MN504 Networked Application Management Wireshark
MN504 Networked Application Management Wireshark
Network management system is software applications that are used by the network engineers and experts to manage and control the small network within a larger network by performing key functions. The main function of these applications is to identify, configure, update and troubleshot network devices available with the network that is being managed. Both wired and wireless devices are managed by this applications. The data collected will then be used by the network experts and engineers to make the changes where appropriate. These applications are very important for perfect and precise network management analysis. Wireshark is a great data packet sniffer widely used but is not actually the only tool used to analyze the network. It can be expanded and widely used by the support of the complementary tools. There are several plugins that are widely used and also platforms which enhance the the Wireshark capabilities and functionality. The tool also has friendly user interface that allow users to express their own desired alerts so that they can be informed when the changes occur in a network that are unusual. For instance if the new device tries to connect then the system will automatically detects and give out the signal on the display. The live data that is being generated can be also be converted into reports and it can be used to generate more insights. MN504 Networked Application Management Wireshark
How To Use Wireshark In Analysis Of A Network
The application can be used to troubleshoot the suspicious traffics in a network hence the network engineers can quickly solve the issue before its intentions are fulfilled.
Functions Of Wireshark
1) Packets Capturing
After downloading and installing, then the application is ready to use. Now if you want to analyze a specific network for instance wireless then click the name of the wireless network after powering on the application as shown below. MN504 Networked Application Management Wireshark
2) Color Coding
In this scenario, you will be able to see packets displayed in variety of different colors. Wireshark uses color code to clearly identify the type of the network traffic. The default colors has specific meaning such as, a light purple color is for TCP traffic, light blue color is UDP traffic, and the black shows packets with error.
To clearly view the meaning of the color code then click on View Coloring Rules. Incase you want to customized and modify the color code then you do it using the same procedure.
Incase you want to inspect and analyze specific thing, for instance the traffic program sends when making a phone call to home, then it helps close down all other network applications to narrow down the network traffic. Wireshark filters will then be applicable here were larger amount of packets is to be filtered.
To apply a filtering, just type the word to be filtered in the filter box that is located on the top corner of the window then click Apply or Press Enter to complete the process. For instance, type the word “dns” and the results are displayed about the DNS packets only. Wireshark applications also has the auto-completion where when you start typing a word then it auto-complete automatically the filter you want to enter, , .
Another way that is also interesting about filtering is that you can right-click a packet and then select the Follow > TCP stream on the traffic.
Full TCP conversations will be shown between the server and the client. You can as well check other network protocols by clicking it on the menu where applicable.
You will automatically find the filter that was used just immediately when you close the window. Wireshark will the summarize and display the conversation packets that took place.
4) Viewing Network Statistics
Network statistics can be viewed by use of drop-down menu on the wireshark. This is the most useful and important part when trying to get more information about the network traffic being analyzed , . Then menu provided can is located on the top of the application where the metrics number starting from size and information timing is provided through charts and graphs plotting. To collect the most needed and important information, then you have to apply display filters. Wireshark is a software that captures and display the network analysis in real time then present it in a more readable and understandable format to the experts. They will then perform packets capturing, color coding and packets filtering among others.
The figure below demonstrates how statistics menu viewed using wireshark.
Statistics Menu Selection
The following are the core sections of statistics menu:
Protocol Hierarchy – The Protocol Hierarchy selection gives an option of a window with complete table containing the protocols captured during the process. Also at the bottom the active filters can be shown, .
IO Graphs – IO Graphs shows the specific user graphs, visualizing the number of packets in the entire process of the data exchange, .
RTP_statistics – It allows the expert and network engineers to save the content of the RTP audio which are directly streamed to an Au-file , .
Service Response Time – Service Response Time shows the time between the network’s response and the request time .
TcpPduTime – TcpPduTime displays the amount of time taken to transfer data from a protocol data unit and also it can be used to show TCP transmissions .
VoIP_Calls – VoIP_Calls shows the VoIP calls captured during the live chat calls.
Multi-cast Stream – Multi-cast Stream are used to detect and capture multi-cast streams sizes bursts and the output of the buffers of certain speed in the stream.
Conversations – This will reveal and show the conversations between two end points. For instance, the IP address exchange traffics between the two end points.
Endpoints – It displays the list of the endpoints such as the the specific layer protocol of the endpoints in a network traffic protocol .
5) Using Of IO Graphs To Visualize Networks Packets
The visualization of the data packets can be created and represented using IO graphs. First, open the IO graphs by clicking the statistics menu then select IO graphs. Double click on it or press enter after selecting the IO graphs .
You can also use the X and Y axis metrics to interact on your graphs as well. On the X axis, you can dictate the intervals of the sections using minutes and seconds. You can alter the time you would like to display by checking on the checkbox. On the Y axis, you can also alter the measurement units by using the following options: Packets/Tick, Bytes/Tick, Bits/Tick, or Advanced depending on the option you want to choose. The scale will then allow you to choose the measurement scale of your choice for the Y axis of the graph , .
Once you press the save button, the graph will then be stored in a file format of your choice that you had selected earlier.
Wireshark is a great data packet sniffer widely used but is not actually the only tool used to analyze the network. It can be expanded and widely used by the support of the complementary tools. There are several plugins that are widely used and also platforms which enhance the the Wireshark capabilities and functionality. The tool also has friendly user interface that allow users to express their own desired alerts so that they can be informed when the changes occur in a network that are unusual. For instance if the new device tries to connect then the system will automatically detects and give out the signal on the display. The live data that is being generated can be also be converted into reports and it can be used to generate more insights. Wireshark is a software that captures and display the network analysis in real time then present it in a more readable and understandable format to the experts. They will then perform packets capturing, color coding and packets filtering among others.