If you had a capture you were looking at that had places where the traffic rate dropped to zero, that might be a reason to dive further into those time periods and see what is going on. We can see that the peak of traffic is somewhere around 300kbps. Let’s change the Y Axis to bits/tick so we can see a traffic rate in bits per second and get a rate of traffic. While the default view of packets/second is OK, it’s not super useful for most troubleshooting I’ve run into.
#MAKE IOGRAPH USING TSHARK DOWNLOAD#
This capture is an HTTP download that encountered packet loss. To start, open up this sample packet capture, or your own in Wireshark and click on Statistics – IO Graphs. We’ll touch on the Advanced features later on. Other options include bytes/tick, bits/tick, or Advanced. The default for the y axis is packets per tick. Pixels per tick allows you to alter the spacing of the ticks on the graph. The default for the x axis is 1 second.The X axis default is usually OK for looking at most traffic, but if you are trying to look at bursty traffic you may need to use a smaller X-Axis tick interval. X and Y Axis – Wireshark will automatically define both axis’ based on traffic being plotted.Graph 1 will always be the foreground layer. If you are graphing multiple items, you might want to choose different styles for each graph to make sure everything is visible and one graph doesn’t cover up another. Styles – There are four different styles you can use: Line, Impulse, Fbar, and Dots.This filter box uses any of the same display filters you would use in the main Wireshark window. Filters – Each graph can have a filter associated with it.
We will go into some further examples using multiple graphs in a little bit. Each Graph button is linked to a different color graph (not changeable). Graphs – There are 5 different graph buttons, allowing you to graph up to 5 different things at one time.Let’s take a look at the basic components of the IO graph window. If you want to get a more granular view of the traffic, just click the ‘Tick interval” dropdown under “X-Axis” and select a smaller time interval. To look into the traffic closer, just click any point on the graph and it will focus on that packet in the background packet list window. At the most basic level, this can be useful for seeing spikes ( or dips) in your traffic and taking a closer look into that traffic. Using our example, we can see the overall rate of traffic for all captured traffic. If you prefer to see the bytes or bits per second, just click the “Unit:” dropdown under “Y Axis” and select which one you want to look at. By default the X axis will set the tick interval to one second, and the Y axis will be packets per tick. The basic Wireshark IO graph will show you the overall traffic seen in a capture file, usually in a per second rate (either packets or bytes). Wireshark comes with a number of built in graphs that help make these issues become much more obvious. Scrolling through hundreds or thousands of packets trying to follow a conversation or find a problem you don’t know exists can be frustrating. When troubleshooting a problem using a packet capture the amount of data can be overwhelming. One of the lesser used functions of Wireshark is it’s ability to graph different data.
0 kommentar(er)
