A new way to visualize packet captures in Wireshark

 

Taking over-the-air packet captures is one of the fundamental tasks in designing, maintaining and troubleshooting wireless networks. Wireshark is the premier and most widely used tool for examining over-the-air packet captures.

Normally, Wireshark only displays a text list of packets. The lack of a graphical display historically made it difficult to analyze packets. At Cisco Meraki, where we use Wireshark on a frequent basis to measure network performance, we realized we needed a better way to visualize captured packet data in order to do our jobs more effectively.

Recently at Meraki, we developed a new method in Wireshark to illustrate the relationship between the packets in time. By illustrating the time dimension, many 802.11 wireless issues that are otherwise hard to identify become easily and clearly apparent.

With this greater clarity and understanding, Meraki engineers are able to innovate and troubleshoot in ways that were not practical before.

To help move the industry forward, Meraki has open sourced this work and contributed it to Wireshark. It is included in the current stable Wireshark release.

Check out the full white paper to read more about our approach and learn how to use these visualizations yourself.