SlideShare a Scribd company logo

Sample Network Analysis Report based on Wireshark Analysis

David Sweigert
David Sweigert

Uploaded as a courtesy by: Dave Sweigert

Government & Nonprofit
1 of 15
Sample Network Analysis Report Report Information Report created on 12/31/2013 4:37:16 PM. Analyst Information Name Sample Analysis Report E-mail Address info@chappellu.com Phone Number 408-378-7841 Client Information Client Name Chappell University Case Number 03A543
Table of Contents IP Conversations 3 IP Conversations 4 Bandwidth Over Time 5 Bytes per Second 6 Bits per Second 7 Packets per Second 8 Bandwidth Over Time (2) 9 Bytes per Second 10 Bits per Second 11 Packets per Second 12 TCP Errors Overview 13 TCP Errors Over Time 14 Total TCP Errors Relative Number of Errors 15
IP Conversations Conversations among IP hosts Applied on 12/31/2013 4:04:17 PM. Total capture window: 11/15 18:03:00.533697 - 18:04:30.533697. Current selection: 11/15 18:03:00.533697 - 18:04:30.533697 (90 s at 1 sec). Source File: C:UsersLauraDocumentsCustomer ProjectsCase 03A543tr-twohosts.pcapng File Time: 12/31/2013 4:03:25 PM File Size: 54525KB Checksum ():
IP Conversations VIEW NOTES: IP host conversations. The size of the host is relative to the amount of data it has transmitted. The size of each connection is relative to how much traffic it has transported between the two endpoints (hosts). OTHER NOTES: This trace file contains two conversations. We have two interanl hosts that are downloading a file from a remote host. In this report we will refer to the local hosts by the last two bytes of their IP addresses - 1.72 and 1.119. We will refer to the remote server as simply "the remote server." Figure 1 - IP Conversations
Bandwidth Over Time Total bandwidth over time Applied on 12/31/2013 4:06:08 PM. Total capture window: 11/15 18:03:43.415340 - 18:04:30.415340. Current selection: 11/15 18:03:43.415340 - 18:04:30.415340 (47 s at 1 sec). Source File: C:UsersLauraDocumentsCustomer ProjectsCase 03A543tr-twohosts.pcapng File Time: 12/31/2013 4:03:25 PM File Size: 54525KB Checksum (): Drilldown Sequence: 1. Applied the view "IP Conversations" 2. Performed a Conversation selection on the "IP Conversations" Conversation Ring. Details: Selected: 200.236.31.1 - 192.168.1.119 3. Applied the view "Bandwidth Over Time"
Bytes per Second The number of bytes per second. Figure 2 - Bytes per Second
Bits per Second VIEW NOTES: The number of bits per second. This enables an at-a-glance view of the total bandwidth used as well as a detailed look in single second precision. OTHER NOTES: We applied this "Bandwidth Over Time" view to the traffic to/from 1.119. We can see the throughput reaches 18 Mbps. There are numerous significant drops, however. We will compare this to the throughput graph for traffic to and from 1.72 next. [We used the right-click | drilldown method to create this new view.] Figure 3 - Bits per Second
Packets per Second The number of packets per second. This view when compared to the bits/bytes view above allows the user to visually identify when many small packets are generating the traffic or if it is a few larger packets. Figure 4 - Packets per Second
Bandwidth Over Time (2) Total bandwidth over time Applied on 12/31/2013 4:18:00 PM. Total capture window: 11/15 18:03:00.533697 - 18:04:02.533697. Current selection: 11/15 18:03:00.533697 - 18:04:02.533697 (62 s at 1 sec). Source File: C:UsersLauraDocumentsCustomer ProjectsCase 03A543tr-twohosts.pcapng File Time: 12/31/2013 4:03:25 PM File Size: 54525KB Checksum (): Drilldown Sequence: 1. Applied the view "IP Conversations" 2. Performed a Conversation selection on the "IP Conversations" Conversation Ring. Details: Selected: 200.236.31.1 - 192.168.1.72 3. Applied the view "Bandwidth Over Time (2)"
Bytes per Second The number of bytes per second. Figure 5 - Bytes per Second
Bits per Second VIEW NOTES: The number of bits per second. This enables an at-a-glance view of the total bandwidth used as well as a detailed look in single second precision. OTHER NOTES: Interestingly the maximum throughput rate is lower in this IP conversation than the IP conversation to/from 1.119. We can see the consistency of this throughput during the file download to 1.72. Next we want to look further into the 1.119 views to determine if we are dealing with a network issue. [We used the right-click | drilldown method to create this new view.] Figure 6 - Bits per Second
Packets per Second The number of packets per second. This view when compared to the bits/bytes view above allows the user to visually identify when many small packets are generating the traffic or if it is a few larger packets. Figure 7 - Packets per Second
TCP Errors Overview TCP Errors Overview Applied on 12/31/2013 4:21:18 PM. Total capture window: 11/15 18:03:43.415340 - 18:04:30.415340. Current selection: 11/15 18:03:43.415340 - 18:04:30.415340 (47 s at 1 sec). Source File: C:UsersLauraDocumentsCustomer ProjectsCase 03A543tr-twohosts.pcapng File Time: 12/31/2013 4:03:25 PM File Size: 54525KB Checksum (): Drilldown Sequence: 1. Applied the view "IP Conversations" 2. Performed a Conversation selection on the "IP Conversations" Conversation Ring. Details: Selected: 200.236.31.1 - 192.168.1.119 3. Applied the view "TCP Errors Overview"
TCP Errors Over Time VIEW NOTES: The number of TCP errors per second, charted over time. OTHER NOTES: This TCP Errors Overview screams that "packet loss" is the issue. Notice the pattern matches the dips in the throughput (Bandwidth Over Time) graph. Our 1.119 host is downloading a file and it appears that significant packet loss occurs during the process. Our host supports Fast Recovery (hence the Duplicate ACKs), but this cannot overcome the throughput problems caused by packet loss. We will look inside the Duplicate ACKs to see if the client is at least using SACK (119DupeACKs.pcapng). [We used the right-click | Send to Wireshark from the Total TCP Errors screen to just grab those packets.] We also notice that there are only 454 Lost Segment indications, but over 1,000 Retransmissions. This means that we lost multiple segments in a row - complete outages rather than just single packets being dropped here and there. This is of concern since 99.99999% of the time packet loss occurs at an infrastructure device. This trace indicates that likely an infrastructure device is failing fast. We need to find out if it is one of ours and replace it asap. NEXT STEP: We need to capture traffic at the ingress point of our network to determine if the packet loss is occurring internally or externally. If we see the original packets AND Retransmissions in that trace file then we have a problem internally... packet loss has not occurred yet. If we only see the Retransmissions, then the problem is external to our network. Figure 8 - TCP Errors Over Time
Relative Number of Errors The relative number of occurrences of the different TCP errors in the period under observation. Figure 10 - Relative Number of Errors

Recommended

Operation of Ping - (Computer Networking)
Operation of Ping - (Computer Networking) Operation of Ping - (Computer Networking)
Operation of Ping - (Computer Networking)
Jubayer Al Mahmud
 
Packet analysis using wireshark
Packet analysis using wiresharkPacket analysis using wireshark
Packet analysis using wireshark
Basaveswar Kureti
 
Wireshark
WiresharkWireshark
Wireshark
Vijay kumar
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell ppt
sravya raju
 
Network packet analysis -capture and Analysis
Network packet analysis -capture and AnalysisNetwork packet analysis -capture and Analysis
Network packet analysis -capture and Analysis
Manjushree Mashal
 
Wireshark
WiresharkWireshark
Wireshark
Sourav Roy
 
Cubic
CubicCubic
Cubic
deawoo Kim
 
GRE (Generic Routing Encapsulation)
GRE (Generic Routing Encapsulation)GRE (Generic Routing Encapsulation)
GRE (Generic Routing Encapsulation)
NetProtocol Xpert
 

Recommended

Operation of Ping - (Computer Networking)
Operation of Ping - (Computer Networking) Operation of Ping - (Computer Networking)
Operation of Ping - (Computer Networking)
Jubayer Al Mahmud
 
Packet analysis using wireshark
Packet analysis using wiresharkPacket analysis using wireshark
Packet analysis using wireshark
Basaveswar Kureti
 
Wireshark
WiresharkWireshark
Wireshark
Vijay kumar
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell ppt
sravya raju
 
Network packet analysis -capture and Analysis
Network packet analysis -capture and AnalysisNetwork packet analysis -capture and Analysis
Network packet analysis -capture and Analysis
Manjushree Mashal
 
Wireshark
WiresharkWireshark
Wireshark
Sourav Roy
 
Cubic
CubicCubic
Cubic
deawoo Kim
 
GRE (Generic Routing Encapsulation)
GRE (Generic Routing Encapsulation)GRE (Generic Routing Encapsulation)
GRE (Generic Routing Encapsulation)
NetProtocol Xpert
 
Network forensics1
Network forensics1Network forensics1
Network forensics1
Santosh Khadsare
 
Sania rtp
Sania rtpSania rtp
Sania rtp
saniacorreya
 
Subnetting (FLSM & VLSM) with examples
Subnetting (FLSM & VLSM) with examplesSubnetting (FLSM & VLSM) with examples
Subnetting (FLSM & VLSM) with examples
Krishna Mohan
 
udp , tcp ,sctp
udp , tcp ,sctpudp , tcp ,sctp
udp , tcp ,sctp
AKSHIT KOHLI
 
Chapter 26
Chapter 26Chapter 26
Chapter 26
Faisal Mehmood
 
Practical Packet Analysis: Wireshark
Practical Packet Analysis: Wireshark Practical Packet Analysis: Wireshark
Practical Packet Analysis: Wireshark
Ashley Wheeler
 
Slides of SNMP (Simple network management protocol)
Slides of SNMP (Simple network management protocol)Slides of SNMP (Simple network management protocol)
Slides of SNMP (Simple network management protocol)
Shahrukh Ali Khan
 
Kerberos
KerberosKerberos
Kerberos
Sparkbit
 
DevConf 2014 Kernel Networking Walkthrough
DevConf 2014 Kernel Networking WalkthroughDevConf 2014 Kernel Networking Walkthrough
DevConf 2014 Kernel Networking Walkthrough
Thomas Graf
 
CCNA Basic Switching and Switch Configuration
CCNA Basic Switching and Switch ConfigurationCCNA Basic Switching and Switch Configuration
CCNA Basic Switching and Switch Configuration
Dsunte Wilson
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking Explained
Thomas Graf
 
Cilium - Container Networking with BPF & XDP
Cilium - Container Networking with BPF & XDPCilium - Container Networking with BPF & XDP
Cilium - Container Networking with BPF & XDP
Thomas Graf
 
Network security on Cisco routers and switches
Network security on Cisco routers and switchesNetwork security on Cisco routers and switches
Network security on Cisco routers and switches
Alexandros Britzolakis
 
ICMP
ICMPICMP
ICMP
selvakumar_b1985
 
Cs8591 u4
Cs8591 u4Cs8591 u4
Cs8591 u4
Kathirvel Ayyaswamy
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
Roberto Ellis
 
25.3.10 packet tracer explore a net flow implementation
25.3.10 packet tracer explore a net flow implementation25.3.10 packet tracer explore a net flow implementation
25.3.10 packet tracer explore a net flow implementation
Freddy Buenaño
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap
OWASP Delhi
 
Packet sniffers
Packet sniffersPacket sniffers
Packet sniffers
Kunal Thakur
 
Wireshark Tutorial
Wireshark TutorialWireshark Tutorial
Wireshark Tutorial
Coursenvy.com
 
TCP RemoteFX and IPQ
TCP RemoteFX and IPQTCP RemoteFX and IPQ
TCP RemoteFX and IPQ
IPeak Networks
 
IRJET- Simulation Analysis of a New Startup Algorithm for TCP New Reno
IRJET- Simulation Analysis of a New Startup Algorithm for TCP New RenoIRJET- Simulation Analysis of a New Startup Algorithm for TCP New Reno
IRJET- Simulation Analysis of a New Startup Algorithm for TCP New Reno
IRJET Journal
 

More Related Content

What's hot

CCNA Basic Switching and Switch Configuration
CCNA Basic Switching and Switch ConfigurationCCNA Basic Switching and Switch Configuration
CCNA Basic Switching and Switch Configuration
Dsunte Wilson
 
25.3.10 packet tracer explore a net flow implementation
25.3.10 packet tracer explore a net flow implementation25.3.10 packet tracer explore a net flow implementation
25.3.10 packet tracer explore a net flow implementation
Freddy Buenaño
 

What's hot (20)

Network forensics1
Network forensics1Network forensics1
Network forensics1
 
Sania rtp
Sania rtpSania rtp
Sania rtp
 
Subnetting (FLSM & VLSM) with examples
Subnetting (FLSM & VLSM) with examplesSubnetting (FLSM & VLSM) with examples
Subnetting (FLSM & VLSM) with examples
 
udp , tcp ,sctp
udp , tcp ,sctpudp , tcp ,sctp
udp , tcp ,sctp
 
Chapter 26
Chapter 26Chapter 26
Chapter 26
 
Practical Packet Analysis: Wireshark
Practical Packet Analysis: Wireshark Practical Packet Analysis: Wireshark
Practical Packet Analysis: Wireshark
 
Slides of SNMP (Simple network management protocol)
Slides of SNMP (Simple network management protocol)Slides of SNMP (Simple network management protocol)
Slides of SNMP (Simple network management protocol)
 
Kerberos
KerberosKerberos
Kerberos
 
DevConf 2014 Kernel Networking Walkthrough
DevConf 2014 Kernel Networking WalkthroughDevConf 2014 Kernel Networking Walkthrough
DevConf 2014 Kernel Networking Walkthrough
 
CCNA Basic Switching and Switch Configuration
CCNA Basic Switching and Switch ConfigurationCCNA Basic Switching and Switch Configuration
CCNA Basic Switching and Switch Configuration
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking Explained
 
Cilium - Container Networking with BPF & XDP
Cilium - Container Networking with BPF & XDPCilium - Container Networking with BPF & XDP
Cilium - Container Networking with BPF & XDP
 
Network security on Cisco routers and switches
Network security on Cisco routers and switchesNetwork security on Cisco routers and switches
Network security on Cisco routers and switches
 
ICMP
ICMPICMP
ICMP
 
Cs8591 u4
Cs8591 u4Cs8591 u4
Cs8591 u4
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
25.3.10 packet tracer explore a net flow implementation
25.3.10 packet tracer explore a net flow implementation25.3.10 packet tracer explore a net flow implementation
25.3.10 packet tracer explore a net flow implementation
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap
 
Packet sniffers
Packet sniffersPacket sniffers
Packet sniffers
 
Wireshark Tutorial
Wireshark TutorialWireshark Tutorial
Wireshark Tutorial
 

Similar to Sample Network Analysis Report based on Wireshark Analysis

Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 FinalExploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
masoodnt10
 
Multiple_Vendors_Part-1
Multiple_Vendors_Part-1Multiple_Vendors_Part-1
Multiple_Vendors_Part-1
Philip Storey
 
Improving Performance of TCP in Wireless Environment using TCP-P
Improving Performance of TCP in Wireless Environment using TCP-PImproving Performance of TCP in Wireless Environment using TCP-P
Improving Performance of TCP in Wireless Environment using TCP-P
IDES Editor
 
Analysis of network traffic by using packet sniffing tool wireshark
Analysis of network traffic by using packet sniffing tool wiresharkAnalysis of network traffic by using packet sniffing tool wireshark
Analysis of network traffic by using packet sniffing tool wireshark
IJARIIT
 
ND0801_Assignment_3_Protocols for P3
ND0801_Assignment_3_Protocols for P3ND0801_Assignment_3_Protocols for P3
ND0801_Assignment_3_Protocols for P3
John Mathias
 
TCP Congestion Control
TCP Congestion ControlTCP Congestion Control
TCP Congestion Control
Michail Grigoropoulos
 
Analytical Research of TCP Variants in Terms of Maximum Throughput
Analytical Research of TCP Variants in Terms of Maximum ThroughputAnalytical Research of TCP Variants in Terms of Maximum Throughput
Analytical Research of TCP Variants in Terms of Maximum Throughput
IJLT EMAS
 

Similar to Sample Network Analysis Report based on Wireshark Analysis (20)

TCP RemoteFX and IPQ
TCP RemoteFX and IPQTCP RemoteFX and IPQ
TCP RemoteFX and IPQ
 
IRJET- Simulation Analysis of a New Startup Algorithm for TCP New Reno
IRJET- Simulation Analysis of a New Startup Algorithm for TCP New RenoIRJET- Simulation Analysis of a New Startup Algorithm for TCP New Reno
IRJET- Simulation Analysis of a New Startup Algorithm for TCP New Reno
 
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 FinalExploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
 
Chapter 3. sensors in the network domain
Chapter 3. sensors in the network domainChapter 3. sensors in the network domain
Chapter 3. sensors in the network domain
 
Multiple_Vendors_Part-1
Multiple_Vendors_Part-1Multiple_Vendors_Part-1
Multiple_Vendors_Part-1
 
Improving Performance of TCP in Wireless Environment using TCP-P
Improving Performance of TCP in Wireless Environment using TCP-PImproving Performance of TCP in Wireless Environment using TCP-P
Improving Performance of TCP in Wireless Environment using TCP-P
 
Analysis of network traffic by using packet sniffing tool wireshark
Analysis of network traffic by using packet sniffing tool wiresharkAnalysis of network traffic by using packet sniffing tool wireshark
Analysis of network traffic by using packet sniffing tool wireshark
 
Transport layer
Transport layerTransport layer
Transport layer
 
ND0801_Assignment_3_Protocols for P3
ND0801_Assignment_3_Protocols for P3ND0801_Assignment_3_Protocols for P3
ND0801_Assignment_3_Protocols for P3
 
UDP and TCP Protocol & Encrytion and its algorithm
UDP and TCP Protocol & Encrytion and its algorithmUDP and TCP Protocol & Encrytion and its algorithm
UDP and TCP Protocol & Encrytion and its algorithm
 
TCP Congestion Control
TCP Congestion ControlTCP Congestion Control
TCP Congestion Control
 
Internet census 2012
Internet census 2012Internet census 2012
Internet census 2012
 
Feature satip3
Feature satip3Feature satip3
Feature satip3
 
Analytical Research of TCP Variants in Terms of Maximum Throughput
Analytical Research of TCP Variants in Terms of Maximum ThroughputAnalytical Research of TCP Variants in Terms of Maximum Throughput
Analytical Research of TCP Variants in Terms of Maximum Throughput
 
Primer to Browser Netwroking
Primer to Browser NetwrokingPrimer to Browser Netwroking
Primer to Browser Netwroking
 
Quick QUIC Technical Update (2017)
Quick QUIC Technical Update (2017)Quick QUIC Technical Update (2017)
Quick QUIC Technical Update (2017)
 
Feature satip3
Feature satip3Feature satip3
Feature satip3
 
Computer Networking Assignment Help
Computer Networking Assignment HelpComputer Networking Assignment Help
Computer Networking Assignment Help
 
Unit 3 Assignment 1 Osi Model
Unit 3 Assignment 1 Osi ModelUnit 3 Assignment 1 Osi Model
Unit 3 Assignment 1 Osi Model
 
07 coms 525 tcpip - udp
07 coms 525 tcpip - udp07 coms 525 tcpip - udp
07 coms 525 tcpip - udp
 

More from David Sweigert

More from David Sweigert (20)

The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
 
Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting
 
National Cyber Security Awareness Month poster
National Cyber Security Awareness Month posterNational Cyber Security Awareness Month poster
National Cyber Security Awareness Month poster
 
Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner
 
National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017
 
California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9
 
Congressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber SecurityCongressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber Security
 
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
 
Application of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking ThreatsApplication of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking Threats
 
Canada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector ChartCanada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector Chart
 
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
 
Cyber Incident Response Team NIMS Public Comment
Cyber Incident Response Team NIMS Public CommentCyber Incident Response Team NIMS Public Comment
Cyber Incident Response Team NIMS Public Comment
 
Cyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public CommentCyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public Comment
 
National Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFTNational Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFT
 
National Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public FeedbackNational Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public Feedback
 
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERTNursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
 
National Preparedness Goals 2015 2nd edition
National Preparedness Goals 2015 2nd editionNational Preparedness Goals 2015 2nd edition
National Preparedness Goals 2015 2nd edition
 
Healthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness PlanHealthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness Plan
 
Cyber Risk Assessment for the Emergency Services Sector - DHS
Cyber Risk Assessment for the Emergency Services Sector - DHSCyber Risk Assessment for the Emergency Services Sector - DHS
Cyber Risk Assessment for the Emergency Services Sector - DHS
 
Exam notes for the Certified in Homeland Security -- Level II
Exam notes for the Certified in Homeland Security -- Level IIExam notes for the Certified in Homeland Security -- Level II
Exam notes for the Certified in Homeland Security -- Level II
 

Recently uploaded

Nagerbazar @ Independent Call Girls Kolkata - 450+ Call Girl Cash Payment 800...
Nagerbazar @ Independent Call Girls Kolkata - 450+ Call Girl Cash Payment 800...Nagerbazar @ Independent Call Girls Kolkata - 450+ Call Girl Cash Payment 800...
Nagerbazar @ Independent Call Girls Kolkata - 450+ Call Girl Cash Payment 800...
HyderabadDolls
 
Unique Value Prop slide deck________.pdf
Unique Value Prop slide deck________.pdfUnique Value Prop slide deck________.pdf
Unique Value Prop slide deck________.pdf
ScottMeyers35
 
Vivek @ Cheap Call Girls In Kamla Nagar | Book 8448380779 Extreme Call Girls ...
Vivek @ Cheap Call Girls In Kamla Nagar | Book 8448380779 Extreme Call Girls ...Vivek @ Cheap Call Girls In Kamla Nagar | Book 8448380779 Extreme Call Girls ...
Vivek @ Cheap Call Girls In Kamla Nagar | Book 8448380779 Extreme Call Girls ...
Delhi Call girls
 
Call Girls AS Rao Nagar - 8250092165 Our call girls are sure to provide you w...
Call Girls AS Rao Nagar - 8250092165 Our call girls are sure to provide you w...Call Girls AS Rao Nagar - 8250092165 Our call girls are sure to provide you w...
Call Girls AS Rao Nagar - 8250092165 Our call girls are sure to provide you w...
kumargunjan9515
 
Top profile Call Girls In Morena [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Morena [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Morena [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Morena [ 7014168258 ] Call Me For Genuine Models We...
gajnagarg
 
Bhubaneswar Call Girls Bhubaneswar 👉👉 9777949614 Top Class Call Girl Service ...
Bhubaneswar Call Girls Bhubaneswar 👉👉 9777949614 Top Class Call Girl Service ...Bhubaneswar Call Girls Bhubaneswar 👉👉 9777949614 Top Class Call Girl Service ...
Bhubaneswar Call Girls Bhubaneswar 👉👉 9777949614 Top Class Call Girl Service ...
Call Girls Mumbai
 

Recently uploaded (20)

2024: The FAR, Federal Acquisition Regulations, Part 32
2024: The FAR, Federal Acquisition Regulations, Part 322024: The FAR, Federal Acquisition Regulations, Part 32
2024: The FAR, Federal Acquisition Regulations, Part 32
 
Nagerbazar @ Independent Call Girls Kolkata - 450+ Call Girl Cash Payment 800...
Nagerbazar @ Independent Call Girls Kolkata - 450+ Call Girl Cash Payment 800...Nagerbazar @ Independent Call Girls Kolkata - 450+ Call Girl Cash Payment 800...
Nagerbazar @ Independent Call Girls Kolkata - 450+ Call Girl Cash Payment 800...
 
Unique Value Prop slide deck________.pdf
Unique Value Prop slide deck________.pdfUnique Value Prop slide deck________.pdf
Unique Value Prop slide deck________.pdf
 
2024 UN Civil Society Conference in Support of the Summit of the Future.
2024 UN Civil Society Conference in Support of the Summit of the Future.2024 UN Civil Society Conference in Support of the Summit of the Future.
2024 UN Civil Society Conference in Support of the Summit of the Future.
 
tOld settlement register shouldnotaffect BTR
tOld settlement register shouldnotaffect BTRtOld settlement register shouldnotaffect BTR
tOld settlement register shouldnotaffect BTR
 
Vivek @ Cheap Call Girls In Kamla Nagar | Book 8448380779 Extreme Call Girls ...
Vivek @ Cheap Call Girls In Kamla Nagar | Book 8448380779 Extreme Call Girls ...Vivek @ Cheap Call Girls In Kamla Nagar | Book 8448380779 Extreme Call Girls ...
Vivek @ Cheap Call Girls In Kamla Nagar | Book 8448380779 Extreme Call Girls ...
 
Call Girls AS Rao Nagar - 8250092165 Our call girls are sure to provide you w...
Call Girls AS Rao Nagar - 8250092165 Our call girls are sure to provide you w...Call Girls AS Rao Nagar - 8250092165 Our call girls are sure to provide you w...
Call Girls AS Rao Nagar - 8250092165 Our call girls are sure to provide you w...
 
Pakistani Call girls in Sharjah 0505086370 Sharjah Call girls
Pakistani Call girls in Sharjah 0505086370 Sharjah Call girlsPakistani Call girls in Sharjah 0505086370 Sharjah Call girls
Pakistani Call girls in Sharjah 0505086370 Sharjah Call girls
 
Scaling up coastal adaptation in Maldives through the NAP process
Scaling up coastal adaptation in Maldives through the NAP processScaling up coastal adaptation in Maldives through the NAP process
Scaling up coastal adaptation in Maldives through the NAP process
 
Lorain Road Business District Revitalization Plan Final Presentation
Lorain Road Business District Revitalization Plan Final PresentationLorain Road Business District Revitalization Plan Final Presentation
Lorain Road Business District Revitalization Plan Final Presentation
 
2024: The FAR, Federal Acquisition Regulations, Part 31
2024: The FAR, Federal Acquisition Regulations, Part 312024: The FAR, Federal Acquisition Regulations, Part 31
2024: The FAR, Federal Acquisition Regulations, Part 31
 
Contributi dei parlamentari del PD - Contributi L. 3/2019
Contributi dei parlamentari del PD - Contributi L. 3/2019Contributi dei parlamentari del PD - Contributi L. 3/2019
Contributi dei parlamentari del PD - Contributi L. 3/2019
 
Panchayath circular KLC -Panchayath raj act s 169, 218
Panchayath circular KLC -Panchayath raj act s 169, 218Panchayath circular KLC -Panchayath raj act s 169, 218
Panchayath circular KLC -Panchayath raj act s 169, 218
 
NAP Expo - Delivering effective and adequate adaptation.pptx
NAP Expo - Delivering effective and adequate adaptation.pptxNAP Expo - Delivering effective and adequate adaptation.pptx
NAP Expo - Delivering effective and adequate adaptation.pptx
 
Sustainability by Design: Assessment Tool for Just Energy Transition Plans
Sustainability by Design: Assessment Tool for Just Energy Transition PlansSustainability by Design: Assessment Tool for Just Energy Transition Plans
Sustainability by Design: Assessment Tool for Just Energy Transition Plans
 
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'Israël
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'IsraëlAntisemitism Awareness Act: pénaliser la critique de l'Etat d'Israël
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'Israël
 
NGO working for orphan children’s education
NGO working for orphan children’s educationNGO working for orphan children’s education
NGO working for orphan children’s education
 
Tuvalu Coastal Adaptation Project (TCAP)
Tuvalu Coastal Adaptation Project (TCAP)Tuvalu Coastal Adaptation Project (TCAP)
Tuvalu Coastal Adaptation Project (TCAP)
 
Top profile Call Girls In Morena [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Morena [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Morena [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Morena [ 7014168258 ] Call Me For Genuine Models We...
 
Bhubaneswar Call Girls Bhubaneswar 👉👉 9777949614 Top Class Call Girl Service ...
Bhubaneswar Call Girls Bhubaneswar 👉👉 9777949614 Top Class Call Girl Service ...Bhubaneswar Call Girls Bhubaneswar 👉👉 9777949614 Top Class Call Girl Service ...
Bhubaneswar Call Girls Bhubaneswar 👉👉 9777949614 Top Class Call Girl Service ...
 

Sample Network Analysis Report based on Wireshark Analysis

  • 1. Sample Network Analysis Report Report Information Report created on 12/31/2013 4:37:16 PM. Analyst Information Name Sample Analysis Report E-mail Address info@chappellu.com Phone Number 408-378-7841 Client Information Client Name Chappell University Case Number 03A543
  • 2. Table of Contents IP Conversations 3 IP Conversations 4 Bandwidth Over Time 5 Bytes per Second 6 Bits per Second 7 Packets per Second 8 Bandwidth Over Time (2) 9 Bytes per Second 10 Bits per Second 11 Packets per Second 12 TCP Errors Overview 13 TCP Errors Over Time 14 Total TCP Errors Relative Number of Errors 15
  • 3. IP Conversations Conversations among IP hosts Applied on 12/31/2013 4:04:17 PM. Total capture window: 11/15 18:03:00.533697 - 18:04:30.533697. Current selection: 11/15 18:03:00.533697 - 18:04:30.533697 (90 s at 1 sec). Source File: C:UsersLauraDocumentsCustomer ProjectsCase 03A543tr-twohosts.pcapng File Time: 12/31/2013 4:03:25 PM File Size: 54525KB Checksum ():
  • 4. IP Conversations VIEW NOTES: IP host conversations. The size of the host is relative to the amount of data it has transmitted. The size of each connection is relative to how much traffic it has transported between the two endpoints (hosts). OTHER NOTES: This trace file contains two conversations. We have two interanl hosts that are downloading a file from a remote host. In this report we will refer to the local hosts by the last two bytes of their IP addresses - 1.72 and 1.119. We will refer to the remote server as simply "the remote server." Figure 1 - IP Conversations
  • 5. Bandwidth Over Time Total bandwidth over time Applied on 12/31/2013 4:06:08 PM. Total capture window: 11/15 18:03:43.415340 - 18:04:30.415340. Current selection: 11/15 18:03:43.415340 - 18:04:30.415340 (47 s at 1 sec). Source File: C:UsersLauraDocumentsCustomer ProjectsCase 03A543tr-twohosts.pcapng File Time: 12/31/2013 4:03:25 PM File Size: 54525KB Checksum (): Drilldown Sequence: 1. Applied the view "IP Conversations" 2. Performed a Conversation selection on the "IP Conversations" Conversation Ring. Details: Selected: 200.236.31.1 - 192.168.1.119 3. Applied the view "Bandwidth Over Time"
  • 6. Bytes per Second The number of bytes per second. Figure 2 - Bytes per Second
  • 7. Bits per Second VIEW NOTES: The number of bits per second. This enables an at-a-glance view of the total bandwidth used as well as a detailed look in single second precision. OTHER NOTES: We applied this "Bandwidth Over Time" view to the traffic to/from 1.119. We can see the throughput reaches 18 Mbps. There are numerous significant drops, however. We will compare this to the throughput graph for traffic to and from 1.72 next. [We used the right-click | drilldown method to create this new view.] Figure 3 - Bits per Second
  • 8. Packets per Second The number of packets per second. This view when compared to the bits/bytes view above allows the user to visually identify when many small packets are generating the traffic or if it is a few larger packets. Figure 4 - Packets per Second
  • 9. Bandwidth Over Time (2) Total bandwidth over time Applied on 12/31/2013 4:18:00 PM. Total capture window: 11/15 18:03:00.533697 - 18:04:02.533697. Current selection: 11/15 18:03:00.533697 - 18:04:02.533697 (62 s at 1 sec). Source File: C:UsersLauraDocumentsCustomer ProjectsCase 03A543tr-twohosts.pcapng File Time: 12/31/2013 4:03:25 PM File Size: 54525KB Checksum (): Drilldown Sequence: 1. Applied the view "IP Conversations" 2. Performed a Conversation selection on the "IP Conversations" Conversation Ring. Details: Selected: 200.236.31.1 - 192.168.1.72 3. Applied the view "Bandwidth Over Time (2)"
  • 10. Bytes per Second The number of bytes per second. Figure 5 - Bytes per Second
  • 11. Bits per Second VIEW NOTES: The number of bits per second. This enables an at-a-glance view of the total bandwidth used as well as a detailed look in single second precision. OTHER NOTES: Interestingly the maximum throughput rate is lower in this IP conversation than the IP conversation to/from 1.119. We can see the consistency of this throughput during the file download to 1.72. Next we want to look further into the 1.119 views to determine if we are dealing with a network issue. [We used the right-click | drilldown method to create this new view.] Figure 6 - Bits per Second
  • 12. Packets per Second The number of packets per second. This view when compared to the bits/bytes view above allows the user to visually identify when many small packets are generating the traffic or if it is a few larger packets. Figure 7 - Packets per Second
  • 13. TCP Errors Overview TCP Errors Overview Applied on 12/31/2013 4:21:18 PM. Total capture window: 11/15 18:03:43.415340 - 18:04:30.415340. Current selection: 11/15 18:03:43.415340 - 18:04:30.415340 (47 s at 1 sec). Source File: C:UsersLauraDocumentsCustomer ProjectsCase 03A543tr-twohosts.pcapng File Time: 12/31/2013 4:03:25 PM File Size: 54525KB Checksum (): Drilldown Sequence: 1. Applied the view "IP Conversations" 2. Performed a Conversation selection on the "IP Conversations" Conversation Ring. Details: Selected: 200.236.31.1 - 192.168.1.119 3. Applied the view "TCP Errors Overview"
  • 14. TCP Errors Over Time VIEW NOTES: The number of TCP errors per second, charted over time. OTHER NOTES: This TCP Errors Overview screams that "packet loss" is the issue. Notice the pattern matches the dips in the throughput (Bandwidth Over Time) graph. Our 1.119 host is downloading a file and it appears that significant packet loss occurs during the process. Our host supports Fast Recovery (hence the Duplicate ACKs), but this cannot overcome the throughput problems caused by packet loss. We will look inside the Duplicate ACKs to see if the client is at least using SACK (119DupeACKs.pcapng). [We used the right-click | Send to Wireshark from the Total TCP Errors screen to just grab those packets.] We also notice that there are only 454 Lost Segment indications, but over 1,000 Retransmissions. This means that we lost multiple segments in a row - complete outages rather than just single packets being dropped here and there. This is of concern since 99.99999% of the time packet loss occurs at an infrastructure device. This trace indicates that likely an infrastructure device is failing fast. We need to find out if it is one of ours and replace it asap. NEXT STEP: We need to capture traffic at the ingress point of our network to determine if the packet loss is occurring internally or externally. If we see the original packets AND Retransmissions in that trace file then we have a problem internally... packet loss has not occurred yet. If we only see the Retransmissions, then the problem is external to our network. Figure 8 - TCP Errors Over Time
  • 15. Relative Number of Errors The relative number of occurrences of the different TCP errors in the period under observation. Figure 10 - Relative Number of Errors