Wireshark-users: Re: [Wireshark-users] Need to record bandwidth used by branch office VPN tunnels

From: "Laura Chappell" <lchappell@xxxxxxxxxxxxxxxx>
Date: Thu, 8 Aug 2013 18:05:05 -0700

Hi Gary…

 

Consider using tshark (command-line tool) with the following parameters perhaps…

 

tshark –q –z io,stat,3000,ip.addr==192.168.1.0/24,ip.addr==192.168.2.0/24,ip.addr==192.168.3.0/24 > mystats.txt

 

No packets are saved during this process – you’re only getting statistics.

-q quiet – so you won’t see the packets streaming by

3000 - sample every 3000 seconds (maybe you want to expand this – each sampling is a different row)

> mystats.txt – just let it save to a text file

 

CTRL+C to stop the capture process manually or use a –a autostop condition if desired.

 

Type tshark –h to see the help/parameter information – also reference http://www.wireshark.org/docs/man-pages/tshark.html for info on the stats.

 

Hope that helps.

 

p.s. you might get faster response to questions over at ask.wireshark.org (Wireshark’s Q & A forum).

 

Laura

 

From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Hal Wigoda
Sent: Thursday, August 08, 2013 3:33 PM
To: Community support list for Wireshark
Cc: Wireshark Users
Subject: Re: [Wireshark-users] Need to record bandwidth used by branch office VPN tunnels

 

You would filter the traffic.  How you would do that I cannot answer at the time.   

-------


On Aug 8, 2013, at 1:49 PM, "Gary Drost" <gary@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

I have a site with two branch offices.  The branch offices communicate back to the main office through Branch Office VPN tunnels over the Internet.

 

If the office IP structure is:

 

  Main - 192.168.1.x

  Br1 - 192.168.2.x

  Br2 - 192.168.3.x

 

Can I use Wireshark at the main site to record the traffic coming to the main site from the remote sites over those VPN tunnels in order to determine the current bandwidth used by that traffic?

 

Can I do it without having to capture all the traffic (i.e. can I report on the bandwidth the traffic is using without having to capture that traffic)?

 

I would expect that I will need to capture stats for about a week and don't want to have to save GB worth of wireshark data, unless I have to, in order to accomplish this.

 

Thanks,

 

Gary

 

 

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe