2014-08-02 22:42:20 +00:00
|
|
|
++++++++++++++++++++++++++++++++++++++
|
|
|
|
<!-- WSUG Chapter Statistics -->
|
|
|
|
++++++++++++++++++++++++++++++++++++++
|
2014-08-24 01:15:52 +00:00
|
|
|
|
2014-08-02 22:42:20 +00:00
|
|
|
[[ChStatistics]]
|
|
|
|
|
|
|
|
== Statistics
|
|
|
|
|
|
|
|
[[ChStatIntroduction]]
|
|
|
|
|
|
|
|
=== Introduction
|
|
|
|
|
|
|
|
Wireshark provides a wide range of network statistics which can be accessed via
|
2014-08-24 01:15:52 +00:00
|
|
|
the menu:Statistics[] menu.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
|
|
|
These statistics range from general information about the loaded capture file
|
|
|
|
(like the number of captured packets), to statistics about specific protocols
|
2014-08-24 01:15:52 +00:00
|
|
|
(e.g. statistics about the number of HTTP requests and responses captured).
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2014-08-24 01:15:52 +00:00
|
|
|
* General statistics:
|
2014-08-02 22:42:20 +00:00
|
|
|
|
|
|
|
- *Summary* about the capture file.
|
2014-08-24 01:15:52 +00:00
|
|
|
|
2014-08-02 22:42:20 +00:00
|
|
|
- *Protocol Hierarchy* of the captured packets.
|
2014-08-24 01:15:52 +00:00
|
|
|
|
2014-08-02 22:42:20 +00:00
|
|
|
- *Conversations* e.g. traffic between specific IP addresses.
|
2014-08-24 01:15:52 +00:00
|
|
|
|
2014-08-02 22:42:20 +00:00
|
|
|
- *Endpoints* e.g. traffic to and from an IP addresses.
|
2014-08-24 01:15:52 +00:00
|
|
|
|
2014-08-02 22:42:20 +00:00
|
|
|
- *IO Graphs* visualizing the number of packets (or similar) in time.
|
2014-08-24 01:15:52 +00:00
|
|
|
|
|
|
|
* Protocol specific statistics:
|
2014-08-02 22:42:20 +00:00
|
|
|
|
|
|
|
- *Service Response Time* between request and response of some protocols.
|
2014-08-24 01:15:52 +00:00
|
|
|
|
2014-08-02 22:42:20 +00:00
|
|
|
- Various other protocol specific statistics.
|
2014-08-24 01:15:52 +00:00
|
|
|
|
2014-08-02 22:42:20 +00:00
|
|
|
[NOTE]
|
|
|
|
====
|
|
|
|
The protocol specific statistics require detailed knowledge about the specific
|
|
|
|
protocol. Unless you are familiar with that protocol, statistics about it will
|
2014-08-24 01:15:52 +00:00
|
|
|
be pretty hard to understand.
|
2014-08-02 22:42:20 +00:00
|
|
|
====
|
|
|
|
|
|
|
|
[[ChStatSummary]]
|
|
|
|
|
2016-08-30 19:12:33 +00:00
|
|
|
=== The ``Summary'' window
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2014-08-24 01:15:52 +00:00
|
|
|
General statistics about the current capture file.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2016-08-30 19:12:33 +00:00
|
|
|
.The ``Summary'' window
|
2016-09-13 18:29:25 +00:00
|
|
|
image::wsug_graphics/ws-stats-summary.png[{screenshot-attrs}]
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2014-08-24 01:15:52 +00:00
|
|
|
* __File__: general information about the capture file.
|
|
|
|
|
2015-02-14 18:18:26 +00:00
|
|
|
* __Time__: the timestamps when the first and the last packet were captured (and
|
|
|
|
the time between them).
|
2014-08-24 01:15:52 +00:00
|
|
|
|
2015-02-14 18:18:26 +00:00
|
|
|
* __Capture__: information from the time when the capture was done (only
|
|
|
|
available if the packet data was captured from the network and not loaded from
|
|
|
|
a file).
|
2014-08-24 01:15:52 +00:00
|
|
|
|
2014-08-02 22:42:20 +00:00
|
|
|
* __Display__: some display related information.
|
2014-08-24 01:15:52 +00:00
|
|
|
|
2015-02-14 18:18:26 +00:00
|
|
|
* __Traffic__: some statistics of the network traffic seen. If a display filter
|
|
|
|
is set, you will see values in the Captured column, and if any packages are
|
|
|
|
marked, you will see values in the Marked column. The values in the _Captured_
|
|
|
|
column will remain the same as before, while the values in the _Displayed_
|
|
|
|
column will reflect the values corresponding to the packets shown in the
|
|
|
|
display. The values in the _Marked_ column will reflect the values
|
|
|
|
corresponding to the marked packages.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
|
|
|
[[ChStatHierarchy]]
|
|
|
|
|
2016-08-30 19:12:33 +00:00
|
|
|
=== The ``Protocol Hierarchy'' window
|
2014-08-02 22:42:20 +00:00
|
|
|
|
|
|
|
The protocol hierarchy of the captured packets.
|
|
|
|
|
2016-08-30 19:12:33 +00:00
|
|
|
.The ``Protocol Hierarchy'' window
|
2016-09-13 18:29:25 +00:00
|
|
|
image::wsug_graphics/ws-stats-hierarchy.png[{screenshot-attrs}]
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2015-02-14 18:18:26 +00:00
|
|
|
This is a tree of all the protocols in the capture. Each row contains the
|
|
|
|
statistical values of one protocol. Two of the columns (_Percent Packets_ and
|
|
|
|
_Percent Bytes_) serve double duty as bar graphs. If a display filter is set it
|
|
|
|
will be shown at the bottom.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2015-02-14 18:18:26 +00:00
|
|
|
The button:[Copy] button will let you copy the window contents as CSV or YAML.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2015-02-14 18:18:26 +00:00
|
|
|
.Protocol hierarchy columns
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2015-02-14 18:18:26 +00:00
|
|
|
_Protocol_:: This protocol's name
|
2014-08-24 01:15:52 +00:00
|
|
|
|
2015-02-14 18:18:26 +00:00
|
|
|
_Percent Packets_:: The percentage of protocol packets relative to all packets in
|
2014-08-02 22:42:20 +00:00
|
|
|
the capture
|
2014-08-24 01:15:52 +00:00
|
|
|
|
2015-02-14 18:18:26 +00:00
|
|
|
_Packets_:: The total number of packets of this protocol
|
2014-08-24 01:15:52 +00:00
|
|
|
|
2015-02-14 18:18:26 +00:00
|
|
|
_Percent Bytes_:: The percentage of protocol bytes relative to the total bytes in
|
|
|
|
the capture
|
2014-08-24 01:15:52 +00:00
|
|
|
|
2015-02-14 18:18:26 +00:00
|
|
|
_Bytes_:: The total number of bytes of this protocol
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2015-02-14 18:18:26 +00:00
|
|
|
_Bits/s_:: The bandwidth of this protocol relative to the capture time
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2015-02-14 18:18:26 +00:00
|
|
|
_End Packets_:: The absolute number of packets of this protocol where it
|
|
|
|
was the highest protocol in the stack (last dissected)
|
2014-08-24 01:15:52 +00:00
|
|
|
|
2015-02-14 18:18:26 +00:00
|
|
|
_End Bytes_:: The absolute number of bytes of this protocol where it
|
|
|
|
was the highest protocol in the stack (last dissected)
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2015-02-14 18:18:26 +00:00
|
|
|
_End Bits/s_:: The bandwidth of this protocol relative to the capture time where
|
|
|
|
was the highest protocol in the stack (last dissected)
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2015-02-14 18:18:26 +00:00
|
|
|
Packets usually contain multiple protocols. As a result more than one protocol will
|
|
|
|
be counted for each packet. Example: In the screenshot IP has 99.9% and TCP
|
|
|
|
98.5% (which is together much more than 100%).
|
2014-08-02 22:42:20 +00:00
|
|
|
|
|
|
|
Protocol layers can consist of packets that won't contain any higher layer
|
|
|
|
protocol, so the sum of all higher layer packets may not sum up to the protocols
|
2015-02-14 18:18:26 +00:00
|
|
|
packet count. Example: In the screenshot TCP has 98.5% but the sum of the
|
|
|
|
subprotocols (SSL, HTTP, etc) is much less. This can be caused by continuation
|
|
|
|
frames, TCP protocol overhead, and other undissected data.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
|
|
|
A single packet can contain the same protocol more than once. In this case, the
|
2015-02-14 18:18:26 +00:00
|
|
|
protocol is counted more than once. For example ICMP replies and many tunneling
|
|
|
|
protocols will carry more than one IP header.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
|
|
|
[[ChStatConversations]]
|
|
|
|
|
|
|
|
=== Conversations
|
|
|
|
|
|
|
|
A network conversation is the traffic between two specific endpoints. For
|
|
|
|
example, an IP conversation is all the traffic between two IP addresses. The
|
|
|
|
description of the known endpoint types can be found in
|
2016-09-22 22:43:37 +00:00
|
|
|
<<ChStatEndpoints>>.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
|
|
|
[[ChStatConversationsWindow]]
|
|
|
|
|
2015-02-14 18:18:26 +00:00
|
|
|
==== The ``Conversations'' window
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2015-02-14 18:18:26 +00:00
|
|
|
The conversations window is similar to the endpoint Window. See
|
2014-08-02 22:42:20 +00:00
|
|
|
<<ChStatEndpointsWindow>> for a description of their common features. Along with
|
|
|
|
addresses, packet counters, and byte counters the conversation window adds four
|
2016-09-01 20:51:13 +00:00
|
|
|
columns: the start time of the conversation (``Rel Start'') or (``Abs Start''),
|
|
|
|
the duration of the conversation in seconds, and the average bits (not bytes)
|
|
|
|
per second in each direction. A timeline graph is also drawn across the
|
|
|
|
``Rel Start'' / ``Abs Start'' and ``Duration'' columns.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2016-08-30 19:12:33 +00:00
|
|
|
.The ``Conversations'' window
|
2016-09-13 18:29:25 +00:00
|
|
|
image::wsug_graphics/ws-stats-conversations.png[{screenshot-attrs}]
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2014-08-24 01:15:52 +00:00
|
|
|
Each row in the list shows the statistical values for exactly one conversation.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
|
|
|
_Name resolution_ will be done if selected in the window and if it is active for
|
|
|
|
the specific protocol layer (MAC layer for the selected Ethernet endpoints
|
2015-02-14 18:18:26 +00:00
|
|
|
page). _Limit to display filter_ will only show conversations matching the
|
2016-09-01 20:51:13 +00:00
|
|
|
current display filter. _Absolute start time_ switches the start time column
|
|
|
|
between relative (``Rel Start'') and absolute (``Abs Start'') times. Relative start
|
|
|
|
times match the ``Seconds Since Beginning of Capture'' time display format in the
|
|
|
|
packet list and absolute start times match the ``Time of Day'' display format.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2015-02-14 18:18:26 +00:00
|
|
|
The button:[Copy] button will copy the list values to the clipboard in CSV
|
|
|
|
(Comma Separated Values) or YAML format. The button:[Follow Stream...] button
|
|
|
|
will show the stream contents as described in <<ChAdvFollowStream>> dialog. The
|
|
|
|
button:[Graph...] button will show a graph as described in <<ChStatIOGraphs>>.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2015-02-14 18:18:26 +00:00
|
|
|
button:[Conversation Types] lets you choose which traffic type tabs are shown.
|
2016-09-22 22:43:37 +00:00
|
|
|
See <<ChStatEndpoints>> for a list of endpoint types. The enabled types
|
2015-02-14 18:18:26 +00:00
|
|
|
are saved in your profile settings.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
|
|
|
[TIP]
|
|
|
|
====
|
2014-08-24 01:15:52 +00:00
|
|
|
This window will be updated frequently so it will be useful even if you open
|
|
|
|
it before (or while) you are doing a live capture.
|
2014-08-02 22:42:20 +00:00
|
|
|
====
|
|
|
|
|
2015-02-14 18:18:26 +00:00
|
|
|
// Removed:
|
|
|
|
// [[ChStatConversationListWindow]]
|
2014-08-02 22:42:20 +00:00
|
|
|
|
|
|
|
[[ChStatEndpoints]]
|
|
|
|
|
|
|
|
=== Endpoints
|
|
|
|
|
2015-02-14 18:18:26 +00:00
|
|
|
A network endpoint is the logical endpoint of separate protocol traffic of a
|
|
|
|
specific protocol layer. The endpoint statistics of Wireshark will take the
|
|
|
|
following endpoints into account:
|
2014-08-02 22:42:20 +00:00
|
|
|
|
|
|
|
[TIP]
|
|
|
|
====
|
|
|
|
If you are looking for a feature other network tools call a _hostlist_, here is
|
|
|
|
the right place to look. The list of Ethernet or IP endpoints is usually what
|
2014-08-24 01:15:52 +00:00
|
|
|
you're looking for.
|
2014-08-02 22:42:20 +00:00
|
|
|
====
|
|
|
|
|
2015-02-14 18:18:26 +00:00
|
|
|
.Endpoint and Conversation types
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2015-02-14 18:18:26 +00:00
|
|
|
_Bluetooth_:: A MAC-48 address similar to Ethernet.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2015-02-14 18:18:26 +00:00
|
|
|
_Ethernet_:: Identical to the Ethernet device's MAC-48 identifier.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2015-02-14 18:18:26 +00:00
|
|
|
_Fibre Channel_:: A MAC-48 address similar to Ethernet.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2015-02-14 18:18:26 +00:00
|
|
|
_IEEE 802.11_:: A MAC-48 address similar to Ethernet.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2015-02-14 18:18:26 +00:00
|
|
|
_FDDI_:: Identical to the FDDI MAC-48 address.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2015-02-14 18:18:26 +00:00
|
|
|
_IPv4_:: Identical to the 32-bit IPv4 address.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2015-02-14 18:18:26 +00:00
|
|
|
_IPv6_:: Identical to the 128-bit IPv6 address.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2015-02-14 18:18:26 +00:00
|
|
|
_IPX_:: A concatenation of a 32 bit network number and 48 bit node address, by
|
|
|
|
default the Ethernet interface's MAC-48 address.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2015-02-14 18:18:26 +00:00
|
|
|
_JXTA_:: A 160 bit SHA-1 URN.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2015-02-14 18:18:26 +00:00
|
|
|
_NCP_:: Similar to IPX.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2015-02-14 18:18:26 +00:00
|
|
|
_RSVP_:: A combination of varios RSVP session attributes and IPv4 addresses.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2015-02-14 18:18:26 +00:00
|
|
|
_SCTP_:: A combination of the host IP addresses (plural) and
|
|
|
|
the SCTP port used. So different SCTP ports on the same IP address are different
|
|
|
|
SCTP endpoints, but the same SCTP port on different IP addresses of the same
|
|
|
|
host are still the same endpoint.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2015-02-14 18:18:26 +00:00
|
|
|
_TCP_:: A combination of the IP address and the TCP port used.
|
|
|
|
Different TCP ports on the same IP address are different TCP endpoints.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2015-02-14 18:18:26 +00:00
|
|
|
_Token Ring_:: Identical to the Token Ring MAC-48 address.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2015-02-14 18:18:26 +00:00
|
|
|
_UDP_:: A combination of the IP address and the UDP port used, so different UDP
|
|
|
|
ports on the same IP address are different UDP endpoints.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2015-02-14 18:18:26 +00:00
|
|
|
_USB_:: Identical to the 7-bit USB address.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
|
|
|
[NOTE]
|
2015-02-14 18:18:26 +00:00
|
|
|
.Broadcast and multicast endpoints
|
2014-08-02 22:42:20 +00:00
|
|
|
====
|
2015-02-14 18:18:26 +00:00
|
|
|
Broadcast and multicast traffic will be shown separately as additional
|
|
|
|
endpoints. Of course, as these aren't physical endpoints the real traffic
|
|
|
|
will be received by some or all of the listed unicast endpoints.
|
2014-08-02 22:42:20 +00:00
|
|
|
====
|
|
|
|
|
|
|
|
[[ChStatEndpointsWindow]]
|
|
|
|
|
2016-08-30 19:12:33 +00:00
|
|
|
==== The ``Endpoints'' window
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2014-08-24 01:15:52 +00:00
|
|
|
This window shows statistics about the endpoints captured.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2015-02-14 18:18:26 +00:00
|
|
|
.The ``Endpoints'' window
|
2016-09-13 18:29:25 +00:00
|
|
|
image::wsug_graphics/ws-stats-endpoints.png[{screenshot-attrs}]
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2015-02-14 18:18:26 +00:00
|
|
|
For each supported protocol, a tab is shown in this window. Each tab label shows
|
|
|
|
the number of endpoints captured (e.g. the tab label ``Ethernet · 4'' tells
|
|
|
|
you that four ethernet endpoints have been captured). If no endpoints of a
|
|
|
|
specific protocol were captured, the tab label will be greyed out (although the
|
|
|
|
related page can still be selected).
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2014-08-24 01:15:52 +00:00
|
|
|
Each row in the list shows the statistical values for exactly one endpoint.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2015-02-14 18:18:26 +00:00
|
|
|
_Name resolution_ will be done if selected in the window and if it is active for
|
|
|
|
the specific protocol layer (MAC layer for the selected Ethernet endpoints
|
|
|
|
page). _Limit to display filter_ will only show conversations matching the
|
|
|
|
current display filter. Note that in this example we have GeoIP configured which
|
|
|
|
gives us extra geographic columns. See <<ChGeoIPDbPaths>> for more information.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2015-02-14 18:18:26 +00:00
|
|
|
The button:[Copy] button will copy the list values to the clipboard in CSV
|
|
|
|
(Comma Separated Values) or YAML format. The button:[Map] button will show the
|
|
|
|
endpoints mapped in your web browser.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2015-02-14 18:18:26 +00:00
|
|
|
button:[Endpoint Types] lets you choose which traffic type tabs are shown. See
|
2016-09-22 22:43:37 +00:00
|
|
|
<<ChStatEndpoints>> above for a list of endpoint types. The enabled
|
2015-02-14 18:18:26 +00:00
|
|
|
types are saved in your profile settings.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
|
|
|
[TIP]
|
|
|
|
====
|
2015-02-14 18:18:26 +00:00
|
|
|
This window will be updated frequently, so it will be useful even if you open
|
2014-08-24 01:15:52 +00:00
|
|
|
it before (or while) you are doing a live capture.
|
2014-08-02 22:42:20 +00:00
|
|
|
====
|
|
|
|
|
2015-02-14 18:18:26 +00:00
|
|
|
// Removed:
|
|
|
|
// [[ChStatEndpointListWindow]]
|
2014-08-02 22:42:20 +00:00
|
|
|
|
|
|
|
[[ChStatIOGraphs]]
|
|
|
|
|
2016-08-30 19:12:33 +00:00
|
|
|
=== The ``IO Graphs'' window
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2014-08-24 01:15:52 +00:00
|
|
|
User configurable graph of the captured network packets.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2014-08-24 01:15:52 +00:00
|
|
|
You can define up to five differently colored graphs.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2016-08-30 19:12:33 +00:00
|
|
|
.The ``IO Graphs'' window
|
2016-09-13 18:29:25 +00:00
|
|
|
image::wsug_graphics/ws-stats-iographs.png[{screenshot-attrs}]
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2014-08-24 01:15:52 +00:00
|
|
|
The user can configure the following things:
|
|
|
|
|
|
|
|
* _Graphs_
|
|
|
|
|
|
|
|
- __Graph 1-5__: enable the specific graph 1-5 (only graph 1 is enabled by default)
|
|
|
|
|
|
|
|
- __Color__: the color of the graph (cannot be changed)
|
|
|
|
|
|
|
|
- __Filter__: a display filter for this graph (only the packets that pass this filter will be taken into account for this graph)
|
|
|
|
|
|
|
|
- __Style__: the style of the graph (Line/Impulse/FBar/Dot)
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2014-08-24 01:15:52 +00:00
|
|
|
* _X Axis_
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2014-08-24 01:15:52 +00:00
|
|
|
- __Tick interval__: an interval in x direction lasts (10/1 minutes or 10/1/0.1/0.01/0.001 seconds)
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2014-08-24 01:15:52 +00:00
|
|
|
- __Pixels per tick__: use 10/5/2/1 pixels per tick interval
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2014-08-24 01:15:52 +00:00
|
|
|
- __View as time of day__: option to view x direction labels as time of day instead of seconds or minutes since beginning of capture
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2014-08-24 01:15:52 +00:00
|
|
|
* _Y Axis_
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2014-08-24 01:15:52 +00:00
|
|
|
- __Unit__: the unit for the y direction (Packets/Tick, Bytes/Tick, Bits/Tick, Advanced...) [XXX - describe the Advanced feature.]
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2014-08-24 01:15:52 +00:00
|
|
|
- __Scale__: the scale for the y unit (Logarithmic,Auto,10,20,50,100,200,500,...)
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2014-08-24 01:15:52 +00:00
|
|
|
The button:[Save] button will save the currently displayed portion of the graph as one
|
|
|
|
of various file formats.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2014-08-24 01:15:52 +00:00
|
|
|
The button:[Copy] button will copy values from selected graphs to the clipboard in CSV
|
|
|
|
(Comma Separated Values) format.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
|
|
|
|
|
|
|
[TIP]
|
|
|
|
====
|
2014-08-24 01:15:52 +00:00
|
|
|
Click in the graph to select the first package in the selected interval.
|
2014-08-02 22:42:20 +00:00
|
|
|
====
|
|
|
|
|
|
|
|
[[ChStatSRT]]
|
|
|
|
|
|
|
|
=== Service Response Time
|
|
|
|
|
|
|
|
The service response time is the time between a request and the corresponding
|
2014-08-24 01:15:52 +00:00
|
|
|
response. This information is available for many protocols.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2014-08-24 01:15:52 +00:00
|
|
|
Service response time statistics are currently available for the following protocols:
|
2014-08-02 22:42:20 +00:00
|
|
|
|
|
|
|
* _DCE-RPC_
|
2014-08-24 01:15:52 +00:00
|
|
|
|
2014-08-02 22:42:20 +00:00
|
|
|
* _Fibre Channel_
|
2014-08-24 01:15:52 +00:00
|
|
|
|
2014-08-02 22:42:20 +00:00
|
|
|
* _H.225 RAS_
|
2014-08-24 01:15:52 +00:00
|
|
|
|
2014-08-02 22:42:20 +00:00
|
|
|
* _LDAP_
|
2014-08-24 01:15:52 +00:00
|
|
|
|
2014-08-02 22:42:20 +00:00
|
|
|
* _LTE MAC_
|
2014-08-24 01:15:52 +00:00
|
|
|
|
2014-08-02 22:42:20 +00:00
|
|
|
* _MGCP_
|
2014-08-24 01:15:52 +00:00
|
|
|
|
2014-08-02 22:42:20 +00:00
|
|
|
* _ONC-RPC_
|
2014-08-24 01:15:52 +00:00
|
|
|
|
2014-08-02 22:42:20 +00:00
|
|
|
* _SMB_
|
|
|
|
|
2014-08-24 01:15:52 +00:00
|
|
|
As an example, the DCE-RPC service response time is described in more detail.
|
|
|
|
|
2014-08-02 22:42:20 +00:00
|
|
|
[NOTE]
|
|
|
|
====
|
|
|
|
The other Service Response Time windows will work the same way (or only slightly
|
2014-08-24 01:15:52 +00:00
|
|
|
different) compared to the following description.
|
2014-08-02 22:42:20 +00:00
|
|
|
====
|
|
|
|
|
|
|
|
[[ChStatSRTDceRpc]]
|
|
|
|
|
|
|
|
==== The "Service Response Time DCE-RPC" window
|
|
|
|
|
|
|
|
The service response time of DCE-RPC is the time between the request and the
|
2014-08-24 01:15:52 +00:00
|
|
|
corresponding response.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2014-08-24 01:15:52 +00:00
|
|
|
First of all, you have to select the DCE-RPC interface:
|
2014-08-02 22:42:20 +00:00
|
|
|
|
|
|
|
.The "Compute DCE-RPC statistics" window
|
2016-09-13 18:29:25 +00:00
|
|
|
image::wsug_graphics/ws-stats-srt-dcerpc-filter.png[{screenshot-attrs}]
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2014-08-24 01:15:52 +00:00
|
|
|
You can optionally set a display filter, to reduce the amount of packets.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
|
|
|
.The "DCE-RPC Statistic for ..." window
|
2016-09-13 18:29:25 +00:00
|
|
|
image::wsug_graphics/ws-stats-srt-dcerpc.png[{screenshot-attrs}]
|
2014-08-02 22:42:20 +00:00
|
|
|
|
|
|
|
Each row corresponds to a method of the interface selected (so the EPM interface
|
|
|
|
in version 3 has 7 methods). For each method the number of calls, and the
|
2014-08-24 01:15:52 +00:00
|
|
|
statistics of the SRT time is calculated.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
|
|
|
[[ChStatCompareCaptureFiles]]
|
|
|
|
|
|
|
|
=== Compare two capture files
|
|
|
|
|
|
|
|
Compare two capture files.
|
|
|
|
|
|
|
|
This feature works best when you have merged two capture files chronologically,
|
|
|
|
one from each side of a client/server connection.
|
|
|
|
|
|
|
|
The merged capture data is checked for missing packets. If a matching connection
|
2014-08-24 01:15:52 +00:00
|
|
|
is found it is checked for:
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2014-08-24 01:15:52 +00:00
|
|
|
* IP header checksums
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2014-08-24 01:15:52 +00:00
|
|
|
* Excessive delay (defined by the "Time variance" setting)
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2014-08-24 01:15:52 +00:00
|
|
|
* Packet order
|
2014-08-02 22:42:20 +00:00
|
|
|
|
|
|
|
.The "Compare" window
|
2016-09-13 18:29:25 +00:00
|
|
|
image::wsug_graphics/ws-stats-compare.png[{screenshot-attrs}]
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2014-08-24 01:15:52 +00:00
|
|
|
You can configure the following:
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2014-08-24 01:15:52 +00:00
|
|
|
* _Start compare:_ Start comparing when this many IP IDs are matched. A zero value starts comparing immediately.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2014-08-24 01:15:52 +00:00
|
|
|
* _Stop compare:_ Stop comparing when we can no longer match this many IP IDs. Zero always compares.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2014-08-24 01:15:52 +00:00
|
|
|
* _Endpoint distinction:_ Use MAC addresses or IP time-to-live values to determine connection endpoints.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2014-08-24 01:15:52 +00:00
|
|
|
* _Check order:_ Check for the same IP ID in the previous packet at each end.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2014-08-24 01:15:52 +00:00
|
|
|
* _Time variance:_ Trigger an error if the packet arrives this many milliseconds after the average delay.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2014-08-24 01:15:52 +00:00
|
|
|
* _Filter:_ Limit comparison to packets that match this display filter.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
2014-08-24 01:15:52 +00:00
|
|
|
The info column contains new numbering so the same packets are parallel.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
|
|
|
The color filtering differentiate the two files from each other. A
|
2014-08-24 01:15:52 +00:00
|
|
|
``zebra'' effect is create if the Info column is sorted.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
|
|
|
[TIP]
|
|
|
|
====
|
|
|
|
If you click on an item in the error list its corresponding packet will be
|
2014-08-24 01:15:52 +00:00
|
|
|
selected in the main window.
|
2014-08-02 22:42:20 +00:00
|
|
|
====
|
|
|
|
|
|
|
|
[[ChStatWLANTraffic]]
|
|
|
|
|
|
|
|
=== WLAN Traffic Statistics
|
|
|
|
|
|
|
|
Statistics of the captured WLAN traffic. This window will summarize the wireless
|
|
|
|
network traffic found in the capture. Probe requests will be merged into an
|
2014-08-24 01:15:52 +00:00
|
|
|
existing network if the SSID matches.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
|
|
|
.The "WLAN Traffic Statistics" window
|
2016-09-13 18:29:25 +00:00
|
|
|
image::wsug_graphics/ws-stats-wlan-traffic.png[{screenshot-attrs}]
|
2014-08-02 22:42:20 +00:00
|
|
|
|
|
|
|
Each row in the list shows the statistical values for exactly one wireless
|
|
|
|
network.
|
|
|
|
|
|
|
|
_Name resolution_ will be done if selected in the window and if it is active for
|
|
|
|
the MAC layer.
|
|
|
|
|
|
|
|
_Only show existing networks_ will exclude probe requests with a SSID not
|
|
|
|
matching any network from the list.
|
|
|
|
|
2014-08-24 01:15:52 +00:00
|
|
|
The button:[Copy] button will copy the list values to the clipboard in CSV (Comma
|
|
|
|
Separated Values) format.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
|
|
|
|
|
|
|
[TIP]
|
|
|
|
====
|
|
|
|
This window will be updated frequently, so it will be useful, even if you open
|
2014-08-24 01:15:52 +00:00
|
|
|
it before (or while) you are doing a live capture.
|
2014-08-02 22:42:20 +00:00
|
|
|
====
|
|
|
|
|
|
|
|
[[ChStatXXX]]
|
|
|
|
|
|
|
|
=== The protocol specific statistics windows
|
|
|
|
|
|
|
|
The protocol specific statistics windows display detailed information of
|
|
|
|
specific protocols and might be described in a later version of this document.
|
|
|
|
|
|
|
|
Some of these statistics are described at
|
2016-11-01 21:35:29 +00:00
|
|
|
{wireshark-wiki-url}Statistics.
|
2014-08-02 22:42:20 +00:00
|
|
|
|
|
|
|
++++++++++++++++++++++++++++++++++++++
|
|
|
|
<!-- End of WSUG Chapter Statistics -->
|
2016-11-01 21:35:29 +00:00
|
|
|
++++++++++++++++++++++++++++++++++++++
|