Results 1 to 2 of 2

Thread: Help needed: Getting traffic in bytes per user from PCAP file?

  1. #1
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    15

    Question Help needed: Getting traffic in bytes per user from PCAP file?

    Hi all,

    my boss told me to analyze our network traffic to find out which local user (resp. workstation) downloads how much from the internet. Not for any obscure Big Brother purposes ;-) just to get an overview of the needs of our users (there are 14) and as a basis for a future line upgrade.

    So I set up a linux box with 3 NICs and established a bridge br0 with eth0 and eth1, eth2 just to access the box via ssh. Then placed this box between our main switch and our internet gateway. It works flawlessly and is completely transparent to the local network.

    I then started tcpdump on br0 and dumped the complete traffic into a PCAP file. The size is quite big after a day in the office, about 2.5 GB. When I try to open it in Wireshark, it takes forever and it usually crashes before the complete PCAP gets loaded.

    I was wondering if there is a more elegant and useful way to determine the inbound and outbound traffic per local workstation out of a PCAP file? I already thought of first reading out all ip addresses containing 192.168. from the big PCAP, then extract new PCAP's from the big one, one per local IP, then measure the bytes in that files. That's a lot of work.. and I'm almost sure there's some better way to do it?

    Thanks for your help!

    Regards, Rob
    I love deadlines. I like the whooshing sound they make as they fly by.

    Douglas Adams

  2. #2
    Just burned his ISO
    Join Date
    Jan 2010
    Location
    PA
    Posts
    9

    Default Re: Help needed: Getting traffic in bytes per user from PCAP file?

    I think you are being lazy and i will fire you on the spot ( Is a joke but they say there's always a truth to a joke) some thing sounds fishy I noticed you posted on another board also. Im a noob but wasnt born with a spoon either....... google is your best friend bud, of coarse use right key words and some sense pretend is a index and read, after all you are on your boss time.


    Keep it simple,

Similar Threads

  1. Ridimensionare file .pcap
    By fly76 in forum Discussioni Generali
    Replies: 1
    Last Post: 01-14-2011, 11:55 PM
  2. Ettercap ecp file to pcap format?
    By 18436572 in forum Beginners Forum
    Replies: 2
    Last Post: 07-08-2010, 03:05 AM
  3. Replies: 0
    Last Post: 04-07-2010, 12:42 PM
  4. Replay pcap file and use sslstrip
    By creepykrawler in forum Experts Forum
    Replies: 4
    Last Post: 03-27-2010, 04:22 AM
  5. Cannot user startx with newly created user
    By imported_Zer0|Day in forum OLD BT3final Support
    Replies: 1
    Last Post: 06-25-2008, 01:28 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •