Wireshark-users: Re: [Wireshark-users] Noob Questions

Date: Wed, 13 Jan 2010 10:52:30 -0500

You can tell Wireshark to only capture x bytes, so lets say you only want to capture the first 100 bytes, this field would tell you Captures 100 but the full packet size was 1300 (or whatever it was) incase that is something you care about. Its also nice to use when someone limits a capture for you and doesn’t tell you and none of the dissectors are making any sense…

 

If you go to Statistics, Conversations you can see the bytes listed (click around the tabs for different perspectives) If you need a nice graphs you should have a look at Pilot (http://www.cacetech.com/products/cace_pilot.html) it’s a super cool tool written by Cace (the guys who do a lot of the work on Wireshark) its not free but very cool, or if you have a router, smart switch, ect in there you might want to try a monitoring program like cacti (http://www.cacti.net/)

 

Hope that helps

 

 

 

From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Collin D Wainscott
Sent: Tuesday, January 12, 2010 11:37 AM
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] Noob Questions

 

Hey Wireshark Users,

I am pretty new to understanding wireshark and need to know a few things for a project I am doing.  First off, what exactly does the line "x bytes on wire, x bytes captured" refer to?  Also I am looking for some confirmation on the direction of my project or advice.  I am trying to monitor exactly how much data is being sent to and from a specific IP address.  Would the previously mentioned line tell me this information?  If this is worded awkwardly, just tell me and I will try to specify what I am looking for.

Thanks and godspeed,
Collin Wainscott