This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Need help with analyzing. Possible reward for help.

0

In a few weeks I'll have the chance to gather a massive amount of data from my schools network and I would like to do a bunch of statistics on what I collect (think bar graphs and so on). Some of the stuff I would like to do is:

  • Find the most visited websites (statistics -> http -> Load distribution isn't very accurate)
  • Who's using the most bandwidth.
  • What kind of traffic is going through (games, video streaming, websites and so on)
  • Can't think of anything else, but let me know if you have ideas.

Somee of these things I know how to do, but not very well. If anyone could link me to guides or maybe even write something for me, on all of the topics I would be very very thankful. If I can get it to work just how I want, there might just be some kind of money reward, though I am just a poor student :)

Edit: Basically I need some way to extract all this data automatically, as I'll probably capture a good few hundred gigabytes of data.

asked 20 May '14, 13:11

TumbaBit's gravatar image

TumbaBit
1113
accept rate: 0%

edited 20 May '14, 13:14


One Answer:

1

think bar graphs and so on).
What kind of traffic is going through (games, video streaming, websites and so on)
as I'll probably capture a good few hundred gigabytes of data.

With those requirements my answer is: Wireshark is the wrong tool for you.

Wireshark was designed and built as a network troubleshooting tool to look at network packets in order to analyze network problems. Although it offers some statistics, and with tshark, some scripting capabilities, it's not the best product out there for network monitoring and "accounting".

So, while you might be able to do parts of what you mentioned with Wireshark/tshark, you should have a look at other products that are able to classify network traffic (games, video streaming, etc.) and do some nice graphs on bandwidth usage per user/network/ip.

The bad news for you: There is no ready-to-use open source tool I know of that can do it for you. There are some commercial products available, but they are all targeted to the enterprise market, which means enterprise features and enterprise price. So, nothing for a poor student.

You can try to find an open source solution by searching for "network bandwidth monitoring software open source". You should also check out l7-Filter for traffic classification (and some monitoring).

http://l7-filter.clearfoundation.com/

Regards
Kurt

answered 20 May '14, 15:11

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

Oh, thanks! I had asked on another forum if Wireshark was a good tool for what I wanted and all I got was a few people saying yes, but I guess you're right. Thank you for the help!

(20 May '14, 21:10) TumbaBit

Here are some free options for you as a student

You could try Trisul (trisul.org). Trisul is free if you are only interested in keeping a rolling 3-day recent window of data. From your description, sounds like a fit.

Another alternative is ntop-ng, http://www.ntop.org/products/ntop/ - although it is not very good at historical reporting.

If you dont mind a bit of a learning curve, Argus is quite a powerful tool http://qosient.com/argus/

(21 May '14, 11:37) VIVEKRJG