Ask Your Question
0

Continuous counting of packets on a port

asked 2020-08-22 22:30:33 +0000

feisufa gravatar image

Is it possible to use wireshark to maintain a counter for the number of packets that ingress and egress a port? The idea is to get daily counts on 10Gig ports, so the numbers will be large.

edit retag flag offensive close merge delete

2 Answers

Sort by » oldest newest most voted
0

answered 2020-08-23 00:44:43 +0000

Guy Harris gravatar image

You could try running Wireshark's "dumpcap" utility, using the -S command-line option, although that will report traffic on all interfaces it finds. (That's the option that's used in Wireshark to display the "sparkline" graphs on the welcome screen.)

edit flag offensive delete link more

Comments

Thank you Guy!

feisufa gravatar imagefeisufa ( 2020-08-23 11:53:26 +0000 )edit
0

answered 2020-08-22 23:30:29 +0000

Bob Jones gravatar image

You could use wireshark but it’s the wrong tool for the job. Why not ask the OS? SNMP and such tools are designed for this.

edit flag offensive delete link more

Comments

Thanks for your helpful response Bob. Just to be clear - Hi Bob,

Thanks for your helpful information.

The real question is - is there a non-invasive way to simply count the number of packets into and out of a 10 GE or 1x GE port that is either on a router or switch port?

The idea is that we would use a passive splitter/tap to mirror the traffic and direct it to wireshark or a third party device packet analysis device situated between two routers, or between a router and a switch, or between two switches and simply count the total number of ingress/egress packets between these two end points/ports?

If we use any capability that taxes the CPU on a switch or router, it will choke the device due to the high throughputs involved.

So even using SPAN/Port mirroring just to redirect the traffic to wireshark ...(more)

feisufa gravatar imagefeisufa ( 2020-08-23 00:20:02 +0000 )edit

First thought would be to leverage the capabilities of the (unspecified) router or (unspecified) switch. I've yet to find a managed 10G network element that does not have native statistics (i.e. counters build into the hardware, retrievable by SNMP, or device specific means) on port level.

If this is out of the question, then you'll end up with 10G capable hardware taps which spit out two 10G streams, one for uplink, one for downlink. Maybe the tap can already count them for you, otherwise go with dumpcap to capture that trafific, or use the capture machines port counters.

Jaap gravatar imageJaap ( 2020-08-23 06:34:35 +0000 )edit

Good points. Thank you JAAP.

feisufa gravatar imagefeisufa ( 2020-08-23 11:53:12 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2020-08-22 22:30:33 +0000

Seen: 460 times

Last updated: Aug 23 '20