We live 10 miles past the middle of nowhere, and the only Internet service we can get (apart from dial-up) is via satellite, which is extremely bandwidth limited (among other problems).
According to our service provider, our upload/download usage varies alarmingly. We'll go through a week of normal usage with only a 1% drop in our allocated bandwidth, followed by a day of similar usage during which we use up our allotted bandwidth by a percentage point every five minutes. Their tech people have seen this happen while we are logged on with only one computer connected (straight from the modem to the NIC on the computer - no router connected), but they still assume it is somehow our fault that we get such multiple-order-of-magnitude fluctuations in our usage. I don't believe it. I think something is screwy on their end.
What I would like to do is to monitor how many actual bytes pass through our satellite modem during fixed time periods (say every hour, for example) and then compare this to what our service provider says we are using. I believe that this will demonstrate even to them that the problem is NOT on our end.
So my question is simple... can Wireshark do this? I have downloaded it, and it looks like a wonderful product, but before I invest the necessary time to learn it sufficiently to do a task like this I'd like to at least have some degree of confidence that it will be able to do what I am needing. I don't mind figuring out myself how to do this, but I just want to make sure that it is possible.
asked 22 Nov '14, 18:42
edited 23 Nov '14, 02:36
Wireshark isn't really the correct tool for this task.
Wireshark can only capture traffic that flows past the NIC(s) of the host machine it's running on. With multiple devices connected via a home router likely to be on a switched network, you would need to run Wireshark on every connected device (which may not be possible e.g. phones and tablets) and then correlate all the stats, still probably missing stuff that happens before Wireshark gets to start.
I think you're likely to be better off getting the traffic data from your router. Hopefully it allows you to see traffic data, possibly on a diagnostic screen that you can inspect manually (or grab via some programmatic means), or even better via SNMP so that you can run an SNMP application .e.g PRTG on one (permanently on) computer that will periodically retrieve the interface byte counters from the router and display them graphically.
There are also other network traffic monitors that can run on each device, but again you would need to correlate all the info, and it might be difficult to run such applications on all devices, e.g. phones.
answered 23 Nov '14, 02:36