05-11-2017
Suggest any linux with wireshark....
At work we use older laptops with wireshark. Connect to a port, figure out what port to monitor and let it run. Then take the monster files created and sort through them using a variety of tools. My laptop still has an old version of opensuse on it, but it does have 500GB of disk.
Wireshark files can get really large, quickly, depending on what you are monitoring. Disk is important. So we use junk laptops, I'm sure you could use raspbian instead.
The only other component that has to be up to snuff is the NIC - the data center is on a 10 gigabit backbone. Most home network routers and DSL modems are 1Gb usually.
I am not sure what exact hardware you'd need to buy to support wireshark on raspbian.
Disk and NIC that will do what you need is up to you.
Oh. And the learning curve on wireshark is not bad, but reading output usually requires scripting ability. Or good vim/RE skills. vi has has file size limits.
9 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
there are commands to monitor the memory, paging, io... how about network traffic. i mean commands to see whether the network traffic (LAN) is congested? the closest i got is netstat
thanks (6 Replies)
Discussion started by: yls177
6 Replies
2. Cybersecurity
Hi,
Can someone give me the clue on how to capture network traffic at gateway.
Thanx (2 Replies)
Discussion started by: kayode
2 Replies
3. Programming
I am developing a Network Appliation to monitor computers in a network.
Specs are
App monitors the current web page viewed in each system
App also can shutdown the computer in the network
App can show all process run by each computer in the network
I am now confused how to start my... (2 Replies)
Discussion started by: valaparambil88
2 Replies
4. Infrastructure Monitoring
Hi all,
Got a strange one here, well not so much strange, different :-)
I need to work out if a server is particulary chatty, whether its talking / communicating heavily to a particular server, as Im planning to physically move the server to a different server, over a link. Hence the... (6 Replies)
Discussion started by: sbk1972
6 Replies
5. HP-UX
I Colleagues,
Somebody can say me how to monitoring traffic in the network. also I am interested in monitoring memory. if somebody to know a guide with command advanced in unix welcome for me.
Thank you for adcanced. (0 Replies)
Discussion started by: systemoper
0 Replies
6. Red Hat
How to monitor network device traffic using MRTG?
How can I add network devices in MRTG configuration to monitor? (2 Replies)
Discussion started by: manalisharmabe
2 Replies
7. UNIX Desktop Questions & Answers
Hello,
I am working in office, where, more than 60 clients machines (only 16 machines are on windows) are there and one server Centos Server, I have configured clients with server, so that internet will be used form only one IP. Only 1 ip is assigned, but now a days, my client machines are... (2 Replies)
Discussion started by: RedRocks!!
2 Replies
8. Infrastructure Monitoring
If I would like to know what connection , data , traffic in a network port ( eth0 ) , what can I do ?
ps. because I always found the network is very slow , so I would like what the network port is doing .
Thanks
Login ID ust3 is currently in read-only mode for multiple infractions. Creating... (0 Replies)
Discussion started by: ust03
0 Replies
9. UNIX for Advanced & Expert Users
Hi All
I am resilience testing an application that is spread across multiple servers.
One thing I will need to do soon is throttle the network traffic for specific interfaces within the test cluster. Specifically, maybe make a connection take twice or three times as long to respond....
I... (3 Replies)
Discussion started by: bbq
3 Replies
LEARN ABOUT CENTOS
reordercap
REORDERCAP(1) The Wireshark Network Analyzer REORDERCAP(1)
NAME
reordercap - Reorder input file by timestamp into output file
SYNOPSIS
reordercap [ -n ] <infile> <outfile>
DESCRIPTION
Reordercap is a program that reads an input capture file and rewrites the frames to an output capture file, but with the frames sorted by
increasing timestamp.
This functionality may be useful when capture files have been created by combining frames from more than one well-synchronised source, but
the frames have not been combined in strict time order.
Reordercap writes the output capture file in the same format as the input capture file.
Reordercap is able to detect, read and write the same capture files that are supported by Wireshark. The input file doesn't need a
specific filename extension; the file format and an optional gzip compression will be detected automatically. Near the beginning of the
DESCRIPTION section of wireshark(1) or <http://www.wireshark.org/docs/man-pages/wireshark.html> is a detailed description of the way
Wireshark handles this, which is the same way reordercap handles this.
OPTIONS
-n When the -n option is used, reordercap will not write out the output file if it finds that the input file is already in order.
SEE ALSO
pcap(3), wireshark(1), tshark(1), dumpcap(1), editcap(1), mergecap(1), text2pcap(1), pcap-filter(7) or tcpdump(8)
NOTES
Reordercap is part of the Wireshark distribution. The latest version of Wireshark can be found at <http://www.wireshark.org>.
It may make sense to move this functionality into editcap, or perhaps mergecap, in which case reordercap could be retired.
HTML versions of the Wireshark project man pages are available at: <http://www.wireshark.org/docs/man-pages>.
AUTHORS
Original Author
-------- ------
Martin Mathieson <martin.r.mathieson[AT]googlemail.com>
1.10.3 2013-07-28 REORDERCAP(1)