Improving Wireshark's Flow Graph

[danysigha]

The overall goal of the project is to built a CLI tool with an improved flow graph feature than the one in Wireshark. Please take some time to read the description of Wireshark's flow graph and identify the ways that we can improve it. Please comment below your ideas of how we can improve this tool.

You can access Wireshark's flow graph by hitting Statistics --> Flow Graph in the navigation menu. You can try it with the following packet from lab 1 .

[danysigha]

In my opinion, we can built a CLI tool that performs some filtering and data analysis of the packets that are parsed from the hexdump. This CLI tool is separate from wireshark but it allows for quick filtering before you can use wireshark to display the packets you filtered.

Here are two cases: Scenario 1: I have parsed 1000 packets but I only want to see exchanges that involved IP address 128.98.0.7. I use our CLI tool to quickly filter and generate a new pcap file. I can now visualize the new set of packets that only contain the info I care about.

Scenario 2: I want to know which IP address sends the most messages in the set of packets I parsed from the hexdump. I use our CLI tool to quickly obtain the list of top talkers.

Here is a list of ideas of what we can build:

1. Enhanced Filtering:

   • Allow filtering by various packet attributes such as source/destination IP address, protocol type (e.g., TCP, UDP), port number, packet size, etc.
   • Implement advanced filtering options like filtering based on packet payload content or specific header fields (e.g., HTTP method, response code).
   • Introduce filter presets for common scenarios like filtering only HTTP traffic, DNS queries, FTP transfers, etc.

2. Statistical Analysis: Provide statistical insights into network traffic, such as:

   • Packet count and distribution over time.
   • Bandwidth usage trends.- Protocol distribution (e.g., percentage of DHCP, DNS).
   • Top talkers (hosts generating the most traffic).
   • Response times for different protocols (e.g., HTTP response time distribution).
   • Generate visual representations (graphs, charts) for better understanding of the statistics.
   • Offer export options for statistical data for further analysis or reporting.

[mhendy25]

• [ ] time-series: Packet count and distribution over time.
• [ ] pie chart: Bandwidth usage trends
• [ ] bar chart: Top talkers
• [ ] bar chart: Generate visual representations

[AsikoGomis]

plotext allows you to plots directly on terminal: pip install plotext https://github.com/piccolomo/plotext/blob/master/readme/basic.md [https://pypi.org/project/plotext/](url) Could be a possibility I am trying it out will let you know if it's a viable option.