why has traffic doubled?

asked 2021-03-27 16:42:55 +0000

captain gravatar image

I have a 50gb capped fast connection. Usually no problem but this month traffic doubled but don't know why. Have installed wireshark and need to apply filter and get stats which say where traffic is from in total to try and find problem. Gateway is Fritzbox at but each effort at specifying a gateway in the filter results in an error (and I have read the manual!) Have run test captures with host as the gateway address and looked at each report but am not much the wiser. (I used to own an ISP but problems like this I passed to my techies ):

answered 2021-03-27 18:31:32 +0000

grahamb gravatar image

You're likely capturing on a switched network, and unless you configure your setup correctly you will only capture the traffic to and from the device which is running Wireshark. See the wiki page on Ethernet Capture.

You need to perform the capture on the gateway itself, I believe that a Fritzbox offers such a facility, there was an answer describing this on the old Q & A site here.

OK thanks I have followed that and run the internet capture. Incidentally the file .eth is auto saved to downloads. I can open in wireshark. Can you now tell me how I use stats or analyse to find out where traffic is coming from and going to (there are 12 devices on the switched ethernet).

captain gravatar imagecaptain ( 2021-03-27 21:20:28 +0000 )edit

Using the Wireshark menu Statistics -> Endpoints you'll find a dialog that lists all endpoints in the capture and the bytes they have sent and received. This should allow you to see the "top talkers" on your network.

See the relevant entry for that dialog in the User's Guide here.

grahamb gravatar imagegrahamb ( 2021-03-27 21:30:03 +0000 )edit

Many thanks. I hope I can identify what is gobbling my bandwidth and throughput! captain

captain gravatar imagecaptain ( 2021-03-27 21:41:26 +0000 )edit

