Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

IO graph of Wireshark

Tags:

wireshark

In order to see the activity in Channel 1 of 802.11g I have recorded all the traffic using netmon as a test.cap file. Using Wireshark IO graph I get the following graph enter image description here

Does this graph reflect the traffic activity in CH1. Wireshark logs shows all the message protocol as 802.11

like image 574
HaWa Avatar asked Mar 15 '23 05:03

HaWa


1 Answers

Wireshark IO Graphs will show you the overall traffic seen in a capture file which is usually measured in rate per second in bytes or packets (which you can always change if you prefer bits/bytes per second). In default the x-axis is the tick interval per second, and y-axis is the packets per tick (per second). Its mostly useful for troubleshooting seeing spikes and dips in your traffic, btw, to look into the traffic closer you can click on any point on the graph and it will focus on that packet and display the information in the background packet list window. You can always apply common troubleshooting filters to troubleshoot slow downloads/uploads or other application type problems. Here are some filters that are commonly used.



tcp.analysis.lost_segment – Indicates we’ve seen a gap in sequence numbers in the capture. Packet loss can lead to duplicate ACKs, which leads to retransmissions

tcp.analysis.duplicate_ack – displays packets that were acknowledged more than one time. A high number of duplicate ACKs is a sign of possible high latency between TCP endpoints tcp.analysis.retransmission – Displays all retransmissions in the capture. A few retransmissions are OK, excessive retransmissions are bad. This usually shows up as slow application performance and/or packet loss to the user

tcp.analysis.window_update – this will graph the size of the TCP window throughout your transfer. If you see this window size drop down to zero(or near zero) during your transfer it means the sender has backed off and is waiting for the receiver to acknowledge all of the data already sent. This would indicate the receiving end is overwhelmed.

tcp.analysis.bytes_in_flight – the number of unacknowledged bytes on the wire at a point in time. The number of unacknowledged bytes should never exceed your TCP window size (defined in the initial 3 way TCP handshake) and to maximize your throughput you want to get as close as possible to the TCP window size. If you see a number consistently lower than your TCP window size, it could indicate packet loss or some other issue along the path preventing you from maximizing throughput.

tcp.analysis.ack_rtt – measures the time delta between capturing a TCP packet and the corresponding ACK for that packet. If this time is long it could indicate some type of delay in the network (packet loss, congestion, etc)


You can filter wireshark information by applying channel filter. Here is a list of channel and other filters that you can apply wireshark filters.
Hopefully I answered your question, got a little carried away. Happy sharking!

like image 176
eof0100 Avatar answered Mar 21 '23 09:03

eof0100