The main task of Wireshark is to intercept network traffic and display it in detail.
Wireshark works on the basis of the Pcap library (Packet Capture) and makes it possible
to create programs for analyzing network data coming to the computer's network card.
This software solution makes it possible, using the real-time mode, for the user to
visually completely scan the passing network traffic, and also
to reject it if it is not
filtered. According to the results of measuring the traffic parameters of the created
multi-service network, the dependence of the number of MPEG protocol packets per
unit of time on the time interval of 6 min was studied. The results obtained in the
course of the study show a fairly strong unevenness of the intensity when receiving
packets of multi-service traffic. All packets show a different spread over time
intervals, which does not have a smooth character. At some time, intervals, packages
appear in the form of groups, the so-called "packs", in others they are presented in a
small amount. Such an uneven distribution with a relatively small average value of the
intensity of packet arrival makes it possible for powerful bursts to appear in the
network burst traffic, and the number of these bursts is quite large. Speaking about the
random nature of all
procedures for the formation, processing and transmission of
network data, one must remember the obligatory use of stochastic models, represented
by MSM models, in the form of puzzle networks and queuing systems of several
classes. The study of MSM with an arbitrary time required for maintenance is a complex
process that is practically impossible to describe in an analytical form through
probability distributions. An analytical solution to this problem can be obtained in the
particular case when it is possible to use statistical traffic parameters conditionally
divided into groups: the values
of the flow of applications, characterized by the
distribution of time intervals between applications; values of queuing systems,
characterized by a set of probabilities of various types of incoming requests; sets of
distributions of service time for requests for each of their types.
To get the distribution and analyze the probability
density of the original
sequences, it is necessary to build their histograms. In this work, the histograms were
fitted using the EasyFit software (PO), which is designed for automatic approximation
of various distributions using the MLE maximum likelihood method.
Approximating distributions from the EasyFit library were selected for the
obtained histograms according to the Kolmogorov–Smirnov agreement criteria. The
choice of this software is determined by the following reasons.
1. Using the EasyFit software, you can build histograms and select a possible
distribution according to the best fit to the experimental data, which reduces the
analysis time by 70–95%, except for.
2. EasyFit software has a large number of additional functions that are designed
to prevent errors in the analysis and help in making decisions.
3. EasyFit software has an integrated infrastructure
for data management and
analysis of reporting functions. The use of the considered software makes it possible
to automatically select the class of statistical distributions.
As a result of the traffic studies [9;17], all the necessary distribution laws
were determined: for example, Internet traffic at the link level characterizes the
intervals between packets by the Pareto distribution, packet lengths by the Baybell
distribution, while IP traffic only at the network level corresponds
to similar
distribution laws. Text files containing the necessary statistical data of the traffic were
obtained when investigating network traffic with the Wireshark program. Statistical
data of real network traffic arriving at the input network buffer, which were taken
in real time, are presented in the form of histograms
of time intervals for the
arrival of network packets, packet lengths, and the approximation of these distribution
density functions. The solutions that were obtained using this analytical model make it
possible to analyze the characteristics of existing objects related to various subject
areas. One of these applications is the functional optimization of existing computing
and telecommunication systems.
