Wireshark - Graphic analysis tool. anyone knows?

Question

Does anyone knows a graphical tool to analyse wireshark captures?

Like something that can agregate traffic by ip's and by protocol and show's it graphicly.

Anyone knows a freeware/opensource utility?

Thanks

Are you trying to do this on the spot, or have a more permanent statistics-gathering setup? — Hyppy, Mar 15 '11 at 13:40

score 4 · Accepted Answer · answered Mar 16 '11 at 03:04

4

Have you tried Wireshark's own "statistics" tools. You have some pretty nice tools to do endpoint conversation analysis (somehow similar to netflow), IO graphs, per protocol statistics, protocols hierarchies, flow graphs, packet length distributions plus several others. Also, many of these tools accepts Wireshark's filter syntaxis so the drill down you can make and the information you can extract from a pcap file is quite deep.

answered Mar 16 '11 at 03:04

jliendo

1,578
11
13

Thanks jliendo, i didn't saw that feature. That did it it's a very nice feature and it gives an idea of going overall. – Flip Mar 17 '11 at 09:05

score 1 · Answer 2 · answered Mar 15 '11 at 13:45

1

I just recently purchased Cascade Pilot, which is kind of spendy.

answered Mar 15 '11 at 13:45

GregD

8,713
1
24
36

score 0 · Answer 3 · answered Mar 15 '11 at 13:56

0

If you have access to the network device(s), you can do what you're asking with NetFlow if they support it. This may be a better fit (and lower overhead) than using Wireshark, depending on your needs and architecture. It's not the answer to your question, but it might be something you didn't know to ask for.

answered Mar 15 '11 at 13:56

mfinni

36,144
4
53
86

Does it work won Windows? (win2008r2 / Win7) – Flip Mar 15 '11 at 15:06
MRTG would also work, using a relatively simple SNMP setup instead of a possibly awkward Netflow configuration. – Hyppy Mar 15 '11 at 15:09
NetFlow is a protocol, like SNMP. You need to run Netflow collector software that is pointing at your network devices. There are netflow collectors that run on Windows, yes. SolarWinds Orion has a netflow component, there are others. – mfinni Mar 15 '11 at 15:09
Hyppy- Can you actually get protocol-level information from SNMP? As requested, Flip wants IPs (doesn't specific source or destination) and protocol - presumably TCP/UDP port, again not specified but that's most common. How do you export or query that via SNMP? I didn't think you could, but if you know how, that would be great. – mfinni Mar 15 '11 at 15:11
Ahh you're right, no protocol information in SNMP that I know of, at least not without getting really dirty in the MIBs on a vendor-by-vendor basis :-/ – Hyppy Mar 15 '11 at 15:14

score 0 · Answer 4 · answered Mar 15 '11 at 15:13

Some interesting PCAP graphing into a Circos format can be done with IPLink, available for free at http://ip-link.wikidot.com. You'll need to install a Python interpreter and Perl.

A very manual method using tcptrace and xplot is outlined on the following blog, which may be more along the lines of what you're looking for: http://geek00l.blogspot.com/2005/11/visualize-network-traffic.html

Wireshark - Graphic analysis tool. anyone knows?

4 Answers4