If I understand your required task
correctly, you are talking about cataloging all the remote endpoints with which
“server X” converses and the number of bytes exchanged with those
endpoints. One way to do this is to use tethereal with the –z option. Try
this:
tethereal –z conv,ip,ip.addr==192.168.1.100
–R !eth > statistics.txt
Of course, substitute the server’s
IP address for the above IP. Let it run as long as you want. When you hit
Ctrl-C, it will write out a text file with a table listing all the endpoints with
the total bytes exchanged with each.
Andrew
-----Original Message-----
From: ethereal-users-bounces@xxxxxxxxxxxx
[mailto:ethereal-users-bounces@xxxxxxxxxxxx] On
Behalf Of Fowler, Steve
Sent: Tuesday, March 21, 2006 9:45
AM
To: 'ethereal-users@xxxxxxxxxxxx'
Subject: [Ethereal-users] Traffic
measuring - is this possible
Hi there all,
I am writing this mail after having
a nose around and coming up short. I work as a network engineer in a dept. with
no money available for tools, a situation I am sure a lot of you are familiar
with.
I was given the task of measuring
traffic from multiple hosts to a server with a fixed IP and decided to see how
well I could achieve this goal using ethereal. Being fairly new to ethereal,
although not so new to networks I put the following strategy together
·
Make captures.
·
Spend more time than I expected doing manual work,
sifting through the capture file noting the start and stop times of the
different transfers
·
Use editcap.exe to generate smaller capture files
containing just the transfer itself
·
Open up the small file capture file in the ethereal
GUI (filtering on the 2 IP addresses) and use summary to give me the number of
packets sent within that transfer and the bytes transmitted.
·
Record all of that information in a spreadsheet for
reference.
I've a distinct feeling that there
is a better way to do this which you might be able to enlighten me about, bear
in mind I am analyzing a capture file sometimes of a few hours, so many
transfers from different locations to the one IP address need to be recorded.
If not, then I am looking to
generate my own tool that can help speed up the process. I have already
programmed a small CGI interface that automates the editcap process to a
degree, but the whole thing is still a work in progress.
Ideally, what I would like to
achieve is a tool which requires you to specify the input file and the IP
addresses in question and the tool will identify all the transfers that
occurred within that capture file and produce reports on the amount of data transferred
in each session. My question is whether tools such as tethereal on the cli are
able to pull that kind of information and how?
I hope that you can point me in the
right direction here.
Thanks a lot,
Steve