In order to determine the flow and types of packets on the network, a packets sniffer program ‘Wireshark’ was used to capture the packets. Wireshark was used to capture 30 minutes of network activity in two different intervals, morning and afternoon.
The partial output from the Wireshark capture, from both sessions is shown in figure 4.4; from analysis of the packet sniffer program it can be deduced that the network traffic usage is mainly TCP connections, such as web browsing, file transfer and mail services.
It can also be noted that there is a significant amount of the broadcast packets like ARP, NBNS and UDP, as shown in figure 4.6 a partial segment of the Wireshark output and due to these packets the switches should experience a vast number of broadcasts, which in general degrades the entire network performance.
The graph as depicted in figure 4.7 represents the amount of packets that where captured for a given time period, which show there is a significant amount of broadcast in the network.
4.2.3 NETWORK STATISTICS
In order to get some real time statistics, capturing the packets alone was not enough to give clear indication on the actual network statistics, as packet sniffer captures and displays packets transmitted from one source to the destination.
OptiView Protocol Expert was used to capture and produce the network statistics which provide a graphical result of the network usage, such as top ten hosts, top applications. It should be taken in to account that the version of OptiView Protocol Expert is an educational version, which has limitations, that’s is it can only record 250 entries, this software was provided by the university, this limitations may lead to some features to be restricted.
The statistics are categorised into three groups namely, Protocol Distribution, Application Layer Host Table and Network Layer Host Table.