This report delves into the analysis of network traffic using Wireshark tool for websites based on MIT ID allocation. It covers general statistics, network performance metrics, comparisons, and a conclusion on the tools used.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
MN504 Network Application Management Network Analysis using Wireshark 1
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Contents About Task.............................................................................................................................................3 Introduction...........................................................................................................................................3 General Statistics...................................................................................................................................3 -http://www.news.com.au.........................................................................................................4 -http://iview.abc.net.au..............................................................................................................4 Network Performance...........................................................................................................................4 Throughput........................................................................................................................................5 Round Trip Time................................................................................................................................6 Load Distribution...............................................................................................................................6 Warnings and errors..........................................................................................................................7 TCP retransmissions..........................................................................................................................8 Comparison 1........................................................................................................................................9 Comparison 2......................................................................................................................................11 Conclusion...........................................................................................................................................12 Reference............................................................................................................................................12 2
About Task The task is to analyze the network traffic using the Wireshark tool for some website. Now the website allocation has to be done according to the last number of the MIT ID. So the name and the MIT ID is given below. Name:SEERAT MIT ID:MIT173290 The set of the website according to the ID is given below. -http://www.news.com.au -http://iview.abc.net.au Introduction Network communication is the key part of the today’s world. And industry and people are dependent on it because everything runs on it from a computer application to complex production environment of the various industries. This is the task which is performed in this report to capture and analyze the network traffic using the network sniffing tools. The sniffing tools available both in hardware and software format in the world. For this task, Wireshark tool is used as it is free and open sources and easily available on the internet. This report is prepared in order to analyze the network traffic using the sniffing technology. This sniffing tools provide the network administrator to analyze and solve the issues with production network by deep traffic analysis. This report is divided into various parts and covers following task. -General statistics of the packet capture of both the websites. -Screenshots of the different statistics from the Wireshark tool on various criteria. -Comparison of the statics and graphs from both the traffic capture. -Traffic Packet Comparison with another tool e.g. Microsoft Message Analyzer. General Statistics So the packet capture needs to be done on the two websites both of them shows the news content one shows normal newspaper and the other one is the streaming website. The home network is a very small network and there are very few devices connected. So the ISP uses the modem and generally uses the class IP address spaces. In this case, the class network is 192.168.1.0/24. -Modem Address – 192.168.1.1 3
-Machine Address – 192.168.1.4 Now the packet capture is done one by one for both the websites and the statistics are discussed below one by one. -http://www.news.com.au The packet capture was successful and all the IP packets are captured during the browsing session of the user. So the given below are the statistics of the website packet capture. oThe total time taken to capture all the packet is201 seconds. oTotal number of the packet captured during the session are17790. oThe IP address of the client and server given below. Client – 192.168.1.4 Server – 23.23.147.107 -http://iview.abc.net.au Now for this website is heavy site because of the content on the site. So it takes a lot of time according to the connection speed with the ISP. The packet capture is successful for this site also and some of the statistics are given below. oThe total time for the packet capture is394 seconds. oThe total number of the packet are22249captured during the session. oThe IP addresses of the server and the client are given below. Client – 192.168.1.4 23.23.147.104 The packet capture was done using the workstation computer machine. Which has enough resources to do the task done for this website. The difference between the number of packets in both the session is different it is because the second website has large multimedia content than the previous one. Network Performance Performance is the main criteria when it comes to network traffic analysis. So the packet capture clearly shows that the network and website are performing up to the mark. So the performance of both the packet capture must be done according to certain criteria. Some of the main criteria are given below and the analysis is done accordingly. -Throughput -Round Trip Time 4
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
-Load Distribution -Warning and errors -TCP retransmissions Throughput The network bandwidth throughput is one of the most important criteria on which the application performance is dependent. The more the bandwidth the more performance we get from the application. And this also reduces the time of loading pages. Each website has its certain minimum bandwidth required in order to work properly without any issues. So the throughput of both website packet capture is. [1] -Website: http://www.news.com.au oAverage bits/s – 584k The snapshot of the analysis of the network throughput is given below. -Website: http://iview.abc.net.au oAverage bits/s – 299k The snapshot of the analysis of the network throughput is given below. 5
Round Trip Time The other performance factor of the network is the Round Trip Time (RTT). It basically denotes the latency in the network which we get while using any of the network application. The lesser the RTT the performance of the application will be good. So the RTT of both the packet capture is given below. -Website: http://www.news.com.au The average RTT time for this website is less than40msand given below is the snapshot of it. -Website: http://iview.abc.net.au The average RTT time for this website is less than20msand given below is the snapshot of it. Load Distribution The load distribution is one of the most important factors on which the actual performance of a particular website or application depend. Because some application may require more bandwidth than others so this can cause the waiting for other application for the network resource to be free in order to transmit and receive data. So the given below is the load distribution chart for the HTTP protocol for both the websites. [3] -Website: http://www.news.com.au 6
-Website: http://iview.abc.net.au - Warnings and errors The warning and errors are the important part of the network transmission. This shows that some flags indicate some error or warning in the network due to which performance of the network may hamper. So the warning and error graphs for both the websites are given below. -Website: http://www.news.com.au 7
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
-Website: http://iview.abc.net.au TCP retransmissions The TCP retransmission is one of the most important factors which plays an important role in the network performance optimization. This packet is failed or damaged packet which the host machine gets while transmission. The TCP protocol is the reliable protocol so it will retransmit the lost packet until it gets the right one. So the performance drastically affected for some application like audio or video streaming on the web. So given below is the TCP retransmission graph for both the websites. -Website : http://www.news.com.au 8
-Website : http://iview.abc.net.au Comparison 1 Now the main part comes the comparison between both the website. Both websites provide the multimedia content so these websites are heavy and take time to load all the data from the web server. Since the website news website doesn’t have much multimedia content it takes less time to load and the iview website is purely video streaming sites and has a lot of video content on it. 9
So the performance for both the website differs because of the different application purpose. So the detailed comparison of both websites is given below one by one according to the statistics collected from the packet capture. -Statistics According to the statistics collected the overall performance of the website are good and up to the mark. But the news takes less time to load and consume less network bandwidth so the performance good as compared to the view website. The number of packets and the bandwidth requirement both are high in iview website. Also, the total session time is large because of the video content which is put on this website. -TCP Retransmission As the number of packet transmission is high in the iview website so as the number of retransmission. This happens because of the fact that a large amount of data need to transmit over the network. This increases the TCP retransmission in the iview website. While this is very less on the news website. It is due to the textual content in it. -Bandwidth Utilization The bandwidth utilization is high in the iview as we already know due to the audio and video content streaming. So the requirement of the high-speed link is necessary in order to browse the website of the iview. As for the news website, the demand is not so high so it can easily operate on the lower internet speed -Load Distribution The Load distribution is overall high while the video content is played on the iview website. Because it requires continuous data delivery in order to play the video without buffer on the user's web browser. And once the news website is loaded there is no requirement of further data delivery from the server until and unless the user clicks on some other menu. -Warning and errors The warning and errors which we generally get on the network packet processing are depended on various factors from the server side to the ISP issues. These all create the performance issue with the web application which is hosted on the server. And the user gets affected. One of the most important reasons this generally happen maybe web server application got down. The packet gets lost in the transmission. Or some other filters are put on the firewall at the server end. [4] 10
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
So, in the same way, the iview session gets most of the warning and errors related to the web application hosted at the server end. And the news website gets least errors and warning while its session is going on the user host machine. The above-discussed reason are more than enough to tell the main difference between the performances of the application for both the website. Comparison 2 Now at first, the network traffic analysis tools in the early stages of development are not free. We have to buy a licensed product from the company which provided the proprietary hardware and software solution. But with the evolution of the Wireshark, the network traffic analysis becomes very easy and anybody can do with proper knowledge of internetworking communication and various network protocol which are widely used in the today’s computing world. So in this, we have used the Microsoft Message Analyzer tool for brief comparison of features and performance provided by it as compared to the Wireshark. So the comparison is given below on the one by one basis. 1.The Microsoft Message Analyzer is a good network analyzer tool and easily available for free from the Microsoft official website [2]. But the tools take a lot of time to install on the windows machine as compared to the Wireshark. And Wireshark is very easily available on the internet because it is free and also open source. 2.The GUI is the main criteria which need to be judged because the User Interface is the most important part of the application. The Microsoft has provided various tools and feature for visualization. But it is not good as the Wireshark because of its community and it is out for so long huge development has taken place. And also there are various version available for different platform and support community for it. 3.The network traffic visualization is the most import part of the report generation. So the Microsoft tool has various tools and other stuff. But it takes a lot of time for generating graphs and other report as compared to the Wireshark. The Wireshark interface is easy to learn and understand and it is fast. 4.Statistic generation is the most important aspect of the traffic analysis. So the generation of the throughput, RTT etc. is very easy in Microsoft and Also it is not difficult in the Wireshark because of the GUI of the Microsoft tool is heavily customized. 11
5.The Detailed analysis is very easy in the Wireshark tool because it shows it on the screen and detailed analysis require to view the packet in details. While the Microsoft tools we have to look in the various windows in order to get the important details out of it. And the windows of the Microsoft are complex. It requires training in order to understand the working concept of the tool. And the Wireshark tool gets the regular updates and patches according to the issues reported by the user. And also it supports various platform the security analyst prefer Wireshark. Because it is free and stable and support the Linux OS which is widely used on the servers. Conclusion The internet is the key part of the today's computing world no business can run without it. Everything is connected to the everything on the internet world. So as the application and services which are provided by the various companies. So in order to provide better services to the user, we need to analyze and test the application and its performance according to the user minimum standard. This report briefly discusses the performance of the two web application one deals with the textual content mostly and the other one deals with heavy multimedia content like audio and video. The heavier application the resource requirement will increase tremendously according to the user demand. So the result is the user need to qualify the minimum requirement of the web application in order to enjoy application services smoothly without any issue. The report also discusses the comparison between the Microsoft Message Analyzer and Wireshark tool it turns out that the Wireshark overall beat the Microsoft tool in the overall requirement of the user which are demanded by the user in today’s world. Reference All the references which are used in order to prepare this report are given below. [1]S. Orgera, "What Is Wireshark? Here's A Complete Tutorial To Help You What It Does", Lifewire,2017.[Online].Available:https://www.lifewire.com/wireshark-tutorial-4143298. [Accessed: 27- Jan- 2018]. [2]Microsoft, "Microsoft Message Analyzer Operating Guide", Technet.microsoft.com, 2016. [Online]. Available: https://technet.microsoft.com/en-us/library/jj649776.aspx. [Accessed: 27- Jan- 2018]. 12
[3]C. Chapman and S. Furnell, Network performance and security. [4]Y. Orzach, Network analysis using Wireshark Cookbook. 2013. 13