10/16/2019 Analyzing Wireshark Data with Pandas-

Analyzing Wireshark Data with RELATED

Pandas Analyzing Dhcp Process

by: George El., February 2019, Reading time: 2 minutes with Wireshark When
There is Relay Agent
wireshark python pandas
Analyzing Dhcp Process

Pandas is a python package that is used for data analysis. You can do With Wireshark
with pandas whatever you can do with Excell, but usually faster. First we
Analyzing an Http
will capture some packets from wireshark. I left wireshark run for a couple
Connection With
of mins.
Wireshark

CATEGORIES

backup (1)

bash (7)

cisco (5)

hp (1)

ip (16)

linux (3)

then I go to File, Export packet dissections, as CSV. network-monitor (1)

python (16)

web-sraping (1)

wireshark (9)

TAGS

arp-inspection (2)

async (1) awk (2)

backup (1) bash (1)

cisco (5) dhcp (2)

dhcp-snooping (2)

find (1) ftp (1)

grep (1) http (1)

https (1) icmp (1)

The columns that you want to appear in csv, must be visible on ip (11) iperf (1)
wireshack. I have added some columns like total_length of ip packet and
json (1) linux (3)
tcp segment size.
lxml (1) mtu (1)

pandas (1) python (16)

https://www.python4networkengineers.com/posts/analyzing_wireshark_data_with_pandas/ 1/5
10/16/2019 Analyzing Wireshark Data with Pandas-

First I read the csv file (cell 1) into a pandas dataframe df. then I print regex (1) rest (1)
the first 5 rows to see how my data looks like. df.shape gives me the
rsync (1) sed (2)
rows and columns.
sort (3) ssl (1)
on cell 5 I am going to keep all rows that the source is not my pc,
threads (1) tls (1)
because I am interested in incoming traffic. I see the rows now are
188815 vtp (1) wireshark (8)

xargs (3)

Cell 26: I do a groupby(‘Protocol’) and count(), this will print the packets
per protocol, since each line is a packet.

Cell 27: I can also sort_values and I see that the most packet are by
UDP and TCP as expected

Next I am just replacing column names that have spaces with _ for better
manipulation

https://www.python4networkengineers.com/posts/analyzing_wireshark_data_with_pandas/ 2/5
10/16/2019 Analyzing Wireshark Data with Pandas-

then I do a histogram for tcp packets total_length and udp packets

total_length. We see that most packets are between 1400 and 1500 bytes

then I calculate the sum of total_length for each protocol and display it in
1024
a bar plot. I divid by ⁄1024 to convert bytes to MBytes

https://www.python4networkengineers.com/posts/analyzing_wireshark_data_with_pandas/ 3/5
10/16/2019 Analyzing Wireshark Data with Pandas-

Then I print the packet count by protocol

Finally I divide the total packet size by the packet count to find the
average packet size

https://www.python4networkengineers.com/posts/analyzing_wireshark_data_with_pandas/ 4/5
10/16/2019 Analyzing Wireshark Data with Pandas-

Just a note, although I have ARP packets, the packet size shows zero,
because I calculate the total_length of ip packets and arp packets are
only layer 2. If I wanted to include them, I should have taken into
account, ethernet frame size and not ip packet size

 

What do you think?

3 Responses

Upvote Funny Love Surprised Angry Sad

0 Comments http://www.python4networkengineers.com/ 
1 Login

 Recommend t Tweet f Share Sort by Best

Start the discussion…

LOG IN WITH
OR SIGN UP WITH DISQUS ?

Name

Be the first to comment.

✉ Subscribe d Add Disqus to your siteAdd DisqusAdd 🔒 Disqus' Privacy PolicyPrivacy PolicyPrivacy

© 2018-2019 Copyright: Python for Network Engineers by george el.

https://www.python4networkengineers.com/posts/analyzing_wireshark_data_with_pandas/ 5/5