Traffic monitor with filters

I would like to perform some specific traffic monitoring. I wonder if I can achieve it with Wireshark in any way (GUI, Lua, or scripting tshark). These are monitoring criteria I'd like to implement:

display average bandwidth load in real-time;
capture traffic during some period (can be days) and calculate traffic size (upload/download separately) after it stopped capturing;
filter the above by the process name or id (browser, email client, web server, any other process);
filter the above by IP or domain (if applicable);
Filter http requests according to regex rules (e.g., if certain Content-Type is present)

In first two cases, I believe its important not to keep all the captured packets in memory - just calculate size/bandwidth and discard the content.

If Wireshark is not the tool to achieve it, what would you recommend? Thanks

asked 27 Mar '14, 14:36

Naz
11●1●1●2
accept rate: 0%

Be the first one to answer this question!

toggle preview

community wiki:

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

*italic* or _italic_
**bold** or __bold__
link:[text](http://url.com/ "title")
image?![alt text](/path/img.jpg "title")
numbered list: 1. Foo 2. Bar
to add a line break simply add two spaces to where you would like the new line to be.
basic HTML tags are also supported

learn more about Markdown

Question tags:

traffic ×115
monitor ×86
bandwidth ×57
traffic-analysis ×21

question asked: 27 Mar '14, 14:36

question was seen: 2,204 times

last updated: 27 Mar '14, 14:36

Traffic monitor with filters

Follow this question

You have a trillion packets.

You need to see four of them.

Don't have Wireshark?

Related questions