Hi there, firstly, I'm not a software novice, but new to Wireshark. I have a leak in my home network that is using about 5gb of data per day. I don't have time (due to traveling) to simply pull a device off the network every day until I find the culprit. I really need a simple way to view only -MAC or Physical name -Total data usage (up and down) -over a given time span You think that would be simple enough to find, but no. I can't seem to organize a template that makes sense to me. I have a leak somewhere and I'm pulling my hair out. (And my wallet) Surely Wireshark can do this, right? Thanks in advance! db. asked 18 Jun '15, 17:33  dab3838 edited 18 Jun '15, 17:36 |
One Answer:
Do you have a packet capture of all the data that was passing through the network (from all machines) at the time of the leak? If so, just go to Statistics -> Conversations and you'll see how many bytes up/down for each "conversation" between one address and another. Sort by the Bytes column and you'll get the worst offender. answered 18 Jun '15, 19:39  Quadratic |
Edit: for the timespan question, you can go to Statistics -> IO Graph and filter on IP address (eg: ip.addr==1.2.3.4) to see usage over time for each host.
For home networks, usually the bigger challenge is GETTING the packets from all the machines in the home into a single Wireshark trace since one host in a LAN won't normally receive all the traffic from the other hosts to be analyzed. Once you have such a trace, the analysis part you're asking about is fairly straightforward.