Home page logo
/

basics logo Security Basics mailing list archives

RE: using promiscuous mode to tabulate network statistics
From: Jerry Sell <Jerry_Sell () byu edu>
Date: Wed, 26 Nov 2008 08:47:54 -0700

Even though it has some memory problems on large networks, I have found NTOP to be very good for usage statistics.

Thank you,

Jerry Sell, CISSP
Security Analyst
Brigham Young University
(801)422-2730
Jerry_Sell () byu edu
 


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Daniel G. Rohan
Sent: Wednesday, November 26, 2008 12:48 AM
To: Terra Frost; security-basics () securityfocus com
Subject: RE: using promiscuous mode to tabulate network statistics

Hi Terra,

Wireshark will indeed do what you are looking for in the first described scenario.  After you capture, or open up a 
saved capture, you can click on Statistics > IP Address > Create Stats (do not filter).

As far as viewing real-time statistics, Wireshark used to provide an interface for very simple stats (percentage of 
protocols, bytes captured, etc), but I don't see that option anymore (perhaps it's there and buried). You might want to 
download an old version of Ethereal (previous name of Wireshark) and use that to provide your real-time analysis and 
then use the Wireshark for any post-capture needs. If this is just a lab environment, this method might suffice.  If 
it's a more permanent or production environment, I would suggest using Cisco netflow and a collector box to gather the 
statistics you are looking for.

Good luck,

Dan

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Terra Frost
Sent: Tuesday, November 25, 2008 8:51 PM
To: security-basics () securityfocus com
Subject: using promiscuous mode to tabulate network statistics

I have four computers all plugged into a hub and I'd like to see which
one (well, which IP address) is sending / receiving the most data.  To
do this, I was thinking I could just install a package that would
tabulate such statistics using promiscuous mode.  Wireshark can sniff
packets via promiscuous mode but if it can be used in this manner, I'm
unsure of how.

I'm also not interested in real time statistics - I just want to know
how much data has been sent / received since the analysis program has
been running.

Any ideas?


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]