Hi, Im trying to get a graph that show whitch time of the day my computer had the most activity with external servers? I found the external servers on IP destination. But how can i create a graph? Thanks asked 15 Dec '15, 06:45  Marko |
One Answer:
Start from In the graph window which pops up, you may specify display filters to limit each curve to packets meeting some criteria, e.g. to draw one curve for incoming traffic and another one in the same graph for outgoing traffic. The default is a single curve showing all packets. answered 15 Dec '15, 07:27  sindy |
Below the graph (I talk about Wireshark 2.x with Qt ("new") GUI), there is a table where you define the curves. [+] and [-] symbols are used to add and remove rows to/from that table. By double-clicking the "display filter" column of a given row, you can define which packets you want to contribute to that curve using the syntax of display filters.
So as an example,
ip.dst == 10.0.0.0/8will cause the curve to show packets sent to any IP in the private A-type subnet.In Y-Axis column you can define what value you want to show: number of packets, number of bytes, etc. or an operation over packet field specified in "Y field" column where you can specify a protocol field in the packet (quick & mostly useless example:
ip.len).When you finish, double-click the line outside any edit field, and then tick the tickbox in the leftmost column ("name").