This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wireshark - Traffic monitoring/accounting for home network

0

Hi New to Wireshark from today. 70 yr + (be gentle on me)

I have a problem with excessive data usage, gone from 30G per month to 100G per month. And I would like to know why. Will this software show me the laptop in use and the web IP from where the data is going/from. Setup is two wireless laptops and 1 internet capable tv (not used much at all). All going thru a wireless router.

Wireshark asks me to select interface, 3 options, local area, wireless network, and wireless network 2. How do I establish which one to use ?

Running the capture seems to look ok.

For the capture all I need for the report is data in capture that is say over 500m per event, the size, date/time, IP of laptop or device, and the IP address of the web IP. Don't need anything else.

Can someone help set a template for just only this info. (I guess this is capture options?) So for my old brain I can just look at the basic 4 or 5 columns.

Any help or comments would be appreciated. Charlie Harris

asked 19 Apr '14, 21:33

swchuck's gravatar image

swchuck
11112
accept rate: 0%

edited 20 Apr '14, 15:11

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237

Like Kurt said below, if you wanted to use Wireshark for this purpose, you would have to create a bridged connection so that Wireshark can see all the data flowing between your router and the internet and capture it. But... Wireshark isn't really meant to perform this type of analysis unless you have a good idea of what you're looking for. Have you checked your router's settings? Maybe it has the ability to show you the data from each connected client?

(21 Apr '14, 09:18) mire3212

2 Answers:

1

Wireshark is primarily a network analysis and troubleshooting tool. While you can use it to get some traffic statistics, it's not built with that purpose in mind and thus it is not the best tool to use for such a scenario, especially if you want to get information for a long period of time (days, weeks, months) and with large amounts of data (30-100 Gbyte).

So, please consider using a different tool like vnstat (sample output: http://humdi.net/vnstat/cgidemo/ ) or any other network monitoring tool (ntop, iftop, etc.). If you don't know or don't like Linux, other Unix like systems or *BSD systems (and how to build a bridge or router with those systems to monitor the whole internet traffic), take a look at similar tools for Windows (just google for "network monitoring windows") and run them on every Windows system in your network (except the TV set). Those tools will tell you how much traffic is consumed by which system and probably also the 'top talkers'.

Regards
Kurt

answered 20 Apr '14, 14:44

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 20 Apr '14, 14:51

0

With wireshark you can not do selective capturing for file size. You can do selective capturing for source IP, Destination IP, serivices, etc. But not file size.

Feel free to ask me more questions.

answered 20 Apr '14, 11:02

hardshah4's gravatar image

hardshah4
1
accept rate: 0%