Wireshark · Wireshark-users: Re: [Wireshark-users] Want to monitor a port, count bytes transferred, record who transferred, nothi

Wireshark-users: Re: [Wireshark-users] Want to monitor a port, count bytes transferred, record wh

From: Seth Hall <seth@xxxxxxxx>

Date: Sun, 22 Apr 2012 10:59:25 -0400

On Apr 20, 2012, at 11:45 AM, Brian Excarnate wrote:

> So my first question is:  Is there some other tool that is a better choice, and if so which?


You could use something that generates netflow records and a netflow collector or Argus.  You could also give Bro-IDS a try (I'm one of the developers).  The output you're looking for can be found in our conn logs.  You can download a binary package from our website too:
	http://www.bro-ids.org/download/#binarypackages

If you're just interested in getting the conn logs, you should be to run (with the appropriate interface):
	sudo bro -i eth0

It will start creating logs in your current working directory.

  .Seth

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/

Follow-Ups:
- Re: [Wireshark-users] Want to monitor a port, count bytes transferred, record who transferred, nothing else
  - From: Martin Visser

References:
- [Wireshark-users] Want to monitor a port, count bytes transferred, record who transferred, nothing else
  - From: Brian Excarnate

Prev by Date: Re: [Wireshark-users] capture traffic to PLC
Next by Date: Re: [Wireshark-users] Want to monitor a port, count bytes transferred, record who transferred, nothing else
Previous by thread: [Wireshark-users] Want to monitor a port, count bytes transferred, record who transferred, nothing else
Next by thread: Re: [Wireshark-users] Want to monitor a port, count bytes transferred, record who transferred, nothing else
Index(es):
- Date
- Thread