In Chapter 5, Using Basic Statistics Tools, we discussed the basic statistical tools—that is, the list of end users, list of conversations, the capture summary, and others. In this chapter, we will look at the advanced statistical tools—the I/O graphs, TCP stream graphs, and, in brief, also UDP multicast streams.

The tools we will talk about here enable us to have a better look at the network. Here, we have two major tools:

• The I/O graph, which enables us to view statistical graphs for any predefined filter—for example, the throughput on a single IP address, the load between two or more hosts, application throughput, TCP phenomena distribution, time between frames, time between TCP sequence numbers and acknowledgement, and more.
• TCP stream graphs. In examining these, we will have a deeper look at a single TCP connection, and learn how to isolate TCP problems and what causes them.

Wireshark Version 2 has significantly improved the I/O graphs and the TCP stream graphs. In this chapter, we will learn how to use the tools; we will need them for deeper protocol analysis in the chapters that deal with protocols.