This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi New to Wireshark from today. 70 yr + (be gentle on me)

I have a problem with excessive data usage, gone from 30G per month to 100G per month. And I would like to know why. Will this software show me the laptop in use and the web IP from where the data is going/from. Setup is two wireless laptops and 1 internet capable tv (not used much at all). All going thru a wireless router.

Wireshark asks me to select interface, 3 options, local area, wireless network, and wireless network 2. How do I establish which one to use ?

Running the capture seems to look ok.

For the capture all I need for the report is data in capture that is say over 500m per event, the size, date/time, IP of laptop or device, and the IP address of the web IP. Don't need anything else.

Can someone help set a template for just only this info. (I guess this is capture options?) So for my old brain I can just look at the basic 4 or 5 columns.

Any help or comments would be appreciated. Charlie Harris

asked 19 Apr '14, 21:33

swchuck's gravatar image

swchuck
11112
accept rate: 0%

edited 20 Apr '14, 15:11

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237

Like Kurt said below, if you wanted to use Wireshark for this purpose, you would have to create a bridged connection so that Wireshark can see all the data flowing between your router and the internet and capture it. But... Wireshark isn't really meant to perform this type of analysis unless you have a good idea of what you're looking for. Have you checked your router's settings? Maybe it has the ability to show you the data from each connected client?

(21 Apr '14, 09:18) mire3212

Wireshark is primarily a network analysis and troubleshooting tool. While you can use it to get some traffic statistics, it's not built with that purpose in mind and thus it is not the best tool to use for such a scenario, especially if you want to get information for a long period of time (days, weeks, months) and with large amounts of data (30-100 Gbyte).

So, please consider using a different tool like vnstat (sample output: http://humdi.net/vnstat/cgidemo/ ) or any other network monitoring tool (ntop, iftop, etc.). If you don't know or don't like Linux, other Unix like systems or *BSD systems (and how to build a bridge or router with those systems to monitor the whole internet traffic), take a look at similar tools for Windows (just google for "network monitoring windows") and run them on every Windows system in your network (except the TV set). Those tools will tell you how much traffic is consumed by which system and probably also the 'top talkers'.

Regards
Kurt

permanent link

answered 20 Apr '14, 14:44

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 20 Apr '14, 14:51

With wireshark you can not do selective capturing for file size. You can do selective capturing for source IP, Destination IP, serivices, etc. But not file size.

Feel free to ask me more questions.

permanent link

answered 20 Apr '14, 11:02

hardshah4's gravatar image

hardshah4
1
accept rate: 0%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×103
×16
×2

question asked: 19 Apr '14, 21:33

question was seen: 6,290 times

last updated: 21 Apr '14, 09:18

p​o​w​e​r​e​d by O​S​Q​A