This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Using tshark to find IPs which are using bandwidth above threshold in my network

0

Hi all, how can I log IPs wich are using bandwidth above threshold?

For example I want to log computer IPs which are using more than 1Mbps of bandwith at any given point of time. How can I do this using tshark?

asked 21 May '14, 23:20

CJ22's gravatar image

CJ22
11114
accept rate: 0%

edited 22 May '14, 01:51

grahamb's gravatar image

grahamb ♦
19.8k330206


One Answer:

1

Only capinfos can show you the average data byte/bit rate similar to the Wireshark -Statistics - Summary. It will not be in real time and the calculations are for the entire packet capture.

For network statistics look at tools like ntop or darkstat.

answered 23 May '14, 13:26

Roland's gravatar image

Roland
7642415
accept rate: 13%