Ethereal-users: Re: [Ethereal-users] capturing the amount of bytes in and out of an IP
David Hodgson wrote:
I have devices which connect to my network using IP addresses assigned
from a pool. I would like to find out how many bytes is being sent and
received from the devices, firstly the total amount from the pool and
also from individual IP’s from the pool. Is this possible with Ethereal
or can someone point me to something that will do that? I also want to
output the amount of bytes as well as the IP to a log file, it will then
be inserted into an Oracle database.
Using Ethereal for that purpose could be considered equivalent to
sending a sample of your blood to a clinical laboratory for a full blood
chemistry analysis in order to find out whether it's red or not. :-)
You might want to see whether ntop:
http://www.ntop.org/
could do the job - it might be easier to get it to do that, especially
in an automated fashion, than it would be to get Ethereal to do that.
(As the "NTOP – Network TOP: An Overview" paper:
http://www.ntop.org/ntop-overview.pdf
says:
Simple alternatives to network monitoring are packet tracers and
decoders, often-called network sniffers. Examples are tcpdump [Jacobson
et al] and snoop [Sun]. These tools are responsible for capturing
packets from the network and often require off-line analysis tools to
correlate captured data and identify network flows. Sniffers usually
provide details on packet activity and lack information on the network
as a whole [DeriSuin99]. Protocol analyzers, such as Ethereal
[Ethereal], typically focus on the content of single network packets and
not on global network activities. These solutions lack high-level
support to management activities.
