Is it possible to code a way to make a packet counter for the whole network, similar to Wireshark's packet count while choosing the interface. The main thing being that I want a packet count of the whole LAN not just the actual machine only. I heard libpcap was the best place to start although I wanted to ask here to see if it's the right thing.
Asked
Active
Viewed 974 times
0
-
You want a single measure of the total number of packets exchanged between any two machines on the entire LAN? If so, you'll need every switch in the LAN to be managed and you'll need to sum the statistics from all ports the connect switches to end devices. – David Schwartz Dec 05 '12 at 20:00
-
I also need to use that device for communication although to another computer on the network – Andrei0427 Dec 05 '12 at 20:06
-
@Andrei0427 You either have to mirror _all_ the traffic from all the ethernet switches out to your machine where you capture and count them, or you'll have to pull out and sum up SNMP counters from all your switches (assuming they have SNMP support and the proper counters.) Just capturing with libpcap in promiscuous mode does not give you all the packets on your LAN unless you are using ethernet hubs instead of ethernet switches. – nos Dec 05 '12 at 22:58
-
@nos If you are mentioning the situations due to VLANs I'm covered for that as I just an average packet per second reading, plus Im doing this experiment for my home network not an enterprise. I hope I understood you correctly – Andrei0427 Dec 06 '12 at 07:43
-
@Andrei0427 No, this has nothing to do with VLANs. If you have 3 machines A, B and your capturing PC C connected to a switch, your machine C can capture traffic between A and C, and B and C. If there's traffic between A and B, you will not see any of those packets. In such a simple situation you could but a small switch with port mirroring features, and mirror all the traffic on all the ethernet ports out to a single ethernet port and capture data on that port though. – nos Dec 06 '12 at 08:43
1 Answers
0
I found the answer in this document: http://eecs.wsu.edu/~sshaikot/docs/lbpcap/libpcap-tutorial.pdf
Its a matter of setting a parameter to anything but 0 for starting up an interface in promiscuous mode.
Andrei0427
- 573
- 3
- 6
- 18
-
But also note nos's comment - if you're capturing on a switched network, promiscuous mode does *not* guarantee that you see all packets on the network. – Dec 05 '12 at 23:08