool for the job.  Why not ask the OS?  SNMP and such tools are designed for this.
 
Preview: (hide)
 
 
 
 
         
        link
        
 
Comments
Thanks for your helpful response Bob. Just to be clear - 
Hi Bob,
Thanks for your helpful information.
The real question is - is there a non-invasive way to simply count the number of packets into and out of a 10 GE or 1x GE port that is either on a router or switch port?
The idea is that we would use a passive splitter/tap to mirror the traffic and direct it to wireshark or a third party device packet analysis device situated between two routers, or between a router and a switch, or between two switches and simply count the total number of ingress/egress packets between these two end points/ports? 
If we use any capability that taxes the CPU on a switch or router, it will choke the device due to the high throughputs involved.
So even using SPAN/Port mirroring just to redirect the traffic to wireshark ...(more)
feisufa gravatar imagefeisufa (
    
        Aug 23 '0
    )
First thought would be to leverage the capabilities of the (unspecified) router or (unspecified) switch. I've yet to find a managed 10G network element that does not have native statistics (i.e. counters build into the hardware, retrievable by SNMP, or device specific means) on port level. 
If this is out of the question, then you'll end up with 10G capable hardware taps which spit out two 10G streams, one for uplink, one for downlink. Maybe the tap can already count them for you, otherwise go with dumpcap to capture that trafific, or use the capture machines port counters.
Jaap gravatar imageJaap (
    
        Aug 23 '0
    )
Good points. Thank you JAAP.
feisufa gravatar imagefeisufa (
    
        Aug 23 '0
    )
add a comment
 
 
 
 
 
 
 
 
 

    
        Your Answer
    

 
 Please start posting anonymously - your entry will be published after you log in or create a new account.

    

 
 
Add Answer
 
 
 
 
 
 
 
 
   
  
 
   
 
 
 
 
 
 
 
 
Question Tools
  
 
 
 
 
 subscribe to rss feed 
 
 
 
 
 
 
Stats
 

        Asked:  Aug 22 '0  
 
 
        Seen: 501 times 
 

        Last updated: Aug 23 '20 
 
 
 
Related questions
 
 
 Secure capture setup for multiple connections 
 
 How do I aggregate captured data? 
 
 Capturing packets from ISP side of router