I have been looking for a way to analyse a packet capture and provide a visual representation to show how much multicast and how much broadcast is in a capture compared to unicast. There are commercially available software to do this kind of analysis but those are not cheap. Playing around with tools in Wireshark I found that IO graph can show this analysis in a graph,
Steps : Open the capture using Wireshark --> goto Statistics --> IO Graph --> Enter the filter you want for each line in the graph.
IPv4 multicast filter : eth.dst[0] == 0x01
IPv6 multicast filter : eth.dst[0] == 0x33
Broadcast filter : eth.dst[0] == 0xff
Unicast is not(multicast or broadcast) : !(eth.dst[0] == 0x33 || eth.dst[0] == 0x01 || eth.dst[0] == 0xff)
No comments:
Post a Comment