Linux statistical analysis traffic-wireshark, statistical analysis-wireshark

Linux statistical analysis traffic-wireshark, statistical analysis-wireshark

Wireshark is an open-source packet capture tool with an interface. It can be used for statistical analysis of system traffic.

Install

Wireshark has an interface, so it is generally run in the interface environment. You can install it through yum:

$ yum install -y wireshark wireshark-gnome

Therefore, two packages are installed here.

Usage

Recommended article: Wireshark basic introduction and learning TCP three-way handshake

In linux, you need to run the command in the interface environment. Because packet capture needs to monitor the NIC, administrator permissions are required.

Statistical Analysis

In addition to the usage mentioned above, wireshark is also used for statistical analysis of network traffic. You can use the tool in the Statistics menu:

Protocol Hierarchy and I/O Graph are useful ).

The Protocol Hierarchy tool clearly shows the traffic statistics for each Protocol:

IO Graph can display traffic in charts:

How to Use wireshark to view network traffic

Use wireshark to capture packets, and then select Protocol Hierarchy from the Statistics menu to see which Protocol is more.
Packet Capture is secondary, mainly for analysis.

Does Wireshark Traffic Analysis Software parse each data stream of pcap data packets in two directions?

No.
All packets in the pcap file or captured on-site packets are network packets over Ethernet. the Unit is data packets. each line you see in the above list in wireshark is an Ethernet packet. the communication between machines is completed only by sending and receiving multiple data packets.
You can set the filtering protocol in the above filter to filter out the messy data packets in the list. Only the data packets of a specific protocol are displayed, it is all the data packets of the Protocol and the Protocol.
As for bidirectional transmission, it can be completed only after the interaction of multiple data packets is understood. Therefore, each data packet must be unidirectional.
The meaning of the data stream is vague and not definite, so it is inconvenient to answer