Yoram Orzach, profile picture
Uploaded byYoram Orzach
PDF, PPTX450 views

Network Analysis Using Wireshark -Chapter 6- basic statistics tools

This document provides an overview of basic statistics tools in Wireshark version 2, enabling participants to perform effective network monitoring. It covers various topics including address resolution, protocol hierarchy, and conversations statistics. The lesson concludes with an emphasis on additional tools for IP and HTTP statistics.

Embed presentation

Download as PDF, PPTX
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 1 Network analysis Using Wireshark Lesson 6: Basic Statistics Tools
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 2 • By the end of this lesson, the participant will be able to: ▫ Understand the types of statistics tools available in Wireshark ▫ Perform network monitoring with these tools Lesson Objectives
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 3 yoram@ndi-com.com For More lectures, Courses & Keynote Speaking Contact Me to:
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 4 Using the File Properties Address resolution (Resolved Addresses) Using the Protocol Hierarchy tool from the Statistics menu Using the Conversations tool from the Statistics menu Using the Endpoints tool from the Statistics menu Using Packet Length statistics Using the HTTP tool from the Statistics menu Configuring Flow Graph for viewing TCP flows Creating IP-based statistics Chapter Content “Be yourself; everyone else is already taken.” Oscar Wilde
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 5 Statistics: Capture File Properties Capture file information Capture time & duration Wireshark hardware Capture interface Capture statistics
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 6 Using the File Properties Address resolution (Resolved Addresses) Using the Protocol Hierarchy tool from the Statistics menu Using the Conversations tool from the Statistics menu Using the Endpoints tool from the Statistics menu Using Packet Length statistics Using the HTTP tool from the Statistics menu Configuring Flow Graph for viewing TCP flows Creating IP-based statistics Chapter Content “Two things are infinite: the universe and human stupidity; and I'm not sure about the universe.” ― Albert Einstein
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 7 Statistics: Address resolution (Resolved Addresses) Address resolution (Resolved Addresses) Hash tables Port numbers and MAC addresses
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 8 Using the File Properties Address resolution (Resolved Addresses) Using the Protocol Hierarchy tool from the Statistics menu Using the Conversations tool from the Statistics menu Using the Endpoints tool from the Statistics menu Using Packet Length statistics Using the HTTP tool from the Statistics menu Configuring Flow Graph for viewing TCP flows Creating IP-based statistics Chapter Content “So many books, so little time.” ― Frank Zappa
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 9 Statistics: Protocol Hierarchy
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 10 Using the File Properties Address resolution (Resolved Addresses) Using the Protocol Hierarchy tool from the Statistics menu Using the Conversations tool from the Statistics menu Using the Endpoints tool from the Statistics menu Using Packet Length statistics Using the HTTP tool from the Statistics menu Configuring Flow Graph for viewing TCP flows Creating IP-based statistics Chapter Content “Be the change that you wish to see in the world.” Mahatma Gandhi
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 11 Statistics: Conversations (1) Ethernet Conversations Statistics IPv4 Conversations Statistics IPv6 Conversations Statistics TCP Conversations Statistics UDP Conversations Statistics
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 12 Statistics: Conversations (2)
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 13 Statistics – Conversation: Example #1 137,784 Packets in 61 Seconds: ~2250Pkts/Sec (!!!)
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 14 Scanning Pattern Statistics – Conversations: Example #2
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 15 Scanning Pattern Statistics – Conversations: Example #2
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 16 Port Scanning Pattern Source ports Destination ports Statistics – Conversations Example #3
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 17 Statistics – Filtering Conversation
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 18 Using the File Properties Address resolution (Resolved Addresses) Using the Protocol Hierarchy tool from the Statistics menu Using the Conversations tool from the Statistics menu Using the Endpoints tool from the Statistics menu Using Packet Length statistics Using the HTTP tool from the Statistics menu Configuring Flow Graph for viewing TCP flows Creating IP-based statistics Chapter Content “To live is the rarest thing in the world. Most people exist, that is all.” Oscar Wilde
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 19 Statistics: End points
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 20 Statistics: Endpoints - Example Example 6.4
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 21 Using the File Properties Address resolution (Resolved Addresses) Using the Protocol Hierarchy tool from the Statistics menu Using the Conversations tool from the Statistics menu Using the Endpoints tool from the Statistics menu Using Packet Length statistics Using the HTTP tool from the Statistics menu Configuring Flow Graph for viewing TCP flows Creating IP-based statistics Chapter Content “Darkness cannot drive out darkness: only light can do that. Hate cannot drive out hate: only love can do that.” Martin Luther King Jr
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 22 Statistics – Packet Lengths Small Packets 64Bytes Small Packets 1518 Bytes VoIP, Control… FTP, HTTP, SMTP…
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 23 Using the File Properties Address resolution (Resolved Addresses) Using the Protocol Hierarchy tool from the Statistics menu Using the Conversations tool from the Statistics menu Using the Endpoints tool from the Statistics menu Using Packet Length statistics Using the HTTP tool from the Statistics menu Configuring Flow Graph for viewing TCP flows Creating IP-based statistics Chapter Content “I have not failed. I've just found 10,000 ways that won't work.” Thomas A. Edison
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 24 Statistics: HTTP – Packet Counter
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 25 Statistics: HTTP – Packet Counter
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 26 Statistics: HTTP – Packet Counter
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 27 Using the File Properties Address resolution (Resolved Addresses) Using the Protocol Hierarchy tool from the Statistics menu Using the Conversations tool from the Statistics menu Using the Endpoints tool from the Statistics menu Using Packet Length statistics Using the HTTP tool from the Statistics menu Configuring Flow Graph for viewing TCP flows Creating IP-based statistics Chapter Content “It is never too late to be what you might have been.” George Eliot
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 28 Follow TCP Stream Referrer Host
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 29 Statistics: Flow Graph Source port Destination port Addresses Packet content
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 30 But, you can also… S.IP: 10.0.0.5 Frame 3, SYN-ACK, SEQ=0, ACK=1 Frame 4, ACK, SEQ=1, ACK=1 Frame 5, PSH-ACK, HTTP-POST, SEQ=1, ACK=1 Frame 6, ACK, SEQ=1, ACK=1031 Frame 10, ACK, SEQ=1032, ACK=149 Frame 2, SYN, SEQ=0, ACK=0 S.Port: 31790 D.IP: 77.234.41.58 D.Port: 80 Frame 7, PSH-ACK, HTTP-200(OK), SEQ=148, ACK=1031 Frame 8, FIN-ACK, SEQ=1031, ACK=148 Frame 9, FIN-ACK, SEQ=148, ACK=1031 Frame 11, ACK, SEQ=149, ACK=1032
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 31 Using the File Properties Address resolution (Resolved Addresses) Using the Protocol Hierarchy tool from the Statistics menu Using the Conversations tool from the Statistics menu Using the Endpoints tool from the Statistics menu Using Packet Length statistics Using the HTTP tool from the Statistics menu Configuring Flow Graph for viewing TCP flows Creating IP-based statistics Chapter Content “If you can't explain it to a six year old, you don't understand it yourself.” Albert Einstein
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 32 IP Statistics Display filter
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 33 Summary • In this lesson we talked about: ▫ Basic statistics tools like hosts and conversations ▫ Some additional tools for IP and HTTP statistics
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 34 yoram@ndi-com.com For More lectures, Courses & Keynote Speaking Contact Me to:

More Related Content

PDF
Network Analysis Using Wireshark Chapter 09 ethernet and lan switching
byYoram Orzach
 
PDF
Network analysis Using Wireshark Lesson 3: locating wireshark
byYoram Orzach
 
PDF
lesson 2- Network analysis Using Wireshark introduction to cellular feb-2017
byYoram Orzach
 
PDF
Ch 08 -- Ethernet & LAN Switching Troubleshooting
byYoram Orzach
 
PDF
Network Analysis Using Wireshark Chapter 08 the expert system
byYoram Orzach
 
PDF
Network analysis Using Wireshark Lesson 12 - bandwidth and delay issues
byYoram Orzach
 
PDF
Network analysis Using Wireshark 4: Capture Filters
byYoram Orzach
 
PDF
Network Analysis using Wireshark 5: display filters
byYoram Orzach
 
Network Analysis Using Wireshark Chapter 09 ethernet and lan switching
byYoram Orzach
 
Network analysis Using Wireshark Lesson 3: locating wireshark
byYoram Orzach
 
lesson 2- Network analysis Using Wireshark introduction to cellular feb-2017
byYoram Orzach
 
Ch 08 -- Ethernet & LAN Switching Troubleshooting
byYoram Orzach
 
Network Analysis Using Wireshark Chapter 08 the expert system
byYoram Orzach
 
Network analysis Using Wireshark Lesson 12 - bandwidth and delay issues
byYoram Orzach
 
Network analysis Using Wireshark 4: Capture Filters
byYoram Orzach
 
Network Analysis using Wireshark 5: display filters
byYoram Orzach
 

What's hot

PDF
lesson 7- Network analysis Using Wireshark - advanced statistics tools
byYoram Orzach
 
PDF
Network analysis Using Wireshark Lesson 1- introduction to network troublesho...
byYoram Orzach
 
PDF
Network Analysis Using Wireshark -10- arp and ip analysis
byYoram Orzach
 
PDF
Network analysis Using Wireshark Lesson 11: TCP and UDP Analysis
byYoram Orzach
 
PDF
Network Analysis Using Wireshark Jan 18- seminar
byYoram Orzach
 
PDF
Network Analysis Using Wireshark 1
byYoram Orzach
 
PDF
Ch 06 -- Bandwidth Delay and Jitter Issues
byYoram Orzach
 
PDF
Ch 01 --- introduction to sdn-nfv
byYoram Orzach
 
PPT
Wireshark Basics
byYoram Orzach
 
PDF
Ch 07 -- The Expert System
byYoram Orzach
 
PPT
Wireshark Inroduction Li In
bymhaviv
 
PDF
Wireshark - Basics
byYoram Orzach
 
PPTX
Network Packet Analysis with Wireshark
byJim Gilsinn
 
PDF
Wireshark course, Ch 02: Introduction to wireshark
byYoram Orzach
 
PPTX
Packet analyzing with wireshark-basic of packet analyzing - Episode_03
byDhananja Kariyawasam
 
PPTX
Wireshark network analysing software
bydharmesh nakum
 
PPTX
Packet analyzing with wireshark-basic of packet analyzing - Episode_01
byDhananja Kariyawasam
 
PPTX
Wireshark
byDeepika Ojha
 
PDF
Look at ipv6 security advantages over ipv4
byAlexander Decker
 
PPTX
Packet analysis using wireshark
byBasaveswar Kureti
 
lesson 7- Network analysis Using Wireshark - advanced statistics tools
byYoram Orzach
 
Network analysis Using Wireshark Lesson 1- introduction to network troublesho...
byYoram Orzach
 
Network Analysis Using Wireshark -10- arp and ip analysis
byYoram Orzach
 
Network analysis Using Wireshark Lesson 11: TCP and UDP Analysis
byYoram Orzach
 
Network Analysis Using Wireshark Jan 18- seminar
byYoram Orzach
 
Network Analysis Using Wireshark 1
byYoram Orzach
 
Ch 06 -- Bandwidth Delay and Jitter Issues
byYoram Orzach
 
Ch 01 --- introduction to sdn-nfv
byYoram Orzach
 
Wireshark Basics
byYoram Orzach
 
Ch 07 -- The Expert System
byYoram Orzach
 
Wireshark Inroduction Li In
bymhaviv
 
Wireshark - Basics
byYoram Orzach
 
Network Packet Analysis with Wireshark
byJim Gilsinn
 
Wireshark course, Ch 02: Introduction to wireshark
byYoram Orzach
 
Packet analyzing with wireshark-basic of packet analyzing - Episode_03
byDhananja Kariyawasam
 
Wireshark network analysing software
bydharmesh nakum
 
Packet analyzing with wireshark-basic of packet analyzing - Episode_01
byDhananja Kariyawasam
 
Wireshark
byDeepika Ojha
 
Look at ipv6 security advantages over ipv4
byAlexander Decker
 
Packet analysis using wireshark
byBasaveswar Kureti
 

Similar to Network Analysis Using Wireshark -Chapter 6- basic statistics tools

PDF
Wireshark_1714944796.pdf for troubleshooting
byMohamedAlaa92153
 
PPTX
Wireshark Packet Analyzer.pptx
byCarlos González García, PMP®
 
PPTX
Wireshark
byKushagra Ganeriwal
 
PPTX
Wireshark, Tcpdump and Network Performance tools
bySachidananda Sahu
 
PDF
Wireshark Tutorial, Wireshark Tutorial, Wireshark Tutorial
byJulioPontes12
 
PDF
Unit 2.3 Introduction to Cyber Security Tools and Environment.pdf
byChatanBawankar
 
PPTX
Omnya Ashraf .Network 00(Wireshark).pptx
byFutureTechnologies3
 
PPTX
Lesson12- Network Analysis Tools Wireshark (1).pptx
byAdelSayed9
 
PPTX
Wireshark.pptx
bySalmanKhan222894
 
PDF
Wireshark lecture
byBhupesh Rawat
 
PDF
Wireshark lecture
byBhupesh Rawat
 
PPT
wiresharktslecturev10006july2009-12501942038813-phpapp03.ppt
byRohitAhuja58
 
PPT
Wireshark
byVijay kumar
 
DOCX
HS1011 Data Communication and Networks 13 August 2015 HS101.docx
byadampcarr67227
 
DOCX
Experiment 7 traffic analysis
bynikitaa25
 
PDF
wireshark.pdf
byssuserafc27c
 
PPT
Wireshark
bypenetration Tester
 
PDF
Network Monitoring with Wireshark
bySiddharth Coontoor
 
PDF
IRJET- Network Monitoring & Network Security
byIRJET Journal
 
PDF
Ferramenta de análise de rede para windows e linux
byRenatoAlves851496
 
Wireshark_1714944796.pdf for troubleshooting
byMohamedAlaa92153
 
Wireshark Packet Analyzer.pptx
byCarlos González García, PMP®
 
Wireshark
byKushagra Ganeriwal
 
Wireshark, Tcpdump and Network Performance tools
bySachidananda Sahu
 
Wireshark Tutorial, Wireshark Tutorial, Wireshark Tutorial
byJulioPontes12
 
Unit 2.3 Introduction to Cyber Security Tools and Environment.pdf
byChatanBawankar
 
Omnya Ashraf .Network 00(Wireshark).pptx
byFutureTechnologies3
 
Lesson12- Network Analysis Tools Wireshark (1).pptx
byAdelSayed9
 
Wireshark.pptx
bySalmanKhan222894
 
Wireshark lecture
byBhupesh Rawat
 
Wireshark lecture
byBhupesh Rawat
 
wiresharktslecturev10006july2009-12501942038813-phpapp03.ppt
byRohitAhuja58
 
Wireshark
byVijay kumar
 
HS1011 Data Communication and Networks 13 August 2015 HS101.docx
byadampcarr67227
 
Experiment 7 traffic analysis
bynikitaa25
 
wireshark.pdf
byssuserafc27c
 
Wireshark
bypenetration Tester
 
Network Monitoring with Wireshark
bySiddharth Coontoor
 
IRJET- Network Monitoring & Network Security
byIRJET Journal
 
Ferramenta de análise de rede para windows e linux
byRenatoAlves851496
 

More from Yoram Orzach

PDF
Ch 05 --- nfv basics
byYoram Orzach
 
PDF
Ch 04 --- sdn deployment models
byYoram Orzach
 
PDF
Ch 03 --- the OpenFlow protocols
byYoram Orzach
 
PDF
Ch 02 --- sdn and openflow architecture
byYoram Orzach
 
PDF
Ch 09 -- ARP & IP Analysis
byYoram Orzach
 
PDF
Wireshark course, Ch 05: Advanced statistics tools
byYoram Orzach
 
PDF
Wireshark course, Ch 03: Capture and display filters
byYoram Orzach
 
PDF
Introduction To Cellular Networks
byYoram Orzach
 
PPTX
Introduction To Cellular And Wireless Networks
byYoram Orzach
 
Ch 05 --- nfv basics
byYoram Orzach
 
Ch 04 --- sdn deployment models
byYoram Orzach
 
Ch 03 --- the OpenFlow protocols
byYoram Orzach
 
Ch 02 --- sdn and openflow architecture
byYoram Orzach
 
Ch 09 -- ARP & IP Analysis
byYoram Orzach
 
Wireshark course, Ch 05: Advanced statistics tools
byYoram Orzach
 
Wireshark course, Ch 03: Capture and display filters
byYoram Orzach
 
Introduction To Cellular Networks
byYoram Orzach
 
Introduction To Cellular And Wireless Networks
byYoram Orzach
 

Recently uploaded

PPTX
3 Smart Ways to Use Lender Finance to Scale Your Loan Portfolio
byAvon River Ventures
 
PDF
From Data Centers to Hospitality – How Expert Project Management Drives Const...
byStelic
 
PDF
Kitchen appliances store in Hyderabad 2026
byJuhiTrivedi15
 
PDF
Complete On-Demand App Solutions for Taxi, Delivery & Services.
byOn Demand Clone
 
PPTX
Cycling Shoes That Are Trending Among Pro Riders This Season
bySpatzwear .
 
PDF
Understanding Marriage Matrimony: Traditions, Expectations, and Evolving Real...
byimperial matrimonial
 
PDF
Choosing the Right IT Support Company in Riverside.
byCaptain IT
 
PPTX
Office Relocation Services: Your Complete Corporate Moving Solution
bymohaliexpressmovers
 
PDF
Are Kayasthas Outsourcing Their Love Lives? Inside the Discreet World of Elit...
byimperial matrimonial
 
PPTX
Lift, Tighten & Restore Your Glow with CO2 Lift Pro Mask
byTight Clinic Toronto
 
PPT
e-commerce by doctor helal ahmed of university of Dhaka
byAhmedAhbabAminCSCA
 
PDF
When and Where to See Africa’s Big 5
byDestinations Africa
 
3 Smart Ways to Use Lender Finance to Scale Your Loan Portfolio
byAvon River Ventures
 
From Data Centers to Hospitality – How Expert Project Management Drives Const...
byStelic
 
Kitchen appliances store in Hyderabad 2026
byJuhiTrivedi15
 
Complete On-Demand App Solutions for Taxi, Delivery & Services.
byOn Demand Clone
 
Cycling Shoes That Are Trending Among Pro Riders This Season
bySpatzwear .
 
Understanding Marriage Matrimony: Traditions, Expectations, and Evolving Real...
byimperial matrimonial
 
Choosing the Right IT Support Company in Riverside.
byCaptain IT
 
Office Relocation Services: Your Complete Corporate Moving Solution
bymohaliexpressmovers
 
Are Kayasthas Outsourcing Their Love Lives? Inside the Discreet World of Elit...
byimperial matrimonial
 
Lift, Tighten & Restore Your Glow with CO2 Lift Pro Mask
byTight Clinic Toronto
 
e-commerce by doctor helal ahmed of university of Dhaka
byAhmedAhbabAminCSCA
 
When and Where to See Africa’s Big 5
byDestinations Africa
 

Network Analysis Using Wireshark -Chapter 6- basic statistics tools

  • 1.
    Network Analysis UsingWireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 1 Network analysis Using Wireshark Lesson 6: Basic Statistics Tools
  • 2.
    Network Analysis UsingWireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 2 • By the end of this lesson, the participant will be able to: ▫ Understand the types of statistics tools available in Wireshark ▫ Perform network monitoring with these tools Lesson Objectives
  • 3.
    Network Analysis UsingWireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 3 yoram@ndi-com.com For More lectures, Courses & Keynote Speaking Contact Me to:
  • 4.
    Network Analysis UsingWireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 4 Using the File Properties Address resolution (Resolved Addresses) Using the Protocol Hierarchy tool from the Statistics menu Using the Conversations tool from the Statistics menu Using the Endpoints tool from the Statistics menu Using Packet Length statistics Using the HTTP tool from the Statistics menu Configuring Flow Graph for viewing TCP flows Creating IP-based statistics Chapter Content “Be yourself; everyone else is already taken.” Oscar Wilde
  • 5.
    Network Analysis UsingWireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 5 Statistics: Capture File Properties Capture file information Capture time & duration Wireshark hardware Capture interface Capture statistics
  • 6.
    Network Analysis UsingWireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 6 Using the File Properties Address resolution (Resolved Addresses) Using the Protocol Hierarchy tool from the Statistics menu Using the Conversations tool from the Statistics menu Using the Endpoints tool from the Statistics menu Using Packet Length statistics Using the HTTP tool from the Statistics menu Configuring Flow Graph for viewing TCP flows Creating IP-based statistics Chapter Content “Two things are infinite: the universe and human stupidity; and I'm not sure about the universe.” ― Albert Einstein
  • 7.
    Network Analysis UsingWireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 7 Statistics: Address resolution (Resolved Addresses) Address resolution (Resolved Addresses) Hash tables Port numbers and MAC addresses
  • 8.
    Network Analysis UsingWireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 8 Using the File Properties Address resolution (Resolved Addresses) Using the Protocol Hierarchy tool from the Statistics menu Using the Conversations tool from the Statistics menu Using the Endpoints tool from the Statistics menu Using Packet Length statistics Using the HTTP tool from the Statistics menu Configuring Flow Graph for viewing TCP flows Creating IP-based statistics Chapter Content “So many books, so little time.” ― Frank Zappa
  • 9.
    Network Analysis UsingWireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 9 Statistics: Protocol Hierarchy
  • 10.
    Network Analysis UsingWireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 10 Using the File Properties Address resolution (Resolved Addresses) Using the Protocol Hierarchy tool from the Statistics menu Using the Conversations tool from the Statistics menu Using the Endpoints tool from the Statistics menu Using Packet Length statistics Using the HTTP tool from the Statistics menu Configuring Flow Graph for viewing TCP flows Creating IP-based statistics Chapter Content “Be the change that you wish to see in the world.” Mahatma Gandhi
  • 11.
    Network Analysis UsingWireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 11 Statistics: Conversations (1) Ethernet Conversations Statistics IPv4 Conversations Statistics IPv6 Conversations Statistics TCP Conversations Statistics UDP Conversations Statistics
  • 12.
    Network Analysis UsingWireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 12 Statistics: Conversations (2)
  • 13.
    Network Analysis UsingWireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 13 Statistics – Conversation: Example #1 137,784 Packets in 61 Seconds: ~2250Pkts/Sec (!!!)
  • 14.
    Network Analysis UsingWireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 14 Scanning Pattern Statistics – Conversations: Example #2
  • 15.
    Network Analysis UsingWireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 15 Scanning Pattern Statistics – Conversations: Example #2
  • 16.
    Network Analysis UsingWireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 16 Port Scanning Pattern Source ports Destination ports Statistics – Conversations Example #3
  • 17.
    Network Analysis UsingWireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 17 Statistics – Filtering Conversation
  • 18.
    Network Analysis UsingWireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 18 Using the File Properties Address resolution (Resolved Addresses) Using the Protocol Hierarchy tool from the Statistics menu Using the Conversations tool from the Statistics menu Using the Endpoints tool from the Statistics menu Using Packet Length statistics Using the HTTP tool from the Statistics menu Configuring Flow Graph for viewing TCP flows Creating IP-based statistics Chapter Content “To live is the rarest thing in the world. Most people exist, that is all.” Oscar Wilde
  • 19.
    Network Analysis UsingWireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 19 Statistics: End points
  • 20.
    Network Analysis UsingWireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 20 Statistics: Endpoints - Example Example 6.4
  • 21.
    Network Analysis UsingWireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 21 Using the File Properties Address resolution (Resolved Addresses) Using the Protocol Hierarchy tool from the Statistics menu Using the Conversations tool from the Statistics menu Using the Endpoints tool from the Statistics menu Using Packet Length statistics Using the HTTP tool from the Statistics menu Configuring Flow Graph for viewing TCP flows Creating IP-based statistics Chapter Content “Darkness cannot drive out darkness: only light can do that. Hate cannot drive out hate: only love can do that.” Martin Luther King Jr
  • 22.
    Network Analysis UsingWireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 22 Statistics – Packet Lengths Small Packets 64Bytes Small Packets 1518 Bytes VoIP, Control… FTP, HTTP, SMTP…
  • 23.
    Network Analysis UsingWireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 23 Using the File Properties Address resolution (Resolved Addresses) Using the Protocol Hierarchy tool from the Statistics menu Using the Conversations tool from the Statistics menu Using the Endpoints tool from the Statistics menu Using Packet Length statistics Using the HTTP tool from the Statistics menu Configuring Flow Graph for viewing TCP flows Creating IP-based statistics Chapter Content “I have not failed. I've just found 10,000 ways that won't work.” Thomas A. Edison
  • 24.
    Network Analysis UsingWireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 24 Statistics: HTTP – Packet Counter
  • 25.
    Network Analysis UsingWireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 25 Statistics: HTTP – Packet Counter
  • 26.
    Network Analysis UsingWireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 26 Statistics: HTTP – Packet Counter
  • 27.
    Network Analysis UsingWireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 27 Using the File Properties Address resolution (Resolved Addresses) Using the Protocol Hierarchy tool from the Statistics menu Using the Conversations tool from the Statistics menu Using the Endpoints tool from the Statistics menu Using Packet Length statistics Using the HTTP tool from the Statistics menu Configuring Flow Graph for viewing TCP flows Creating IP-based statistics Chapter Content “It is never too late to be what you might have been.” George Eliot
  • 28.
    Network Analysis UsingWireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 28 Follow TCP Stream Referrer Host
  • 29.
    Network Analysis UsingWireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 29 Statistics: Flow Graph Source port Destination port Addresses Packet content
  • 30.
    Network Analysis UsingWireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 30 But, you can also… S.IP: 10.0.0.5 Frame 3, SYN-ACK, SEQ=0, ACK=1 Frame 4, ACK, SEQ=1, ACK=1 Frame 5, PSH-ACK, HTTP-POST, SEQ=1, ACK=1 Frame 6, ACK, SEQ=1, ACK=1031 Frame 10, ACK, SEQ=1032, ACK=149 Frame 2, SYN, SEQ=0, ACK=0 S.Port: 31790 D.IP: 77.234.41.58 D.Port: 80 Frame 7, PSH-ACK, HTTP-200(OK), SEQ=148, ACK=1031 Frame 8, FIN-ACK, SEQ=1031, ACK=148 Frame 9, FIN-ACK, SEQ=148, ACK=1031 Frame 11, ACK, SEQ=149, ACK=1032
  • 31.
    Network Analysis UsingWireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 31 Using the File Properties Address resolution (Resolved Addresses) Using the Protocol Hierarchy tool from the Statistics menu Using the Conversations tool from the Statistics menu Using the Endpoints tool from the Statistics menu Using Packet Length statistics Using the HTTP tool from the Statistics menu Configuring Flow Graph for viewing TCP flows Creating IP-based statistics Chapter Content “If you can't explain it to a six year old, you don't understand it yourself.” Albert Einstein
  • 32.
    Network Analysis UsingWireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 32 IP Statistics Display filter
  • 33.
    Network Analysis UsingWireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 33 Summary • In this lesson we talked about: ▫ Basic statistics tools like hosts and conversations ▫ Some additional tools for IP and HTTP statistics
  • 34.
    Network Analysis UsingWireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com Network analysis using Wireshark V2 yoram@ndi-com.comPage 34 yoram@ndi-com.com For More lectures, Courses & Keynote Speaking Contact Me to: