Transfer from https://www.cnblogs.com/strick/p/6344486.html
First, the basic information of statistical tools
1) capture file attributes (Summary)
-
File: understand the various attributes capture file, such as the size of the data packet capture file information such as name, path, file contained
-
Time: informed capture the start, end and duration
-
Capture: capture files are generated by which network card, OS version, Wireshark version, etc.
-
Display: The rest is aggregated statistics, the total number of packets, the number and proportion of cases, speed, etc.
2) classification protocol (Protocol Hierarchy)
-
Protocol: protocol name data packet belongs
-
% Packets: number of packets in the case where the proportion of each type of the protocol contained in the document capture
-
Packets: The number of each data packet protocol type
-
% Bytes: accounting for the number of bytes in the case where packets each protocol type contained in the capture file
-
Bytes: number of bytes in each data packet protocol type
-
MBit / s: a protocol type of the packet transmission rate over the capture period
-
End Packets: affiliated with the sheer number of the protocol type of the packet, such as TCP, purely means that no high-level protocol headers after the TCP header (HTTP first class)
-
End Bytes: number of bytes belonging to the pure data packet protocol type
-
End Bits / s: under the protocol type of the packet transmission rate in a pure capture period
3) Dialogue (Conversation)
A dialogue refers to all traffic occurs between a pair of specific endpoints (mainframe, server, or network device).
TCP or UDP session includes four feature (source, destination and source IP address, destination port number) matches all packets.
-
Ethernet Label: host communication between different MAC address
-
IPv4 Tags: communication between a host of different IPv4 addresses
-
TCP or UDP: TCP or UDP various established between different host IPv4 address, you can find a host whether to open too many connections, the number in the strange connection is established.
4) endpoints (Endpoints)
This tool is used to observe the second, third and fourth floors endpoint (Ethernet endpoints, IP endpoints, TCP / UDP endpoints) statistics related information.
粗看与对话窗口类似,但对话窗口中会有Address A与Address B两个,而端点中只有一个。
5)HTTP统计信息
- 分组计数器(Packet Counter):展示HTTP数据包的总数,请求数据包和响应数据包的数量。
-
请求(Requests):主机请求访问Web站点的分布情况,以及所访问的Web站点的具体资源。
-
负载分配(Load Distribution):HTTP数据包(请求和响应)访问过哪些站点。
6)IP属性统计信息
-
All Addresses:所有的地址
-
Destinations and Ports:目的地址和端口号
-
IP Protocol Types:IP协议类型
-
Source and Destination Addresses:源和目的地址
二、高级信息统计工具——IO图表(IO Graphs)
1)IO图表(IO Graphs)
-
样式:Line(线)、Impulse(脉冲)、Fbar(粗线)、Dot(点)
-
X轴配置:
间隔(Tick Interval)取值范围0.001秒~10分钟
一天时钟(View as time of day)勾选后会按一天当中的具体时刻来显示
- Y轴配置:
速率单位(Unit):Pickets、Bytes、Bits、Advanced(包括SUM、MAX等)
平滑速率(Smooth):每个计时单位内的平均传输速率
2)IO图表高级配置(Y轴Unit参数Advanced选项)
单位时间:通过选择X轴参数配置区域内的Tick Interval下拉菜单项来指定
-
SUM(*):每个单位时间内实际传输的IP数据包总字节数
-
COUNT FRAMES(*):每个单位时间内发生匹配该条件的数量,例如重传数(tcp.analysis.retransmission)
-
COUNT FIELDS(*):每个单位时间内所传数据包中该字段出现的次数
-
MAX(*):每个单位时间内所传数据包相关参数的最高值,例如距离上一个捕获的包的时间间隔(frame.time_delta)
-
MIN(*):每个单位时间内所传数据包相关参数的最低值
-
AVG(*):每个单位时间内所传数据包相关参数的平均值
-
LOAD(*):生成与响应时间有关的图形
三、高级信息统计工具——TCP流图形(TCP StreamGraph)
1)时间序列(Stevens)
在单位时间内,受监控的TCP流在某个方向所传数据的字节流。
一条连绵不断的斜线就表示正常的文件传输,而斜线时断时续,表示文件传输存在问题;
斜线的角度越大,表示文件的传输速率很高,反之,文件传输缓慢。
2)时间序列(tcptrace)
监控TCP连接的诸多详细信息。
分析与此TCP有关的种种问题,包括TCP确认、TCP重传、以及TCP窗口大小等信息。
上面一条表示TCP接收窗口,当两条曲线之间空间较大的时候,表示接收主机尚有缓存;当近乎重叠的时候,TCP窗口已满(window-full)不能继续传输数据
下面一条表示在单位时间内,受监控的TCP流在某个方向所传数据的字节流(也就是Stevens)
图中每个小竖条(放大后就能看到)表示TCP数据包起始和终止序列号都与纵坐标上的数字相对应。
3)吞吐量(Throughput)
不但能了解TCP连接的吞吐量,而且还能判断TCP连接是否稳定。
统计单位时间内在某一指定方向上传输的数据包的字节数(左边的Y轴);
以此统计出来的吞吐量只是某个方向上传输的应用程序数据(不含IP头与TCP头)的吞吐量,单位为字节/秒(右边的Y轴)。
左边的Y轴就是包中的Len值,对应的是深蓝色的点;右边的Y轴对应的是咖啡色的斜线。
4)往返时间(Round Trip Time)
了解某条TCP连接中特定方向上的所有TCP报文段的往返时间(RTT)
X轴为序列号字段值,Y轴为时间值。
5)窗口尺寸(Window Scaling)
通过统计发送方的接收窗口大小,以此了解特定TCP连接的性能。
当窗口变小时,相关应用程序的吞吐量会相应降低,窗口的大小完全受控于建立连接的两个端点(服务器和客户端),大小的变化与网络性能无关。
Fourth, expert information (Expert Info) tool
window consists of Errors, Warnings, Notes, Chats and so on.
1)Errors
There are serious errors in the data packet.
Checksum error: Ethernet and IP checksum error.
Forged packets: generally refers to a particular application layer protocol.
2)Warnings
Packets have general questions.
TCP window and TCP window full-related events or TCP zero window, usually busy due to the connected devices.
Lost and TCP segment or disorder related events, lost because not all caught the full TCP segment in a TCP data stream; disorder because of its failure to order TCP segment sent to the perception reaches the receiving host.
3)Notes
Packets likely to cause the failure of anomalies, such as TCP retransmissions, duplicate acknowledgments, fast retransmit and so on.
4)Chats
It is consistent with the characteristics of conventional packet traffic, including SYN, FIN, RST and the various events HTTP status codes.
