Reading PCAPs with Wireshark Statistics // Lesson 8 // Wireshark Tutorial
HTML-код
- Опубликовано: 21 авг 2024
- Protocol analysis is hard to do if we try to look at a pcap one packet at a time. In Wireshark we can use the Statistics feature to get a high level view of the conversations, protocols, and addressing in use in the traffic. Let's learn how to use this feature.
Download the sample trace file here:
www.cloudshark...
(Select Export | Download to pull the trace down locally)
Please smash the like button to let me know if you enjoy this content!
== More On-Demand Training from Chris ==
▶Getting Started with Wireshark - bit.ly/udemywi...
▶Getting Started with Nmap - bit.ly/udemynmap
== Live Wireshark Training ==
▶TCP/IP Deep Dive Analysis with Wireshark - bit.ly/virtual...
== Private Wireshark Training ==
Let's get in touch - packetpioneer....
I love how this series is presented especially the duration of each lesson which only lasted below 9 mins, enough to cover the topic presented. Thanks for making these contents Chris. Super helpful.
Thank you!
This is mindblowing, the most useful class for me by far.
Another excellent lesson! You really have taken something rather intimidating and broken it down into bite-size, real world examples we can cut our teeth on! Thank you!
Thanks for the comment again Richard. Really glad you like the content
Man I've tried countless times to make sense of Wireshark (for years), I always was completely lost (although I'm supposedly quite technical)
Thanks to this series it finally clicked! Thanks a lot
Glad you found my channel!
I already use this as you have mentioned it in your previous content. This is super helpful. First thing I do when I open a trace. I'm not a network engineer but it helps me understand so much. Keep up the good content. Thanks Chris!
Thanks!
Cannot thank you enough for this, Chris. I am so grateful for these lessons and tutorials.
Brilliant Chris, as always.
You make it look so easy 😅
Thank you
thank you chris you make wireshark very easy and network analysis easy
Thank you!!
9m of pure Wireshark knowledge. 🤟
Next time it will be 10 mins 😆
Very good I learn tools on each class. WS users are empowered when they know how to use a tool.
Hey Chris, thanks for the hard work, and lessons. I imagine this takes a lot of your time, I myself appreciate this. These lessons and the other videos are helping me understand networking on a higher concept (As I work with Palos and Fortigates), in which is helping me troubleshoot issues.
I appreciate that!
Man I've been learning so much with your videos.
Thank you for this beautiful act of sharing all of this 🙏🏻👍🏻
As always, thank you so much Chris. Have learned so much from your videos!!
Thank you Chris! Definitely subscribing. You DA MAN
Superb!! you are awesome. Amazing, another trick i learnt from this video.
Millions of Thanks to you.
Thank you so much-just leaning this and needed a quick overview of p-cap and you, jus tin this video, brought all the obscurity I have learned into something I get- I GOT IT!!! ( I think haha). Thank yo so much!!!
Finally the use of statistics ...easy to find out the fishy activities
Great video Chris! These statistics recently helped me solve a problem, thank you!
Thanks, Chris! - as always, super helpful content and very well presented!
Thanks for the comment!
Good stuff!
awesome video.
Awesome videos and series, loving it! Thanks a lot for the effort you put into these videos. :)
Glad you like them!
As always, great job on this video.
Thanks
Glad you enjoyed it!
This is really helpful chris, Thanks for creating the videos.
Thanks Chris ! Excellent lesson...!
You are welcome! Thanks for watching.
awsome thing to learn to become Packet dhakkan :P
Thanks Chris! Love it. Before this, I used manually count! Hahaha..forgot Wireshark has features of statistics :)
don't feel bad... I did too! Until someone showed me how to use Statistics better. Thanks for the comment and for stopping by the channel!
This is helpful Chris. Thanks a lot.
Thank you, Chris! I appreciate this kind of tutorials hope to see more from you so that we could be on your level ;)
Thanks for the comment Robert!
Your explanation is super ❤️
Glad you think so!
Thank you a lot for the lessons!!
Suitale set of lessons. Many thanks.
Glad you liked it!
Great stuff as always..
thanks for creating these videos :)
Great Video
nice content. very helpful
Good Stuff
Thanks Dude
nice explanation, keep it up please, thank you!
Thanks, will do!
Thank you so much for this video. Great content, and very useful. This series is too good, and your teaching style is one of the best - Easy to follow and you keep us focused! Appreciate your time and effort in doing this.
I have a question - Regarding the values of each column, I see they are aligned to left, right or centre. Is it possible to change this, like make all the column values aligned to the centre?
Hello Vyas, Thanks for the comment. For centering the columns... I have always just done it one column at a time, not all of them. I'll have to dig to see if there is a way we can do all of them. Good question!
great
Chris, I may be nitpicking Wireshark a little much here, but at 2:03, you're looking at Layer 2 conversations...why does Wireshark refer to that as Packets rather than Frames?
hi chris i' m brand new here i m from north afric i take my CCNA very soon so I hope this will be benefic for me thx for u re time
Hello Majid! I hope you get that CCNA!
@@ChrisGreer thx Chris and God bless u
can pls explain tshark as well
Hi Chris,
Could you please tell me what are these files
1.libnl-3.so....
2.libnl-genl.so.....
3.libnl-route.so....
I'm getting error when I run Wireshark.
libnl-route version information not found...
Wireshark doesn't capture n/w traffic.
Hey there,
I am currently working on a project for a class that requires using Wireshark to analyze a pcap file. I am looking at 5 specific IP addresses and need to classify the devices as Apple, Android, or Window as well as if it's a DNS server, router, printer, or modem. Is there any tricks to accomplish this? I am new to Wireshark.
Graphs next ?
Hello Chris! A have a question. For example, we have big pcap file with a lot of source IP which communicates with some server in our infrastructure. How can i get statistics about packet per second for each src Ip. Yes, i can take some Ip and go to input/output Graph and check it here, but if we have hundreds or thousands of ips, it problematic to do that.
Hi Daniel! So if you want to do this within the Wireshark GUI - you can go to Statistics // Conversations // IP. On the far right is Bits/s A->B and Bits/s B->A. That shows overall throughput for that conversation. We can also do this on the command line with tshark - go to your command line and use "tshark -q -z conv,ip -r input.pcap" without the quotes. That should generate the same stats for you, but on the command line.
@@ChrisGreer Thanx, but you are talking about Bits/s , When I need Packets Per second (pps)
who is X.2.2?