This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to use wireshark to plot traffic between 2 endpoint IP

0

I have seen statistics in wireshark but what I really want is to plot a line graph showing the traffic between 1 source IP and 1 destination IP. Wonder if wireshark can help me plot this.

asked 25 Feb '13, 17:39

user5462's gravatar image

user5462
1111
accept rate: 0%

edited 25 Feb '13, 18:45

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142


3 Answers:

0

Let me try to answer: Go to Statistics on Menu and scroll down for Flow_Graph.Click on that and it will give options for plotting the type of flow(General Flow or TCP Flow).If you are looking for tcp flow between client and server you can identify the stream you want to plot(Right click on SYN Packet and do follow tcp stream) and plot that particular conversation.

answered 25 Feb '13, 18:10

krishnayeddula's gravatar image

krishnayeddula
629354148
accept rate: 6%

0

I have not used it myself, but wireviz looks interesting. It's not an official part of Wireshark (yet?), but you might be able to download the binary packages if you happen to be working on one of the supported distributions; otherwise you'd have to download the sources and compile Wireshark yourself. The author is a Wireshark core member, so maybe if there's sufficient interest, one or more of his projects will be incorporated into the official Wireshark distribution one day.

answered 25 Feb '13, 18:44

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142
accept rate: 20%

0

Select Statistics > IO Graph. You will see a line graph of all traffic in the trace file. By default, it will show Packets per Second. You can change this to Bytes per Second or Bits per Second, as desired.

To limit the graph to traffic from one source IP address to one destination IP address, enter this filter in the Graph 1 filter area: "ip.src == x.x.x.x && ip.dst == y.y.y.y", where x.x.x.x is the source IP address and y.y.y.y is the destination IP address. Click the Graph 1 button twice, once to turn it off, and again to turn it back on, which will apply the filter you just entered.

Note that this filter will show traffic in one direction only, which is what you asked for. If what you really want is to see all traffic between two IP addresses in both directions, then the filter would be "ip.addr == x.x.x.x && ip.addr == y.y.y.y"

answered 25 Feb '13, 18:48

Jim%20Aragon's gravatar image

Jim Aragon
7.2k733118
accept rate: 24%

edited 25 Feb '13, 18:50