This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

We live 10 miles past the middle of nowhere, and the only Internet service we can get (apart from dial-up) is via satellite, which is extremely bandwidth limited (among other problems).

According to our service provider, our upload/download usage varies alarmingly. We'll go through a week of normal usage with only a 1% drop in our allocated bandwidth, followed by a day of similar usage during which we use up our allotted bandwidth by a percentage point every five minutes. Their tech people have seen this happen while we are logged on with only one computer connected (straight from the modem to the NIC on the computer - no router connected), but they still assume it is somehow our fault that we get such multiple-order-of-magnitude fluctuations in our usage. I don't believe it. I think something is screwy on their end.

What I would like to do is to monitor how many actual bytes pass through our satellite modem during fixed time periods (say every hour, for example) and then compare this to what our service provider says we are using. I believe that this will demonstrate even to them that the problem is NOT on our end.

So my question is simple... can Wireshark do this? I have downloaded it, and it looks like a wonderful product, but before I invest the necessary time to learn it sufficiently to do a task like this I'd like to at least have some degree of confidence that it will be able to do what I am needing. I don't mind figuring out myself how to do this, but I just want to make sure that it is possible.

Many thanks!

asked 22 Nov '14, 18:42

landbrake's gravatar image

landbrake
16114
accept rate: 0%

edited 23 Nov '14, 02:36

grahamb's gravatar image

grahamb ♦
19.8k330206


Wireshark isn't really the correct tool for this task.

Wireshark can only capture traffic that flows past the NIC(s) of the host machine it's running on. With multiple devices connected via a home router likely to be on a switched network, you would need to run Wireshark on every connected device (which may not be possible e.g. phones and tablets) and then correlate all the stats, still probably missing stuff that happens before Wireshark gets to start.

I think you're likely to be better off getting the traffic data from your router. Hopefully it allows you to see traffic data, possibly on a diagnostic screen that you can inspect manually (or grab via some programmatic means), or even better via SNMP so that you can run an SNMP application .e.g PRTG on one (permanently on) computer that will periodically retrieve the interface byte counters from the router and display them graphically.

If your router doesn't do this, either buy another router that does (hopefully out of the box or with an alternative firmware such as OpenWrt, DD-Wrt or similar).

There are also other network traffic monitors that can run on each device, but again you would need to correlate all the info, and it might be difficult to run such applications on all devices, e.g. phones.

permanent link

answered 23 Nov '14, 02:36

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

Thank you very much for the great answer! That is exactly what I was wondering, but I wasn't able to tell without investing quite a bit of time into poring through the documentation... time that it looks as though will be better spent investigating my router (and possibly looking into getting a more powerful one).

(23 Nov '14, 03:14) landbrake

It doesn't necessarily have to be a more powerful router, the alternative router firmwares run on a wide range of devices. They also tend to give you a lot more control of what's happening through the router.

(23 Nov '14, 03:23) grahamb ♦

I have a consumer level Belkin wireless router that, in its "out of the box" configuration, does not show any statistics like number of bytes passing through a port. Do routers like this tend to support the type of alternate firmware you are referring to? I'm a programming guy, and while I have had to set up lots of home networks I have never delved into the networking depths at this level.

(23 Nov '14, 03:40) landbrake

I checked both the OpenWrt and DD-Wrt sites and it appears as though neither supports my particular router (Belkin F5D9230). :-(

(23 Nov '14, 03:56) landbrake
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×32
×21
×16
×2

question asked: 22 Nov '14, 18:42

question was seen: 3,583 times

last updated: 23 Nov '14, 03:56

p​o​w​e​r​e​d by O​S​Q​A