Among other very useful and interesting things that wireshark can show in a packet capture, it can also display the top traffic conversations based on various criteria such as IP addresses, L2 ethernet addresses, IPv6 address or L4 information.
The conversation list is available from the Statistics -> Conversations menu.
Below an example taken showing the top bps rate (B->A direction) for the TCP protocol, where A and B are the endpoints identified by IP and TCP port number
So based on the below image, the top speed was ~ 2.5 Mbps and the duration of the session was - as far as wireshark knows - 25.7 seconds. Additional things can be done from this menu such as "Follow stream" or "Copy"
No comments:
Post a Comment