Aticles

A Report on Wireshark working and analysis method -IEEE format

Introduction

The bundling of data into packets is one of the main feature of networking. This packers are travel around the Internet’s world or in a building and the other network node unbundle these packets. Professionals and administrator look after them for analysis and troubleshooting in case of a problem. These protocol packet have to be break out to analysis their contents and see what is happening in the network what are the destination and source of packet, throughput, and load distribution. To analysis and to calculate we need some type of software so we can analysis to maintain and fix if any problem found.

Protocol

Internet protocol are set of rules. Different type of protocol are used which make it possible, the data travel from source to destination in secure, fast and in a proper way. Protocol describe how data will travel in a network and each type of protocol has its own standardization[1]. The reason behind using different type of protocol is that no one protocol can fulfill all the requirement. Some type of protocol provide fast speed data transfer and some are good in secure data transfer. For example UDP is connectionless protocol and simplicity make it much easier to understand by machine but UDP did not have reliability and error recovery function[2]. Full duplex and flow control services are provided by TCP and move data in unstructured byte stream continuously[2]. Http is application layer protocol and request sequence between sender and receiver are done in this protocol. But the problem is that these protocols packets are readable and a third person can capture and read conversation between client and server. To solve this issue https was introduced which have interrupted feature means no one can read the conversation between user and server[3]. QUIC is the latest protocol which is being used by some companies like Google which is the advance development of UDP[4].

Wireshark

Wireshark is one of the best free and open source tool used for network analysis and capture the network traffic data for investigation. It can capture the packets in real time and make it possible to display data in a human readable form. Filters, color coding, conversation, and many other features make it possible to dig into Network and point out the error, performance and many other related things[5]. Some features of Wireshark and how a website can be analyzed by Wireshark are described below.

Report on wireshark in ieee format

Capture traffic with Wireshark

To analysis a particular website or server we need to capture the all traffic data of that website. For this purpose a new tab will have to open in browser and clear all the cache of the browser before capturing, so it can be easy to find out particular website traffic. Now insert the name of the website in the browser and start capturing in the Wireshark. DNS request will be forward toward the server of the website and communication will be start between client and server. After a particular time we need to stop the capturing data. The capturing length depend on how much data traffic need to be analysis. To analyze the data we use many tools and many types of filter are used to find out a particular thing. In this session ip.addr== filter is being used to find out and analyze the performance by different tools of a particular website. Some tools analysis is given below which are analyzed by filter the particular IP of the websites.

https://www.9news.com.au/                                    36sec.

https://www.cnet.com/                                               0.52sec

https://www.howstuffworks.com/                         0.12sec

http://www.abc.net.au/                                              120sec

Flow graph

Flow graph are very helpful for analysis of network and packet capturing. We can check data flow, traffic flow, and network latency by Wireshark. Duplicate acknowledgement can be checked by flow graph. Traffic flow describe the conversation of two source or destination. It cable to separate TCP and general flow to make it possible to analyses a particular packet.

General graph (9news.com.au)

Flow graph of Wireshark analysis

Figure 1  :https://www.9news.com.au/

TCP graph (9news.com.au)

TCP graph of wireshark analysis

————- General graph (cnet.com)—————-

General Graph wireshark analysis

Figure 3  :https://www.cnet.com/

————- TCP graph (cnet.com)—————-

TCP graph wireshark analysis

Figure 4  :https://www.cnet.com/

General graph (howstuffworks.com)

general graph wireshark analysis

Figure 5  :https://www.howstuffworks.com/

————- TCP graph (howstuffworks.com)————-

tcp graph wireshark analysis

Figure 6  :https://www.howstuffworks.com/

Time sequence graph

The time sequence graph shows data stream with respect to time. The x-axis shows the bites every single sequence represent 1 byte. The slope of curve represent the throughput over time. Green lines keeps track of acknowledgement values which are received by other end. And yellow lines track window advertisement.

————- Time Sequence graph (9news.com.au)————–

time sequence graph wireshark analysis

Figure 7  :https://www.9news.com.au/

The upper graph have a time period of 36 second and with increase of time the slope of line going to upwards. But the following graph for cnet.com looks like having a straight line with constant minor increase, the fact is that this graph consist on short time period and less than a second.

————- Time Sequence graph (cnet.com)————–

time sequence wireshark analysis

Figure 8  :https://www.cnet.com/

Time Sequence graph (howstuffworks.com)

time sequence graph wireshark analysis

Figure 9  :https://www.howstuffworks.com/

Radio streaming

The following graph belong to an audio stream of live radio.

Time Sequence graph (abc.net.au)

time sequence graph wireshark analysis

Figure 10  :http://www.abc.net.au/

Windows scaling graph

Windows scaling graph represent that how receiver will handle the received data. Mostly a smooth straight line draws output graph which means that receiver didn’t change or adjust window and there’s no problem to handle receiving bytes fast enough. But sometimes receiver could not handle incoming data because of already having a large data then to inform sender it lower the window size and in the result the window graph look like saw tooth waveform.

9news.com.au

windows scaling graph wireshark analysis

Figure 11  :https://www.9news.com.au/

Cnet.com

another window scaling wireshark analysis

Figure 12  :https://www.cnet.com/

Howstuffworks.com

wireshark analysis

Figure 13  :https://www.howstuffworks.com/

Throughout

Throughput is total amount of data successfully move from source to destination in a particular time. 3 parameters are used for this graph segment length, byte per second and time. The door. So blue color represent the segment length, the more high upper. Means more segment length and gold color represent a graph view of bits per second. In following example of throat put graph are showing sudden increase and decrease in the graph. In simple words the lower bitrate the low throughput and vice versa.

throughout wireshark analysis graph

Figure 14  :https://www.9news.com.au/

Cnet.com

throughput wireshark analysis

Figure 15  :https://www.cnet.com/

Howstuffworks.com

wireshark analysis

Figure 16  :https://www.howstuffworks.com/

wireshark analysis another

Radio Streaming

live radio throughout graph

Figure 17  :http://www.abc.net.au/

Load Distribution

Load Distribution is to check how the server has performing the distribution of load using Wireshark we can see which IP has responded to our request.When a new session start of a browser to a target website it will reference many other numerous websites which provide contents and advertisement to main website. In the following example 9news.com.au server loaded many others website like amazon,google and other server contents are also loaded.

9news.com.au

load distribution graph of wireshark analysis

Cnet.com

cnet graph for wireshark analysis

Howstuffworks.com

load distribution graph wireshark analysis

Reference

  1. M. Rouse (2007,Apr,5) “ What is Protocol”[Online] Available: http://searchnetworking.techtarget.com/definition/protocol
  2. Blogger (2011,oct, 4)“Compare and contrast the advantage and disadvantage of TCP-UDP” [Online] Available: http://cs-pages.blogspot.com/2011/10/compare-and-contrast-advantages-and.html
  3. T. Messer (2016,Sep,16) “ HTTP vs. HTTP: What is Difference and why you should care ”[Online] Available: https://www.entrepreneur.com/article/281633
  4. F. Lardinois (2015,Apr,18) “ Google Wants To Speed Up The Web With Protocol”[Online] Available: https://techcrunch.com/2015/04/18/google-wants-to-speed-up-the-web-with-its-quic-protocol/
  5. Wireshark blog (2018,jan,11) “Wireshark intro”[Online] Available: https://www.wireshark.org/#learnWS

Note: This article is written by graduate student so don’t think it’s a research paper only for explanation of networking fundamentals. So please forgive if any mistake.

Thanks.

Leave a Reply

Your email address will not be published. Required fields are marked *