~ o ~
For an open-source, world-class network protocol analyser.
Diceless role-playing in four-star luxury.
~ o ~
Wireshark is used by network professionals around the world for troubleshooting, analysis, software and protocol development, and education. It has all of the standard features you would expect in a protocol analyzer, and several features not seen in any other product. Its open source license allows talented experts in the networking community to add enhancements. It runs on all popular computing platforms, including Unix, Linux, and Windows.
Here is a handy add-on to the Wireshark package. It is in the public domain.
This is an external application to generate connection graphs from Wireshark capture files. It is written for Linux, but will work on Windows under Cygwin. You will also need Graphviz to create the graphs.
The graph shows the flow of information represented by the capture. There are two forms of the graph. This is the undirected graph, there is also a directed graph version that shows the direction of traffic flow. However the two types of graph are generated using different placement algorithms.
This is a directed graph of the same capture (Available as a sample capture on the Wireshark wiki.)
To generate a postscript graph and view it use the command
congraph -d capture-file
to list all available options use the command
Otherwise just play around, it is fairly straight-forward.
Using congraph on Windows
Start the Cygwin bash terminal from the start menu and use the same commands as above. However, on Windows the Wireshark directory is not usually on the PATH, so twireshark will not be found. Either add the Wireshark directory to the PATH, or modify the relevant line of the file so that it gives the full path to twireshark. The word twireshark should be replaced by something like "/cygdrive/c/Program Files/Wireshark/twireshark" where that "c" is the drive letter. Include the quotes, otherwise the space will confuse things. If you want to use the -d option you will need to do something similar to the ghostview line at the bottom of the file to match whatever viewer you have installed.