Linux statistical analysis traffic-wireshark, statistical analysis-wireshark

Source: Internet
Author: User

Linux statistical analysis traffic-wireshark, statistical analysis-wireshark

Wireshark is an open-source packet capture tool with an interface. It can be used for statistical analysis of system traffic.

Install

Wireshark has an interface, so it is generally run in the interface environment. You can install it through yum:

$ yum install -y wireshark wireshark-gnome

Therefore, two packages are installed here.

Usage

Recommended article: Wireshark basic introduction and learning TCP three-way handshake

In linux, you need to run the command in the interface environment. Because packet capture needs to monitor the NIC, administrator permissions are required.

Statistical Analysis

In addition to the usage mentioned above, wireshark is also used for statistical analysis of network traffic. You can use the tool in the Statistics menu:

Protocol Hierarchy and I/O Graph are useful ).

The Protocol Hierarchy tool clearly shows the traffic statistics for each Protocol:

IO Graph can display traffic in charts:


How to Use wireshark to view network traffic

Use wireshark to capture packets, and then select Protocol Hierarchy from the Statistics menu to see which Protocol is more.
Packet Capture is secondary, mainly for analysis.

Does Wireshark Traffic Analysis Software parse each data stream of pcap data packets in two directions?

No.
All packets in the pcap file or captured on-site packets are network packets over Ethernet. the Unit is data packets. each line you see in the above list in wireshark is an Ethernet packet. the communication between machines is completed only by sending and receiving multiple data packets.
You can set the filtering protocol in the above filter to filter out the messy data packets in the list. Only the data packets of a specific protocol are displayed, it is all the data packets of the Protocol and the Protocol.
As for bidirectional transmission, it can be completed only after the interaction of multiple data packets is understood. Therefore, each data packet must be unidirectional.
The meaning of the data stream is vague and not definite, so it is inconvenient to answer

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.