I have a content packet sniffer in place trying to track down excessive bandwidth usage going to my provider. I've set up an exclude filter of sourceip[10.0.0.1/8] and destinationip[10.0.0.1/8] so I don't get intra-lan ip traffic.
So far the two protocol classifications using the most bandwidth are the www and 'various' groups. How do I determine which URLs are in the www group and a breakdown of the protocols in the various classification? Would also like to see which IP addresses they're going to/coming from as well.