Hi there all,
I am writing this mail after having a nose around and coming
up short. I work as a network engineer in a dept. with no money available for tools,
a situation I am sure a lot of you are familiar with.
I was given the task of measuring traffic from multiple
hosts to a server with a fixed IP and decided to see how well I could achieve this
goal using ethereal. Being fairly new to ethereal, although not so new to
networks I put the following strategy together
- Make captures.
- Spend more time than I expected doing manual work, sifting
through the capture file noting the start and stop times of the different transfers
- Use editcap.exe to generate smaller capture files containing
just the transfer itself
- Open up the small file capture file in the ethereal GUI
(filtering on the 2 IP addresses) and use summary to give me the number of
packets sent within that transfer and the bytes transmitted.
- Record all of that information in a spreadsheet for
reference.
I've a distinct feeling that there is a better way to
do this which you might be able to enlighten me about, bear in mind I am analyzing
a capture file sometimes of a few hours, so many transfers from different
locations to the one IP address need to be recorded.
If not, then I am looking to generate my own tool that can
help speed up the process. I have already programmed a small CGI interface that
automates the editcap process to a degree, but the whole thing is still a work
in progress.
Ideally, what I would like to achieve is a tool which
requires you to specify the input file and the IP addresses in question and the
tool will identify all the transfers that occurred within that capture file and
produce reports on the amount of data transferred in each session. My question
is whether tools such as tethereal on the cli are able to pull that kind of
information and how?
I hope that you can point me in the right direction here.
Thanks a lot,
Steve