Traffic

Various ways of using Wireshark to see the amount of traffic on a network.

IO Graphs

The first way to show IO information is the Wireshark IO Graph, in Statistics > IO Graph.

The IO graph shows a time series of network traffic, which you can change the resolution and scale of, and filter.

Here is the same pcap file; first, the rather boring 1-second resolution:

and the much more interesting 10-minute resolution:

IO Graph Units

The units of the graph are a little hard to decipher, but here's how it works:

Set the Y Axis unit to "Bits/Tick". Then the y-axis tick marks represent the number of bytes. Now you can scale using orders of magnitude: 1e3 bites = kilobit, 1e6 bits = megabit, etc.

(Also, 1 byte = 8 bits)

When you use the Scale drop-down menu, it will scale the y-axis to go from 0 to that number. This will change depending on the time window you're looking at.

Let's walk through how we can interpret the graphs to figure out about how much data the wireless card is seeing.

Before beginning, apply a moving average filter, to minimize the jumps in the order of magnitude of the measurements due to differences in sampling rates and resolutions.

Start with data at 1 second intervals, and set scale to 10,000:

The traffic is around the 50,000 tick, which means 50 kilobits. That's 50 kilobits per 1 second, or 50 kbps. That wireless card is handling slightly less traffic than a dial-up connection.

Next, we'll graph the data at 10 second intervals. If we're looking at a 50 kbps average traffic rate, we should see the y-axis scale from 50,000 to 500,000, or 500 bits. Sure enough, the given scale shows the data.

This also works in the reverse direction: changing the time sampling to 0.1 seconds, and increasing the time-averaging filter window, reduces the y-axis scale to 5,000 bits per 0.1 second:

Wireshark/Traffic Analysis

From charlesreid1

Traffic

IO Graphs

IO Graph Units