Does anybody know how I could use Wireshark to find the device on my network that transfers the most data? asked 17 Jan '16, 13:44  Balter Wenjamin |
One Answer:
Assuming you've captured using monitor mode (don't confuse it with promiscuous mode), you should go Then, one of address A and address B columns of the topmost row contains the AP's MAC address, and the other one contains the MAC address of the device responsible for the biggest deal of the traffic. Higher protocol layers, such as IP, are likely inaccessible unless your wireless network uses no encryption, so you'll not be able to see any other than MAC addresses. If that is an issue for you, you'd have to configure Wireshark to decrypt the wireless traffic and to reconnect all your devices to the AP while capturing. answered 17 Jan '16, 14:11  sindy edited 17 Jan '16, 14:12 |
Wireshark provides summary information, so once you capture the complete traffic, it is enough to sort the conversations by amount of packets or bytes transferred, but the key is not to miss a part of the total traffic flow.
I'm on a wireless network connected to the internet through a 802.11n wireless router. If I captured traffic for say five minutes what should I look at to find the device, on my network that transferred the most data?