Wireshark advanced features

Ii. Wireshark advanced features
1. network endpoint and session
Endpoint: the endpoints window (Statistics-> endpoint) of Wireshark, including the address of each endpoint, the number of transmitted packets, and the number of nodes.
Session: the session window (Statistics-> conversion) of Wireshark. Address a and address B show the address of the endpoint in the session, and the number of packets and tokens sent or received by each device.
2. Statistics based on protocol layered structure
Sometimes you need to know the protocol distribution in the file, that is, the percentage of TCP/IP, IP, DHCP, and so on in the capture. Use the protocol hierarchy statistics (protocol layer statistics) window of Wireshark to benchmark the network.
3. name resolution : Select capture-> options. Three methods are available:
MAC Address Resolution: Use ARP to convert the MAC address of the data link layer to the network layer address.
Network name resolution: converts a network-layer address to a DNS name
Transfer name resolution: converts a port to a name related to it
4. Protocol Parsing : Split the data packet into multiple CIDR blocks for analysis. Wireshark uses Multiple Resolvers for protocol parsing for each data packet. It can also use its internal writing logic to make reasonable guesses and decide which Protocol Parser to use. For example, Wireshark's ICMP protocol parser may display the captured raw data in the ICMP packet format.
Replace the Parser: Wireshark does not allow you to select the parser every time it is selected. Therefore, you need to replace the Parser: select the data packet, right-click decoder as, and select the corresponding parser from it.
5. Track TCP streams: Repeat the TCP stream to form an easy-to-read format, and sort the data sent from the client to the server to make it easy to view.
6. packet length: Analyze the packet length and make reasonable guesses about the traffic. Select statistics-> packet lengths, and click Create stat
7. Graphic Display
1) I/O diagram: draws the network throughput, finds the peak data throughput, finds the performance delay of different protocols, and compares the scheduled data stream. Statistics-> Io Graphs
2) bidirectional time graph: determines the time required to successfully receive a data packet. It is used to locate the slow point or bottleneck in the communication to determine whether there is a delay. Statistics-> TCP stream graph-> round tripgraphics.
3) data flow diagram: displays the connections between hosts in a column and organizes the traffic together. Statistics-> Flow Graph