Wireshark

  • Riverbed Technology
  • WinPcap
SHARKFEST '12 - Wireshark Developer and User Conference - June 24-27, 2012 - UC Berkeley, Clark Kerr Campus
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: [Wireshark-users] Methods for finding "extraneous" http traffic

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: "Small, James" <JSmall@xxxxxxxxxxxxxx>
Date: Tue, 31 Oct 2006 15:39:59 -0500

I am working with some large network captures.  Most of the traffic is
http (actually http to a proxy server listening on TCP/8080).

I would like to find a way to classify the traffic - something like:
Plain vanilla http (web pages)
Tunneling protocols (SSL VPNs, IM, or anything else tunneling through
http/http proxy)
Large images
Video/Streaming Media
Etc.

I realize you can look by hand, but during a typical two minute capture,
I am getting around 100,000 packets so I need a pattern match.  This
list has been great - for example after reading about dumpcap I used
that instead of Wireshark to do the capture and it worked fabulously.  I
am hoping to glean some insight into how to deal with this!

This is for several reasons including security and especially for
bandwidth management.  I would like to be able to see for example, what
percentage of my traffic/bandwidth is being eaten up by large
images/video/streaming media.

Any ideas, suggestions, links, references or advice would be greatly
appreciated.

Thank you,
  --Jim
  • Prev by Date: Re: [Wireshark-users] How to find the application sending a namerequest?
  • Previous by thread: [Wireshark-users] Application Advantage Time Duration
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation