Hi guys .. Well I'm running a shared Wifi network (I know the wifi encryption key and all configuration details, etc ..) .. How can I find out which of the 9 different IP addresses is using the most bandwidth over a period of, lets say, 24 hours ? Also, it would be helpful if I can maybe get histogram based graphs showing bandwidth usage based on IP addresses for some period of time (say 24 hours) .. This way I would be easily able to tell who is hogging the network .. Also, it would also be preferable to find out what mode of traffic is being generated by each user (e.h. HTTP, FTP, Bit-torrent downloads, etc ..) .. I have somebody using bit-torrent downloads on my network and I want to find out who it is .. asked 03 Mar '11, 18:03 ahmadka edited 03 Mar '11, 18:07 |
One Answer:
For a Wifi network you first need a suitable configuration. If you are running Wireshark on Linux: Great. If you are a Windows user you want to get an AirPcap Stick from Cace Technologies (now Riverbed). Next you configure your encryption key with Edit -> Preferences -> Protocols -> IEEE 802.11. If your bandwidth leecher is active you can probably identify him/her from the first tracefile. Use Statistics -> Endpoints -> IP and sort the columns to identify the top listener. Next get a 2 by 4 and bring the user in line. If the user is not active (say, downloading after hours) configure a multi-file capture with Capture -> Options. Cace Pilot is a separate licensed tool to analyze multi-file captures. Start a new capture every 64 or 128 MB. If you don't have it or can not afford it or can't wait for the license: Look at the time stamps of the trace files. The quicker your 64 MB traces fill up the quicker more traffic is on the net. Good hunting answered 04 Mar '11, 09:04 packethunter |