College of Computing and Informatics

Department of Information Systems

Course name: Business Data Telecom&Networks

Group assignmentt: Wireshark

Dr. Iman Ahmed Akour

Hind Khalid saif u18103050

Khulood hamad Alsheryani U20200722

Hessa alnuaimi U21101615

Hind Ahmad U21101805

Latefa ali alketbi U20104599

 Fall: 2023/2024

Network QOS Analysis – Report

Wireshark:

Wireshark is a popular open-source network protocol analyser that

allows network administrators, security professionals, and developers
to capture and analyse network traffic in real-time. It provides a
detailed view of the packets that are sent and received over a network,
which can be invaluable for troubleshooting network issues, identifying
security threats, and optimizing network performance.

Wireshark is a packet capture tool that allows users to capture and

analyse packets of data that are transmitted over a network. It can
capture packets from a wide range of network interfaces, including
Ethernet, Wi-Fi, Bluetooth, and USB, and supports a variety of
protocols, including TCP, UDP, HTTP, DNS, and more.

Once captured, Wireshark provides a powerful set of analysis tools that

allow users to filter and search through the captured packets, extract
valuable information, and visualize network traffic patterns. Some of the
key features of Wireshark include:

Packet Capture:

Wireshark can capture packets in real time from any network interface
that is connected to the system, or from a file that contains captured
packets. It can capture packets from a wide range of network protocols,
including Ethernet, Wi-Fi, Bluetooth, and USB.

Example 1

Protocol Analysis:
Wireshark provides a powerful set of analysis tools that allow users to
filter and search through the captured packets, extract valuable
information, and visualize network traffic patterns. Users can apply
filters to capture specific packets, dissect packets to extract protocol-
specific information, and analyse packet flows to identify network issues
or security threats.

Example 2

Statistical Analysis:

Wireshark also provides statistical analysis tools that allow users to

analyse network performance metrics, such as network latency, packet
loss, and throughput. This can help network administrators identify
bottlenecks and optimize network performance.
Example 3

Protocol Decoding:

Wireshark supports a wide range of protocols, and it can decode and

display the contents of packets that use these protocols. This can help
users understand the behaviour of different protocols and troubleshoot
issues related to protocol interactions.

Exporting and Reporting:

Wireshark allows users to export packets and analysis results to various

file formats, including plain text, CSV, XML, and PDF. It also
supports custom reporting capabilities, allowing users to generate
detailed reports on network activity and performance.

Overall, Wireshark is a powerful and flexible tool for network analysis

that provides a detailed view of network traffic and enables users to
identify and troubleshoot network issues quickly and effectively. Its
wide range of features and support for various protocols make it a
valuable tool for network administrators, security professionals, and
developers alike.

Network Performance’s QoS Management:

Network performance's Quality of Service (QoS) management is a

process of managing and controlling the network traffic to ensure that
the network meets the required levels of performance and service. It
involves various techniques and mechanisms that are used to prioritize
and manage the flow of network traffic based on the application's
requirements.

Here are some of the metrics that is used to measure the quality of
service of a network:
 Bandwidth: It refers to the volume of data that may be sent through
a network in a specific period. The amount of data that can be
carried between two sites on a network is determined by the
bandwidth, which is expressed in bits per second.
 Latency: It is the interval of time between submitting a request and
receiving a response. The amount of latency, which is expressed in
milliseconds, impacts how quickly a network responds.
 Packet loss: It measures the proportion of packets lost during
transmission. Network congestion, transmission faults, and other
factors can all contribute to packet loss. The amount of packets lost
is expressed as a percentage of all sent packets.
 Reliability: It is the network's capacity to send data without
hiccups or delays. Uptime and downtime are used to gauge
reliability.

Main Goal:
 The main goal of QoS management is to guarantee that the network can
deliver the required level of service for each application running on it.
This is achieved by controlling the network bandwidth, latency, packet
loss, and other parameters to ensure that the network performance is
optimized for each application's needs.

QoS Mechanisms:

There are different QoS mechanisms that can be used to manage

network performance. These include traffic shaping, packet
prioritization, congestion avoidance, and bandwidth reservation. Traffic
shaping involves controlling the rate of data transmission to match the
available network capacity. Packet prioritization involves prioritizing
packets based on their importance, while congestion avoidance aims to
prevent network congestion by reducing the rate of data transmission.
Bandwidth reservation involves reserving a certain amount of network
bandwidth for specific applications.

Summary:

The QoS management of network performance is essential to maintain

optimal performance and service for each application using it. It
involves several methods that regulate network traffic, such as traffic
shaping, packet prioritization, congestion avoidance, and bandwidth
reservation. All these mechanisms ensure that the network meets the
specific level of operation required by every application.

Network Analysis – Sample Network:

Figure1.1

Frame and Eth II:

Here’s the screenshot for the Frame & Eth II information of the selected
network. Including the data bytes on wires, amount of data captured,
vendors, and source/destination mac addresses:
Figure1.2

Network Speed:

Network speed, also known as network bandwidth, refers to the

maximum amount of data that can be transmitted over a network
connection in a given amount of time. It is usually measured in bits per
second (bps) or bytes per second (Bps). The speed of a network
connection depends on various factors, including the type of connection,
the quality of the connection, and the amount of traffic on the network.
Faster network speeds enable faster data transfer, resulting in improved
performance and reduced latency for network applications.

Network Speed in Wireshark:

To find the "TCP Window Full" filter in Wireshark, go to the "Filter"

field at the top of the Wireshark window, type
"tcp.window_size_scalefactor == 0 && tcp.window_size > 0", and press
Enter. Then, select any packet in the list of captured packets, right-click
it, and choose "Follow > TCP Stream". In the new window that opens,
look for the "Window Full Threshold" value, which shows the number
of bytes that can be sent before the sender needs to receive an
acknowledgement from the receiver.

Bandwidth Utilization:

Bandwidth utilization in a network refers to the amount of data that is

being transmitted over a network connection at a given time. It is
typically measured in bits per second (bps), and it represents the total
amount of data that is being transferred across a network link, such as a
wired or wireless connection.
High bandwidth utilization can have a significant impact on network
performance, particularly if the network link becomes saturated and is
unable to handle the amount of data being transmitted. This can cause
delays, packet loss, and other performance issues. Network
administrators can monitor bandwidth utilization to identify potential
bottlenecks and optimize network performance by adjusting network
configurations, upgrading network hardware, or adding additional
network capacity.

To find the "IO Graph" feature in Wireshark, go to the "Statistics" menu

at the top of the Wireshark window, hover over "IO Graphs", and choose
"Throughput". In the new window that opens, choose the network
interface and time range you want to analyze, and the graph will show
the amount of data transferred over time

Figure1.3
Figure1.4

Network Latency:

Network latency refers to the amount of time it takes for a packet of data to travel
from one point in a network to another point. It is usually measured in milliseconds
(ms) and can be affected by a variety of factors such as the distance between the
source and destination, the number of network devices that the data has to traverse,
and the amount of congestion or traffic on the network.

Latency can have a significant impact on network performance and user

experience. For example, in applications that require real-time communication,
such as online gaming or video conferencing, high latency can cause delays,
interruptions, and lag. In contrast, applications that primarily involve the transfer
of large files or bulk data, such as backups or file transfers, may be less sensitive to
latency.
To find the "Round Trip Time" (RTT) filter in Wireshark, go to the "Statistics"
menu at the top of the Wireshark window, hover over "TCP Stream Graphs", and
choose "Round Trip Time Graph". In the new window that opens, select the packet
or packets you want to analyze, and the graph will show the RTT for each packet.

Figure1.5
Packet Loss:

Packet loss in a network occurs when one or more packets of data being
transmitted between two devices are lost or do not reach their intended
destination. This can happen due to various reasons, such as network
congestion, faulty network hardware, or errors in the network protocol.

When packet loss occurs, it can lead to degraded network performance

and lower throughput. This is because the loss of packets can result in
retransmission of those packets, which can increase network latency and
decrease the overall speed of data transmission. In some cases, packet
loss can cause complete data loss or corruption, which can impact the
functionality of applications or devices that rely on that data.

Packet loss can be monitored and measured using network monitoring

tools such as Wireshark or by examining network performance metrics
such as the packet loss rate or the number of retransmissions. Network
administrators can use this information to identify and troubleshoot the
causes of packet loss in the network and take steps to improve network
performance and reliability.

To find the "Packet Loss" filter in Wireshark, go to the "Statistics" menu

at the top of the Wireshark window, hover over "Summary", and choose
"Packet Lengths". In the new window that opens, select the network
interface and time range you want to analyse, and the graph will show
the number of packets sent and received. You can then calculate the
packet loss percentage by dividing the number of lost packets by the
total number of packets sent.
If this procedure didn’t work due to having some different version of
Wireshark, you can try the following method:

1-Open your Wireshark capture file.

2-Go to the "Statistics" menu at the top of the window.
3-Choose "Capture File Properties" in the dropdown menu.
4-In the new window that appears, click on the "Statistics" tab.
5-Check the box next to "Packet length".
6-Click "OK" to close the window.
7-Go back to the "Statistics" menu at the top of the window.
8-Choose "Packet lengths" in the dropdown menu.

In the new window that appears, you can see the number of packets sent
and received. You can calculate the packet loss percentage by dividing
the number of lost packets by the total number of packets sent.

Figure1.6