Network Analysis using Wireshark
VerifiedAdded on 2024/04/26
|13
|2657
|223
AI Summary
This report delves into the analysis of network traffic using Wireshark tool for websites based on MIT ID allocation. It covers general statistics, network performance metrics, comparisons, and a conclusion on the tools used.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
MN504
Network Application
Management
Network Analysis using
Wireshark
1
Network Application
Management
Network Analysis using
Wireshark
1
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Contents
About Task.............................................................................................................................................3
Introduction...........................................................................................................................................3
General Statistics...................................................................................................................................3
- http://www.news.com.au.........................................................................................................4
- http://iview.abc.net.au..............................................................................................................4
Network Performance...........................................................................................................................4
Throughput........................................................................................................................................5
Round Trip Time................................................................................................................................6
Load Distribution...............................................................................................................................6
Warnings and errors..........................................................................................................................7
TCP retransmissions..........................................................................................................................8
Comparison 1........................................................................................................................................9
Comparison 2......................................................................................................................................11
Conclusion...........................................................................................................................................12
Reference............................................................................................................................................12
2
About Task.............................................................................................................................................3
Introduction...........................................................................................................................................3
General Statistics...................................................................................................................................3
- http://www.news.com.au.........................................................................................................4
- http://iview.abc.net.au..............................................................................................................4
Network Performance...........................................................................................................................4
Throughput........................................................................................................................................5
Round Trip Time................................................................................................................................6
Load Distribution...............................................................................................................................6
Warnings and errors..........................................................................................................................7
TCP retransmissions..........................................................................................................................8
Comparison 1........................................................................................................................................9
Comparison 2......................................................................................................................................11
Conclusion...........................................................................................................................................12
Reference............................................................................................................................................12
2
About Task
The task is to analyze the network traffic using the Wireshark tool for some website. Now the
website allocation has to be done according to the last number of the MIT ID. So the name and the
MIT ID is given below.
Name: SEERAT
MIT ID: MIT173290
The set of the website according to the ID is given below.
- http://www.news.com.au
- http://iview.abc.net.au
Introduction
Network communication is the key part of the today’s world. And industry and people are
dependent on it because everything runs on it from a computer application to complex production
environment of the various industries. This is the task which is performed in this report to capture
and analyze the network traffic using the network sniffing tools. The sniffing tools available both in
hardware and software format in the world. For this task, Wireshark tool is used as it is free and
open sources and easily available on the internet.
This report is prepared in order to analyze the network traffic using the sniffing technology. This
sniffing tools provide the network administrator to analyze and solve the issues with production
network by deep traffic analysis. This report is divided into various parts and covers following task.
- General statistics of the packet capture of both the websites.
- Screenshots of the different statistics from the Wireshark tool on various criteria.
- Comparison of the statics and graphs from both the traffic capture.
- Traffic Packet Comparison with another tool e.g. Microsoft Message Analyzer.
General Statistics
So the packet capture needs to be done on the two websites both of them shows the news content
one shows normal newspaper and the other one is the streaming website. The home network is a
very small network and there are very few devices connected. So the ISP uses the modem and
generally uses the class IP address spaces. In this case, the class network is 192.168.1.0/24.
- Modem Address – 192.168.1.1
3
The task is to analyze the network traffic using the Wireshark tool for some website. Now the
website allocation has to be done according to the last number of the MIT ID. So the name and the
MIT ID is given below.
Name: SEERAT
MIT ID: MIT173290
The set of the website according to the ID is given below.
- http://www.news.com.au
- http://iview.abc.net.au
Introduction
Network communication is the key part of the today’s world. And industry and people are
dependent on it because everything runs on it from a computer application to complex production
environment of the various industries. This is the task which is performed in this report to capture
and analyze the network traffic using the network sniffing tools. The sniffing tools available both in
hardware and software format in the world. For this task, Wireshark tool is used as it is free and
open sources and easily available on the internet.
This report is prepared in order to analyze the network traffic using the sniffing technology. This
sniffing tools provide the network administrator to analyze and solve the issues with production
network by deep traffic analysis. This report is divided into various parts and covers following task.
- General statistics of the packet capture of both the websites.
- Screenshots of the different statistics from the Wireshark tool on various criteria.
- Comparison of the statics and graphs from both the traffic capture.
- Traffic Packet Comparison with another tool e.g. Microsoft Message Analyzer.
General Statistics
So the packet capture needs to be done on the two websites both of them shows the news content
one shows normal newspaper and the other one is the streaming website. The home network is a
very small network and there are very few devices connected. So the ISP uses the modem and
generally uses the class IP address spaces. In this case, the class network is 192.168.1.0/24.
- Modem Address – 192.168.1.1
3
- Machine Address – 192.168.1.4
Now the packet capture is done one by one for both the websites and the statistics are discussed
below one by one.
- http://www.news.com.au
The packet capture was successful and all the IP packets are captured during the browsing
session of the user. So the given below are the statistics of the website packet capture.
o The total time taken to capture all the packet is 201 seconds.
o Total number of the packet captured during the session are 17790.
o The IP address of the client and server given below.
Client – 192.168.1.4
Server – 23.23.147.107
- http://iview.abc.net.au
Now for this website is heavy site because of the content on the site. So it takes a lot of time
according to the connection speed with the ISP. The packet capture is successful for this site
also and some of the statistics are given below.
o The total time for the packet capture is 394 seconds.
o The total number of the packet are 22249 captured during the session.
o The IP addresses of the server and the client are given below.
Client – 192.168.1.4
23.23.147.104
The packet capture was done using the workstation computer machine. Which has enough
resources to do the task done for this website. The difference between the number of packets in
both the session is different it is because the second website has large multimedia content than the
previous one.
Network Performance
Performance is the main criteria when it comes to network traffic analysis. So the packet capture
clearly shows that the network and website are performing up to the mark. So the performance of
both the packet capture must be done according to certain criteria. Some of the main criteria are
given below and the analysis is done accordingly.
- Throughput
- Round Trip Time
4
Now the packet capture is done one by one for both the websites and the statistics are discussed
below one by one.
- http://www.news.com.au
The packet capture was successful and all the IP packets are captured during the browsing
session of the user. So the given below are the statistics of the website packet capture.
o The total time taken to capture all the packet is 201 seconds.
o Total number of the packet captured during the session are 17790.
o The IP address of the client and server given below.
Client – 192.168.1.4
Server – 23.23.147.107
- http://iview.abc.net.au
Now for this website is heavy site because of the content on the site. So it takes a lot of time
according to the connection speed with the ISP. The packet capture is successful for this site
also and some of the statistics are given below.
o The total time for the packet capture is 394 seconds.
o The total number of the packet are 22249 captured during the session.
o The IP addresses of the server and the client are given below.
Client – 192.168.1.4
23.23.147.104
The packet capture was done using the workstation computer machine. Which has enough
resources to do the task done for this website. The difference between the number of packets in
both the session is different it is because the second website has large multimedia content than the
previous one.
Network Performance
Performance is the main criteria when it comes to network traffic analysis. So the packet capture
clearly shows that the network and website are performing up to the mark. So the performance of
both the packet capture must be done according to certain criteria. Some of the main criteria are
given below and the analysis is done accordingly.
- Throughput
- Round Trip Time
4
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
- Load Distribution
- Warning and errors
- TCP retransmissions
Throughput
The network bandwidth throughput is one of the most important criteria on which the application
performance is dependent. The more the bandwidth the more performance we get from the
application. And this also reduces the time of loading pages. Each website has its certain minimum
bandwidth required in order to work properly without any issues. So the throughput of both website
packet capture is. [1]
- Website: http://www.news.com.au
o Average bits/s – 584k
The snapshot of the analysis of the network throughput is given below.
- Website: http://iview.abc.net.au
o Average bits/s – 299k
The snapshot of the analysis of the network throughput is given below.
5
- Warning and errors
- TCP retransmissions
Throughput
The network bandwidth throughput is one of the most important criteria on which the application
performance is dependent. The more the bandwidth the more performance we get from the
application. And this also reduces the time of loading pages. Each website has its certain minimum
bandwidth required in order to work properly without any issues. So the throughput of both website
packet capture is. [1]
- Website: http://www.news.com.au
o Average bits/s – 584k
The snapshot of the analysis of the network throughput is given below.
- Website: http://iview.abc.net.au
o Average bits/s – 299k
The snapshot of the analysis of the network throughput is given below.
5
Round Trip Time
The other performance factor of the network is the Round Trip Time (RTT). It basically denotes the
latency in the network which we get while using any of the network application. The lesser the RTT
the performance of the application will be good. So the RTT of both the packet capture is given
below.
- Website: http://www.news.com.au
The average RTT time for this website is less than 40ms and given below is the snapshot of it.
- Website: http://iview.abc.net.au
The average RTT time for this website is less than 20ms and given below is the snapshot of it.
Load Distribution
The load distribution is one of the most important factors on which the actual performance of a
particular website or application depend. Because some application may require more bandwidth
than others so this can cause the waiting for other application for the network resource to be free in
order to transmit and receive data. So the given below is the load distribution chart for the HTTP
protocol for both the websites. [3]
- Website: http://www.news.com.au
6
The other performance factor of the network is the Round Trip Time (RTT). It basically denotes the
latency in the network which we get while using any of the network application. The lesser the RTT
the performance of the application will be good. So the RTT of both the packet capture is given
below.
- Website: http://www.news.com.au
The average RTT time for this website is less than 40ms and given below is the snapshot of it.
- Website: http://iview.abc.net.au
The average RTT time for this website is less than 20ms and given below is the snapshot of it.
Load Distribution
The load distribution is one of the most important factors on which the actual performance of a
particular website or application depend. Because some application may require more bandwidth
than others so this can cause the waiting for other application for the network resource to be free in
order to transmit and receive data. So the given below is the load distribution chart for the HTTP
protocol for both the websites. [3]
- Website: http://www.news.com.au
6
- Website: http://iview.abc.net.au
-
Warnings and errors
The warning and errors are the important part of the network transmission. This shows that some
flags indicate some error or warning in the network due to which performance of the network may
hamper. So the warning and error graphs for both the websites are given below.
- Website: http://www.news.com.au
7
-
Warnings and errors
The warning and errors are the important part of the network transmission. This shows that some
flags indicate some error or warning in the network due to which performance of the network may
hamper. So the warning and error graphs for both the websites are given below.
- Website: http://www.news.com.au
7
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
- Website: http://iview.abc.net.au
TCP retransmissions
The TCP retransmission is one of the most important factors which plays an important role in the
network performance optimization. This packet is failed or damaged packet which the host machine
gets while transmission. The TCP protocol is the reliable protocol so it will retransmit the lost packet
until it gets the right one. So the performance drastically affected for some application like audio or
video streaming on the web. So given below is the TCP retransmission graph for both the websites.
- Website : http://www.news.com.au
8
TCP retransmissions
The TCP retransmission is one of the most important factors which plays an important role in the
network performance optimization. This packet is failed or damaged packet which the host machine
gets while transmission. The TCP protocol is the reliable protocol so it will retransmit the lost packet
until it gets the right one. So the performance drastically affected for some application like audio or
video streaming on the web. So given below is the TCP retransmission graph for both the websites.
- Website : http://www.news.com.au
8
- Website : http://iview.abc.net.au
Comparison 1
Now the main part comes the comparison between both the website. Both websites provide the
multimedia content so these websites are heavy and take time to load all the data from the web
server. Since the website news website doesn’t have much multimedia content it takes less time to
load and the iview website is purely video streaming sites and has a lot of video content on it.
9
Comparison 1
Now the main part comes the comparison between both the website. Both websites provide the
multimedia content so these websites are heavy and take time to load all the data from the web
server. Since the website news website doesn’t have much multimedia content it takes less time to
load and the iview website is purely video streaming sites and has a lot of video content on it.
9
So the performance for both the website differs because of the different application purpose. So the
detailed comparison of both websites is given below one by one according to the statistics collected
from the packet capture.
- Statistics
According to the statistics collected the overall performance of the website are good and up to
the mark. But the news takes less time to load and consume less network bandwidth so the
performance good as compared to the view website.
The number of packets and the bandwidth requirement both are high in iview website. Also, the
total session time is large because of the video content which is put on this website.
- TCP Retransmission
As the number of packet transmission is high in the iview website so as the number of
retransmission. This happens because of the fact that a large amount of data need to transmit
over the network. This increases the TCP retransmission in the iview website. While this is very
less on the news website. It is due to the textual content in it.
- Bandwidth Utilization
The bandwidth utilization is high in the iview as we already know due to the audio and video
content streaming. So the requirement of the high-speed link is necessary in order to browse
the website of the iview. As for the news website, the demand is not so high so it can easily
operate on the lower internet speed
- Load Distribution
The Load distribution is overall high while the video content is played on the iview website.
Because it requires continuous data delivery in order to play the video without buffer on the
user's web browser. And once the news website is loaded there is no requirement of further
data delivery from the server until and unless the user clicks on some other menu.
- Warning and errors
The warning and errors which we generally get on the network packet processing are depended
on various factors from the server side to the ISP issues. These all create the performance issue
with the web application which is hosted on the server. And the user gets affected. One of the
most important reasons this generally happen maybe web server application got down. The
packet gets lost in the transmission. Or some other filters are put on the firewall at the server
end. [4]
10
detailed comparison of both websites is given below one by one according to the statistics collected
from the packet capture.
- Statistics
According to the statistics collected the overall performance of the website are good and up to
the mark. But the news takes less time to load and consume less network bandwidth so the
performance good as compared to the view website.
The number of packets and the bandwidth requirement both are high in iview website. Also, the
total session time is large because of the video content which is put on this website.
- TCP Retransmission
As the number of packet transmission is high in the iview website so as the number of
retransmission. This happens because of the fact that a large amount of data need to transmit
over the network. This increases the TCP retransmission in the iview website. While this is very
less on the news website. It is due to the textual content in it.
- Bandwidth Utilization
The bandwidth utilization is high in the iview as we already know due to the audio and video
content streaming. So the requirement of the high-speed link is necessary in order to browse
the website of the iview. As for the news website, the demand is not so high so it can easily
operate on the lower internet speed
- Load Distribution
The Load distribution is overall high while the video content is played on the iview website.
Because it requires continuous data delivery in order to play the video without buffer on the
user's web browser. And once the news website is loaded there is no requirement of further
data delivery from the server until and unless the user clicks on some other menu.
- Warning and errors
The warning and errors which we generally get on the network packet processing are depended
on various factors from the server side to the ISP issues. These all create the performance issue
with the web application which is hosted on the server. And the user gets affected. One of the
most important reasons this generally happen maybe web server application got down. The
packet gets lost in the transmission. Or some other filters are put on the firewall at the server
end. [4]
10
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
So, in the same way, the iview session gets most of the warning and errors related to the web
application hosted at the server end. And the news website gets least errors and warning while
its session is going on the user host machine.
The above-discussed reason are more than enough to tell the main difference between the
performances of the application for both the website.
Comparison 2
Now at first, the network traffic analysis tools in the early stages of development are not free. We
have to buy a licensed product from the company which provided the proprietary hardware and
software solution. But with the evolution of the Wireshark, the network traffic analysis becomes very
easy and anybody can do with proper knowledge of internetworking communication and various
network protocol which are widely used in the today’s computing world.
So in this, we have used the Microsoft Message Analyzer tool for brief comparison of features and
performance provided by it as compared to the Wireshark. So the comparison is given below on the
one by one basis.
1. The Microsoft Message Analyzer is a good network analyzer tool and easily available for free
from the Microsoft official website [2]. But the tools take a lot of time to install on the
windows machine as compared to the Wireshark. And Wireshark is very easily available on
the internet because it is free and also open source.
2. The GUI is the main criteria which need to be judged because the User Interface is the most
important part of the application. The Microsoft has provided various tools and feature for
visualization. But it is not good as the Wireshark because of its community and it is out for so
long huge development has taken place.
And also there are various version available for different platform and support community
for it.
3. The network traffic visualization is the most import part of the report generation. So the
Microsoft tool has various tools and other stuff. But it takes a lot of time for generating
graphs and other report as compared to the Wireshark. The Wireshark interface is easy to
learn and understand and it is fast.
4. Statistic generation is the most important aspect of the traffic analysis. So the generation of
the throughput, RTT etc. is very easy in Microsoft and Also it is not difficult in the Wireshark
because of the GUI of the Microsoft tool is heavily customized.
11
application hosted at the server end. And the news website gets least errors and warning while
its session is going on the user host machine.
The above-discussed reason are more than enough to tell the main difference between the
performances of the application for both the website.
Comparison 2
Now at first, the network traffic analysis tools in the early stages of development are not free. We
have to buy a licensed product from the company which provided the proprietary hardware and
software solution. But with the evolution of the Wireshark, the network traffic analysis becomes very
easy and anybody can do with proper knowledge of internetworking communication and various
network protocol which are widely used in the today’s computing world.
So in this, we have used the Microsoft Message Analyzer tool for brief comparison of features and
performance provided by it as compared to the Wireshark. So the comparison is given below on the
one by one basis.
1. The Microsoft Message Analyzer is a good network analyzer tool and easily available for free
from the Microsoft official website [2]. But the tools take a lot of time to install on the
windows machine as compared to the Wireshark. And Wireshark is very easily available on
the internet because it is free and also open source.
2. The GUI is the main criteria which need to be judged because the User Interface is the most
important part of the application. The Microsoft has provided various tools and feature for
visualization. But it is not good as the Wireshark because of its community and it is out for so
long huge development has taken place.
And also there are various version available for different platform and support community
for it.
3. The network traffic visualization is the most import part of the report generation. So the
Microsoft tool has various tools and other stuff. But it takes a lot of time for generating
graphs and other report as compared to the Wireshark. The Wireshark interface is easy to
learn and understand and it is fast.
4. Statistic generation is the most important aspect of the traffic analysis. So the generation of
the throughput, RTT etc. is very easy in Microsoft and Also it is not difficult in the Wireshark
because of the GUI of the Microsoft tool is heavily customized.
11
5. The Detailed analysis is very easy in the Wireshark tool because it shows it on the screen and
detailed analysis require to view the packet in details. While the Microsoft tools we have to
look in the various windows in order to get the important details out of it.
And the windows of the Microsoft are complex. It requires training in order to understand
the working concept of the tool.
And the Wireshark tool gets the regular updates and patches according to the issues reported by the
user. And also it supports various platform the security analyst prefer Wireshark. Because it is free
and stable and support the Linux OS which is widely used on the servers.
Conclusion
The internet is the key part of the today's computing world no business can run without it.
Everything is connected to the everything on the internet world. So as the application and services
which are provided by the various companies. So in order to provide better services to the user, we
need to analyze and test the application and its performance according to the user minimum
standard.
This report briefly discusses the performance of the two web application one deals with the textual
content mostly and the other one deals with heavy multimedia content like audio and video. The
heavier application the resource requirement will increase tremendously according to the user
demand. So the result is the user need to qualify the minimum requirement of the web application
in order to enjoy application services smoothly without any issue.
The report also discusses the comparison between the Microsoft Message Analyzer and Wireshark
tool it turns out that the Wireshark overall beat the Microsoft tool in the overall requirement of the
user which are demanded by the user in today’s world.
Reference
All the references which are used in order to prepare this report are given below.
[1] S. Orgera, "What Is Wireshark? Here's A Complete Tutorial To Help You What It Does",
Lifewire, 2017. [Online]. Available: https://www.lifewire.com/wireshark-tutorial-4143298.
[Accessed: 27- Jan- 2018].
[2] Microsoft, "Microsoft Message Analyzer Operating Guide", Technet.microsoft.com, 2016.
[Online]. Available: https://technet.microsoft.com/en-us/library/jj649776.aspx. [Accessed: 27- Jan-
2018].
12
detailed analysis require to view the packet in details. While the Microsoft tools we have to
look in the various windows in order to get the important details out of it.
And the windows of the Microsoft are complex. It requires training in order to understand
the working concept of the tool.
And the Wireshark tool gets the regular updates and patches according to the issues reported by the
user. And also it supports various platform the security analyst prefer Wireshark. Because it is free
and stable and support the Linux OS which is widely used on the servers.
Conclusion
The internet is the key part of the today's computing world no business can run without it.
Everything is connected to the everything on the internet world. So as the application and services
which are provided by the various companies. So in order to provide better services to the user, we
need to analyze and test the application and its performance according to the user minimum
standard.
This report briefly discusses the performance of the two web application one deals with the textual
content mostly and the other one deals with heavy multimedia content like audio and video. The
heavier application the resource requirement will increase tremendously according to the user
demand. So the result is the user need to qualify the minimum requirement of the web application
in order to enjoy application services smoothly without any issue.
The report also discusses the comparison between the Microsoft Message Analyzer and Wireshark
tool it turns out that the Wireshark overall beat the Microsoft tool in the overall requirement of the
user which are demanded by the user in today’s world.
Reference
All the references which are used in order to prepare this report are given below.
[1] S. Orgera, "What Is Wireshark? Here's A Complete Tutorial To Help You What It Does",
Lifewire, 2017. [Online]. Available: https://www.lifewire.com/wireshark-tutorial-4143298.
[Accessed: 27- Jan- 2018].
[2] Microsoft, "Microsoft Message Analyzer Operating Guide", Technet.microsoft.com, 2016.
[Online]. Available: https://technet.microsoft.com/en-us/library/jj649776.aspx. [Accessed: 27- Jan-
2018].
12
[3] C. Chapman and S. Furnell, Network performance and security.
[4] Y. Orzach, Network analysis using Wireshark Cookbook. 2013.
13
[4] Y. Orzach, Network analysis using Wireshark Cookbook. 2013.
13
1 out of 13
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.