Home page logo
/

wireshark logo Wireshark mailing list archives

Re: Need to record bandwidth used by branch office VPN tunnels
From: "Laura Chappell" <lchappell () packet-level com>
Date: Thu, 8 Aug 2013 18:05:05 -0700

Hi Gary… 

 

Consider using tshark (command-line tool) with the following parameters perhaps…

 

tshark –q –z io,stat,3000,ip.addr==192.168.1.0/24,ip.addr==192.168.2.0/24,ip.addr==192.168.3.0/24 > mystats.txt

 

No packets are saved during this process – you’re only getting statistics. 

-q quiet – so you won’t see the packets streaming by

3000 - sample every 3000 seconds (maybe you want to expand this – each sampling is a different row)

mystats.txt – just let it save to a text file 

 

CTRL+C to stop the capture process manually or use a –a autostop condition if desired. 

 

Type tshark –h to see the help/parameter information – also reference 
http://www.wireshark.org/docs/man-pages/tshark.html for info on the stats. 

 

Hope that helps.

 

p.s. you might get faster response to questions over at ask.wireshark.org (Wireshark’s Q & A forum).

 

Laura

 

From: wireshark-users-bounces () wireshark org [mailto:wireshark-users-bounces () wireshark org] On Behalf Of Hal Wigoda
Sent: Thursday, August 08, 2013 3:33 PM
To: Community support list for Wireshark
Cc: Wireshark Users
Subject: Re: [Wireshark-users] Need to record bandwidth used by branch office VPN tunnels

 

You would filter the traffic.  How you would do that I cannot answer at the time.   

-------


On Aug 8, 2013, at 1:49 PM, "Gary Drost" <gary () pioneerconsultingservices com> wrote:

I have a site with two branch offices.  The branch offices communicate back to the main office through Branch Office 
VPN tunnels over the Internet.

 

If the office IP structure is:

 

  Main - 192.168.1.x

  Br1 - 192.168.2.x

  Br2 - 192.168.3.x

 

Can I use Wireshark at the main site to record the traffic coming to the main site from the remote sites over those VPN 
tunnels in order to determine the current bandwidth used by that traffic?

 

Can I do it without having to capture all the traffic (i.e. can I report on the bandwidth the traffic is using without 
having to capture that traffic)?

 

I would expect that I will need to capture stats for about a week and don't want to have to save GB worth of wireshark 
data, unless I have to, in order to accomplish this.

 

Thanks,

 

Gary

 

 

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]