[TriLUG] tool to report on used bandwidth
John Vaughters
jvaughters04 at yahoo.com
Wed Sep 18 14:29:39 EDT 2013
tshark is a command line tool that comes with wireshark and it can be used to get the bandwidth use. What is great about it is that it is OS cross functional. Below is how you turn a pcap file into a statistics file.
tshark -q -z 'io,stat,1' -r <PcapFile>> <StatisticsFile>
I have in the past and cannot currently find, created a script to do the following:
* Use tshark to create pcap files
* convert the pcap files to statistic files
* delete the pcap files
This is a very basic outline, but the main problems you will run into is that you will drown in pcap files if you do not delete them, and you have to collect pcap files based on time or file size. In either case, you will hog memory processing large files, so you need to keep it reasonably contained.
Overall I found this method to be very low resource when you find a happy balance. All of it can be done with tshark on any platform that you can install wireshark
Good Luck!
John Vaughters
More information about the TriLUG
mailing list