Within Wireshark, we have many tools under Statistics that help us make sense of a packet capture. While CS doesn't have as many features, you'll see that you can do a preliminary evaluation on the fly with the built-in analysis tools.

The following lists the first selections in the analysis tools menu choice, as follows:

• Follow stream, SSL, and HTTP: Similar to the Follow the Stream function in Wireshark, this provides a way to see the details of a single conversation between two endpoints.

• Ladder Diagrams: These are similar to the flow graphs in Wireshark, showing the endpoints communicating back and forth:

• Network Endpoints: This will provide a list of endpoints. Similar to Wireshark, while in the window, you can filter by the type of endpoint you would like to see; that is, eth, ipv4, ipv6, tcp, or udp, as shown in the following screenshot:

• GeoIP World Map: At the bottom of the endpoints report, you will see a button to select GeoIP Map. When selected, it will show where the packets originate, as shown here:

• Protocol Conversations: This will provide a list of conversations, similar to Wireshark. While in the window, you can filter by the type of conversation you would like to see: eth, ipv4, ipv6, tcp, or udp.

As you can see, CS is populated with many tools that you can use to analyze data. The next section shows how we can take a look at the details of a VoIP call, graph packet lengths, and DNS activity.