Wireshark-users: Re: [Wireshark-users] Need to record bandwidth used by branch office VPN tunnels

Date: Mon, 12 Aug 2013 09:13:08 -0700
Is it possible to have tshark run for a period of time, say an hour or two, and then stop.  It could be setup in a batch file to rename the output file and then relaunch tshark again.
 
My guess of a week worth of data was a bit arbitrary.  I really want to get a good benchmark on what is a normal amount of traffic so that I have a something to measure against when there the branch offices say the connection is slow or data so that I can recommend an option for a faster, larger pipe between sites.
 
Thanks,

Gary
 
Pioneer Consulting Services, Inc.
Cell: (360) 739-2491
email: gary@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
 
 
-------- Original Message --------
Subject: Re: [Wireshark-users] Need to record bandwidth used
by branch office VPN tunnels
From: "Laura Chappell" <lchappell@xxxxxxxxxxxxxxxx>
Date: Fri, August 09, 2013 8:28 am
To: "'Community support list for Wireshark'"
<wireshark-users@xxxxxxxxxxxxx>

Oh, yeah... one week is a killer... I've run for just an hour at a customer
we didn't hit a snag.

Wouldn't it be best if tshark stopped saving the packets once the statistic
is obtained for the timeframe?

Laura

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Sake Blok
Sent: Friday, August 09, 2013 8:16 AM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Need to record bandwidth used by branch
office VPN tunnels

On 9 aug 2013, at 03:05, Laura Chappell wrote:

> Consider using tshark (command-line tool) with the following parameters
perhaps.
>
> tshark -q -z
io,stat,3000,ip.addr==192.168.1.0/24,ip.addr==192.168.2.0/24,ip.addr==192.16
8.3.0/24 > mystats.txt
>
> No packets are saved during this process - you're only getting statistics.

Laura, this is not entirely true. As tshark uses dumpcap to capture the
traffic, dumpcap will save all the packets in a temporary file from which
tshark will read. To monitor the traffic for a week in this manner will
most likely result in a) an out-of-memory error due to the fact that tshark
keeps information about each conversation and b) a disk filling up with
packet data.

Cheers,
Sake


___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users

mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe