Wireshark

Wireshark is used by network professionals around the world for troubleshooting, analysis, software and protocol development, and education. It has all of the standard features you would expect in a protocol analyzer, and several features not seen in any other product. Its open source license allows talented experts in the networking community to add enhancements. It runs on all popular computing platforms, including Unix, Linux, and Windows.

Here is a handy add-on to the Wireshark package. It is in the public domain.

Connection graphs

This is an external application to generate connection graphs from Wireshark capture files. It is written for Linux, but will work on Windows under Cygwin. You will also need Graphviz to create the graphs.
afs.gif
The graph shows the flow of information represented by the capture. There are two forms of the graph. This is the undirected graph, there is also a directed graph version that shows the direction of traffic flow. However the two types of graph are generated using different placement algorithms.
afsd.gif
This is a directed graph of the same capture (Available as a sample capture on the Wireshark wiki.)

To generate a postscript graph and view it use the command

congraph -d capture-file

to list all available options use the command

congraph -h

Otherwise just play around, it is fairly straight-forward.

Using congraph on Windows

Start the Cygwin bash terminal from the start menu and use the same commands as above. However, on Windows the Wireshark directory is not usually on the PATH, so twireshark will not be found. Either add the Wireshark directory to the PATH, or modify the relevant line of the file so that it gives the full path to twireshark. The word twireshark should be replaced by something like "/cygdrive/c/Program Files/Wireshark/twireshark" where that "c" is the drive letter. Include the quotes, otherwise the space will confuse things. If you want to use the -d option you will need to do something similar to the ghostview line at the bottom of the file to match whatever viewer you have installed.


Add a New Comment
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License