Chapter 8. Statistics

Table of Contents

8.1. Introduction
8.2. The “Capture File Properties” Window
8.3. Resolved Addresses
8.4. The “Protocol Hierarchy” Window
8.5. Conversations
8.5.1. The “Conversations” Window
8.6. Endpoints
8.6.1. The “Endpoints” Window
8.7. Packet Lengths
8.8. The “I/O Graph” Window
8.9. Service Response Time
8.9.1. The “Service Response Time DCE-RPC” Window
8.10. DHCP (BOOTP) Statistics
8.11. ONC-RPC Programs
8.12. 29West
8.13. ANCP
8.14. BACnet
8.15. Collectd
8.16. DNS
8.17. Flow Graph
8.18. HART-IP
8.20. HTTP Statistics
8.20.1. HTTP Packet Counter
8.20.2. HTTP Requests
8.20.3. HTTP Load Distribution
8.20.4. HTTP Request Sequences
8.21. HTTP2
8.22. Sametime
8.23. TCP Stream Graphs
8.24. UDP Multicast Graphs
8.25. F5
8.26. IPv4 Statistics
8.27. IPv6 Statistics

8.1. Introduction

Wireshark provides a wide range of network statistics which can be accessed via the Statistics menu.

These statistics range from general information about the loaded capture file (like the number of captured packets), to statistics about specific protocols (e.g. statistics about the number of HTTP requests and responses captured).

  • General statistics:

    • Capture File Properties about the capture file.
    • Protocol Hierarchy of the captured packets.
    • Conversations e.g. traffic between specific IP addresses.
    • Endpoints e.g. traffic to and from an IP addresses.
    • IO Graphs visualizing the number of packets (or similar) in time.
  • Protocol specific statistics:

    • Service Response Time between request and response of some protocols.
    • Various other protocol specific statistics.

The protocol specific statistics require detailed knowledge about the specific protocol. Unless you are familiar with that protocol, statistics about it will be pretty hard to understand.

Wireshark has many other statistics windows that display detailed information about specific protocols and might be described in a later version of this document.

Some of these statistics are described at