Wireshark¶
Wireshark) is the new name for what was Ethereal. It is a graphical packet sniffer that uses the same libraries as tcpdump.
Display Filters¶
Display filters have their own syntax, whereas capture filters use tcpdump syntax.
See also: https://www.wireshark.org/docs/man-pages/wireshark-filter.html
Filter by packet data content¶
Display all packets that contain "foo" in the data section:
contains is a simple substring match, whereas matches is a Perl compatible regex.
Display hosts within a given subnet¶
Display data within a port range¶
To see all ceph-osd data
Show only dns traffic about a certain host¶
Show all dns queries that do not have a response¶
In order for this to work you must perform the capture on the client side, or capture traffic from all DNS servers and combine it.
IO graphing¶
Within the Statistic -> IO Graph window, you can create graphs that illustrate trends in traffic
DNS response time stats¶
Create graphs that have the following data:
| Graph Name | Display Filter | Style | Y Axis | Y Field | SMA Period |
|---|---|---|---|---|---|
| AVG DNS Time | dns | line | AVG(Y Field) | dns.time | 10 interval SMA |
| MAX DNS Time | dns | line | MAX(Y Field) | dns.time | 10 interval SMA |
| MIN DNS Time | dns | line | MIN(Y Field) | dns.time | 10 interval SMA |