This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Desperately need advice on monitoring data usage

0

Hi there, firstly, I'm not a software novice, but new to Wireshark.

I have a leak in my home network that is using about 5gb of data per day. I don't have time (due to traveling) to simply pull a device off the network every day until I find the culprit.

I really need a simple way to view only

-MAC or Physical name

-Total data usage (up and down)

-over a given time span

You think that would be simple enough to find, but no. I can't seem to organize a template that makes sense to me. I have a leak somewhere and I'm pulling my hair out. (And my wallet)

Surely Wireshark can do this, right?

Thanks in advance!

db.

asked 18 Jun '15, 17:33

dab3838's gravatar image

dab3838
6113
accept rate: 0%

edited 18 Jun '15, 17:36


One Answer:

0

Do you have a packet capture of all the data that was passing through the network (from all machines) at the time of the leak? If so, just go to Statistics -> Conversations and you'll see how many bytes up/down for each "conversation" between one address and another. Sort by the Bytes column and you'll get the worst offender.

answered 18 Jun '15, 19:39

Quadratic's gravatar image

Quadratic
1.9k6928
accept rate: 13%

Edit: for the timespan question, you can go to Statistics -> IO Graph and filter on IP address (eg: ip.addr==1.2.3.4) to see usage over time for each host.

For home networks, usually the bigger challenge is GETTING the packets from all the machines in the home into a single Wireshark trace since one host in a LAN won't normally receive all the traffic from the other hosts to be analyzed. Once you have such a trace, the analysis part you're asking about is fairly straightforward.

(18 Jun '15, 19:40) Quadratic