第67页 Chapter 5

Endpoint and conversation statistics is helpful when you are checking how many connections the host has set up. You can also browse the packet statistics using protocol hierarchy statistics.

With name resolution, you can resolve names in different layers. MAC name resolution will convert Layer 2 MAC addresses into Layer 3 IP addresses. Network name resolution will convert Layer 3 IP addresses into DNS records. Transport name resolution will convert a port number into the responsive protocol that using the port.

Protocol dissectors are the translator between the raw data flowing across the wire and Wireshark. It will break down a protocol into various sections. You can change the dissector by right clicking the packet you want to change. The dissector source code could be found in epan/dissectors directory in Wireshark's source code.

Following TCP Stream is another useful feature that can help you on tracking certain conversations of some protocols.

Package length statistics can help you on knowing the current usage status of the network.

Graphing is another useful feature that could help you on displaying the statistics. You can use several graphing techniques, like IO Graph, Round-Trip Time Graph and Flow Graph.

You can also use expert info to see if the connection states are correct.