Wireshark: Packet Operations

3 min readJun 2, 2023

Continuing with wireshark features:-

Statistics: provides multiple statistics options to help users see the big picture in terms of the scope of the traffic, available protocols, endpoints and conversations, and specific protocols.

Resolved Addresses:-

It helps analysts identify IP addresses and DNS names.

Statistics → Resolved Addresses

Protocol Hierarchy

This option breaks down all available protocols from the capture file and helps to view the protocols in a tree view based on packet counters and percentages.

Statistics → Protocol Hierarchy

Conversations

represents traffic between two specific endpoints. This option provides the list of the conversations in five base formats; ethernet, IPv4, IPv6, TCP and UDP. Thus analysts can identify all conversations and contact endpoints for the event of interest.

Statistic → Conversations

Endpoints

Provides unique information for a single information field (Ethernet, IPv4, IPv6, TCP and UDP ). Thus analysts can identify the unique endpoints in the capture file and use it for the event of interest.

Statistics → Endpoints

Wireshark provides MAC addresses, IP and port name resolution options as well. However, these options are not enabled by default. If you want to enable them Edit → Preferences → Name Resolution

IPv4 and IPv6

The analysts can identify and list all events linked to specific IP versions in a single window and use it for the event of interest.

Statistics → IPvX Statistics

DNS

This option breaks down all DNS packets from the capture file and helps analysts view the findings in a tree view based on packet counters and percentages of the DNS protocol.

Statistics → DNS

HTTP

This option breaks down all HTTP packets from the capture file and helps analysts view the findings in a tree view based on packet counters and percentages of the HTTP protocol.

Statistics → HTTP