Within Wireshark, we have many tools under Statistics that help us make sense of a packet capture. While CS doesn't have as many features, you'll see that you can do a preliminary evaluation on the fly with the built-in analysis tools.
The following lists the first selections in the analysis tools menu choice, as follows:
- Follow stream, SSL, and HTTP: Similar to the Follow the Stream function in Wireshark, this provides a way to see the details of a single conversation between two endpoints.
- Ladder Diagrams: These are similar to the flow graphs in Wireshark, showing the endpoints communicating back and forth:
Ladder diagram
- Network Endpoints: This will provide a list of endpoints. Similar to Wireshark, while in the window, you can filter by the type of endpoint you would like to see; that is, eth, ipv4, ipv6, tcp, or udp, as shown in the following screenshot:
Endpoints
- GeoIP World Map: At the bottom of the endpoints report, you will see a button to select GeoIP Map. When selected, it will show where the packets originate, as shown here:
GeoIP World Map
- Protocol Conversations: This will provide a list of conversations, similar to Wireshark. While in the window, you can filter by the type of conversation you would like to see: eth, ipv4, ipv6, tcp, or udp.
As you can see, CS is populated with many tools that you can use to analyze data. The next section shows how we can take a look at the details of a VoIP call, graph packet lengths, and DNS activity.