Wireshark Statistics: How to Analyze Packet Size and HTTP Request/Response Data

IntroductionWireshark is a powerful tool used for network analysis and troubleshooting. In this guide, we will explore Wireshark statistics to help you understand network traffic better.

What are Wireshark

Packet Size: arp < icmp < dns

Wireshark Syntax

Code Language: JavaScriptCopy

Filter IP, such as source IP or destination x.x.x.xip.src == x.x.x.x or ip.dst eq x.x.x.x or ip.addr == x.x.x.xFilter Porttcp.port eq 80 or udp.port eq 80Filter MACeth.dst ==A0:00:00:04:C5:84HTTP Mode Filter (a kind of fuzzy matching)http.request.method== "GET" http.request.method== "POST" http.request.uri =="/img/logo-edu.gif" http contains"GET" http contains"HTTP/1." http.request.method== "GET" && http contains "User-Agent:"# Filter Login BackendLogin backend is (relative path suffices) /admin/login.phphttp contains "login" && http.request.method == "POST"# Login Passwordhttp contains "password"ip.src == 192.168.94.59 and http contains "eval"http contains "{\"success\":true}" and ip.addr==192.168.94.59What is the network card configuration, submit internal network IP of the network cardhttp contains "eth" # Protocol Grading Statistics, similar fuzzy matching for MySQLmysql.query contains “SELECT”mysql contains "hash_code"Click Statistics -> Endpoints

Q: How to query the request and response size of a specific application or server and client?A: Use the menu Statistics -> Group Length to perform packet size statistics;

Code Language: JavaScriptCopy

# Filter according to its pattern# Requestip.src==10.20.172.103 && ip.dst==192.168.10.200# Responseip.dst==10.20.172.103 && ip.src==192.168.10.200# Packet Size Calculation211 * 187.09 / 1024 = 38.55 kb (Note the size difference in KB)228 * 3661.07 / 1024 = 815.16 kb

Wireshark statistics

WeiyiGeek. All Requests Data Packet Size Query

Q: How to query the number of HTTP data packet request/response statistics?A: Use the menu Statistics -> HTTP -> Group CounterFor example: HTTP data packet request/response return counts are 49 times each;

Wireshark statistics