I/O Graphs Window in Wireshark

One of the really handy parts of the Wireshark is being able to see all the data that we have captured in really useful ways such as a graph. This can be very useful if we want to see how much traffic is flowing across our network and is very useful if we have a huge amount of data to sift through. The Wireshark’s I/O graph is one of the basic graphs that are created using the packets present in the capture file. It helps us to plot packet and protocol data in many ways.

I/O Graph for a Trace File :

To open the “I/O Graph” in Wireshark for a trace file follow the below steps:

• Start the Wireshark by selecting the network we want to analyze.
• Now go into the Wireshark and click on Statistics→ I/O Graph menu or toolbar item.

 

This will then bring up Wireshark’s “I/O Graph” window.

 

The screenshot above of the I/O Graph window displays the graph of the captured network packets that are highly configurable. This graph displays all the traffic present in a capture file which is measured in packets(bytes/bits) per second. By default, the x-axis represents the time in seconds and the y-axis represents the number of packets per tick. The scale for the x and y-axis can be changed. The time interval can be modified and we can also alter the scale from linear to logarithmic scale.

If we hover over the graph lines, we can see the details of the packet in each interval and clicking on the graph takes us to the linked packet in the packet list of Wireshark’s main window.
 

Graphs can be configured using the following options:

• Graph Name: The column displays the name of this graph.
• Display Filter: Applying the display filter will limit the graph to packets that match the primitive filter.
• Color: For choosing the color pattern of the graph’s lines, bars, or points.
• Style: For selecting the visual representation of the graph’s data for example by drawing a line, bar, circle, plus, etc.
• Y-Axis: The value for the Y axis can be one of :

1. Packets, Bytes, or Bits
2. SUM(Y Field): The sum of the values of the field specified in “Y Field” per interval.
3. COUNT FRAMES(Y Field): The number of frames that contain the field specified in “Y Field” per interval.
4. COUNT FIELDS(Y Field): The number of instances of the field specified in “Y Field” per interval. 
5. MAX(Y Field): The maximum values of the specified “Y Field” per interval.
6. MIN(Y Field): The minimum values of the specified “Y Field” per interval.
7. AVG(Y Field): The arithmetic mean values of the specified “Y Field” per interval.
8. LOAD(Y Field): The sum of the “Y Field” values divided by the interval time if the “Y Field” is set to a relative time value.

• SMA Period: It displays average values over a specified period of intervals.

The following controls are also present:

• ” + “: It will add a new graph.
• ” – “: It will delete the previously added graph.
• Copy: It will copy the selected graph.
• Clear: It will remove all the graphs.
• Interval: It will set the interval period for the graph.
• Time of day: It will change the time from the relative time from the start of capture to the actual time of day on the X-axis.
• Log scale: It will alter the scale of the Y-axis from linear to logarithmic scale.
   

The “Copy” option will copy the values from selected graphs to the clipboard in CSV format and the “Copy from” option will copy the graphs from another profile.