The Statistics Menu in Wireshark provides powerful tools for summarizing and visualizing the captured network traffic. These tools allow you to gain high-level insights into the communication patterns, protocol distribution, and overall characteristics of your network capture. Understanding and utilizing the options in the Statistics Menu is crucial for identifying trends, anomalies, and potential issues within your network.
Common options found in the Statistics Menu
- Summary: Opens a dialog box providing a general overview of the capture file, including the number of packets, the capture duration, and the number of displayed packets (if a display filter is active).
- Protocol Hierarchy: Opens a window that displays the distribution of different network protocols present in the capture. It shows the percentage and number of bytes and packets attributed to each protocol, organized in a hierarchical tree structure. This is invaluable for quickly understanding the dominant protocols in your traffic.
- Conversations: Opens a window that lists the communication sessions (conversations) between different endpoints at various network layers (Ethernet, IP, TCP, UDP). For each conversation, it displays statistics such as the number of packets, the total bytes exchanged, the duration, and the average bits/bytes per second. This helps in identifying the main communication flows within your network.
- Endpoints: Opens a window that lists all the unique source and destination addresses (MAC addresses for Ethernet, IP addresses for IP, and IP addresses with port numbers for TCP/UDP) involved in the capture. For each endpoint, it provides statistics like the number of packets sent and received, and the total bytes exchanged. This is useful for identifying the key communicating devices on your network.
- IO Graphs: Opens a powerful tool for visualizing network traffic volume over time. You can create various graphs based on different criteria, such as packets per second, bytes per second, or even specific protocol traffic. You can also apply display filters to focus the graph on specific types of traffic. IO Graphs are essential for identifying traffic spikes, patterns, and potential bandwidth issues.
- TCP Stream Graph: Provides specialized graphs for analyzing TCP communication streams, such as:
- Round Trip Time (RTT): Visualizes the delay experienced by packets traveling back and forth between two endpoints. High RTT can indicate network congestion or latency.
- Throughput: Shows the rate of data transfer over the TCP connection.
- Window Scaling: Displays how the TCP window size changes over time, which affects the amount of data that can be in transit.
- These graphs are crucial for diagnosing TCP performance problems.
- UDP Stream Graph: Similar to TCP Stream Graph, but provides graphs relevant to UDP communication, such as throughput.
- Multicast Streams: Lists the multicast streams present in the capture and provides information about the number of packets and bytes for each stream.
- Service Response Time: Attempts to measure the response time of client-server interactions for specific protocols (e.g., HTTP).
- HTTP/2 Stream Analysis: Provides statistics and graphs specific to HTTP/2 traffic, including stream identifiers, state, and flow control.
- WLAN Traffic: Offers statistics related to wireless (WLAN) traffic, such as signal strength and data rates.
By utilizing the tools in the Statistics Menu, you can move beyond individual packet analysis and gain a broader understanding of the network behavior captured by Wireshark. This is essential for identifying trends, diagnosing performance issues, and understanding communication patterns within your network environment.
