Wireshark Packet Summary and Initial Analysis

Summary

When doing a wireshark analysis, take a look at the packets per second, ipv6 count, and the protocol hierarchy to get idea of traffic type percentages.

Question

How to look at packets per second and protocol hierarchy in packet capture?

Customer Environment

AP/ZD and/or standalone AP packet capture done at ethernet interface. Both switch and AP negotiating at 1000 BT.

Resolution

There are instances where we need to analyze the packets per second at an AP mirrored wire interface so that we can take a look at how many packets per second and/or the protocol percentage of the traffic passing that the AP sees.

Once you have a Wireshark capture of the AP, from a mirrored port on the switch, click on the Statistics / Summary:

User-added image

We see a total of 506,060 packets between a 710 second period.
712 packets/sec is an OK number.  When we see above 6k packets/sec is when we need to stop and look at the size of the packets and analyze as packet sizes.  Above 6k is a somewhat high number if the packet size is big.

From Statistics / Protocol Hierarchy:

User-added image

We see that IPv6 traffic is not high relative to the percent of total packets.
We see that IPv4 TCP and UDP take the majority of the percent of total packets, UDP taking 81% of total traffic.
 
Prior to the capture, make sure that the switch port and that the AP are resolving at 1000 BT for numbers to be valid.

Article Number:
000003575

Updated:
September 20, 2020 10:47 PM (about 4 years ago)

Tags:
Performance, Troubleshooting, ZoneDirector, ZoneFlex Indoor, ZoneFlex Outdoor

Votes:
7

This article is:
helpful
not helpful

Working...Please wait

This is here to prevent you from accidentally submitting twice.

The page will automatically refresh.

Alert!!

Close