To ensure effective and continued functioning of the network, management should be part of the daily routine. Network management activities include maintaining the quality of the services provided, performance management, securing the network and also analyzing the network to determine its performance through analysis tools . These services apply to all the operating systems such as the Linux, Microsoft System, and MAC among others. The Graphical User Interface (GUI) is used is used in the analysis of both the Windows operating systems and the Linux version . The open source packet checker is the best-known graphical user interface and is found in Windows operating systems. This interface is tasked with the analysis of network protocol for every captured packet, picking out the TCP stream through traffic filter monitoring, and also the filter functionality possession.
Various analysis tools such as the Wireshark and the Message Analyzer are used in analyzing the network. However, the Wireshark is the world's most common and preferred source packet analyzing tool . The analyzer is used in a variety of functions such as the network and the communication protocol analysis and troubleshooting. In this project, the data to be analyzed will be captured from two websites; https://iview.abc.net.au and https://www.lightfm.com.au. The Wireshark analyzing too will be used for the analysis. The data to be analyzed will be accessed from home with an Ethernet interface connection. The Wireshark tool will use the HTTP and the web server of the two websites in the PC for the capturing and analysis of the generated packets. Moreover, the software will use the captured data to determine the sequence graph, windows scaling, load distribution and the throughput essential in evaluating network performance.
Time of capture
Wireshark is composed of various features including the time capture, time for the first and last packet and the elapsed time .
Both the IP address of the client and the number sequence in the network are identified. To establish a dependable Transmission Control Protocol (TCP) session, the three-way handshake is most refereed. This is made possible only when the HTTP launches on the host web server. The initiation of the three-way handshake by the Transmission Control Protocol through the internet leads to the session establishment between the host PC and the web server . Several websites within the host computer may contain different active TCP sessions.
Total Number of captured packets
For the examination of the captures, a source IP address is required. In this analysis, the IP address for the host PC and the MAC will be used as the source address. The input/output IP address for the MAC and the host PC are 00.23.24.5A.ED.8D and 10.1.14.61. Moreover, the DNS and the Google web server IP addresses are 192.168.111 and 192.168.1.130.
According to the above fig. 2 and fig. 3, it is clear that #1137(312) and #1015(741) are the two lost packets.
IP address for the server and the client.
The client and the server IP address in the network are 18.104.22.168 and 192.168.0.6.
A packet number is kept in the first frame to keep the track. For the analysis of the website it is important to understand the following points :
- The HTTP, TCP, and the UDP protocols will be used in the analysis of the packet
- The source and the destination IP address will record the originality and the destination of the packet.
- The length will be used as the determinant for the packet size in bytes.
- The status of the packet will be provided. i.e., the application data.
Round Trip Time
The Domain Name System of the website https://iview.abc.net.au has the IP address 10.1.50.230. This, therefore, simplifies the conveyance of the packet by the PC to the web server. The three-way handshake of both the Google web server and the PC are shown in frame 13.
Number sequence of the TCP connection for the first six segments
The Transmission Control Protocol port number- 49323
The destination port number- 443
The central repository of the computer contains all the information concerning the network. With this understanding, the private information can, therefore, be easily protected. It becomes easier for the administrator to know what to protect, what to hide, where everything is located and also what to give out. A research from computingforever.com shows that a WAN or/and LAN are used in every household. These households have an approximation of three computers each. The LANs is wireless that connects smaller areas compared to the WANs . The WANs can be used in areas such as the cities and the institutions while the LAN fits more in private networks such as the home networks although the WANs can be used in homes. WAN connects more than one LANs. Both networks; WAN and the LAN can be combined to work as one network. By combining the two, one of them has to function as a wired to the router and the other one as a wireless signal transmitted over the network.
All these networks are made up of basic elements which ensure the effective functioning of the network no matter the type or the size of the network. The elements include the switch or routers, firewall, computers, and their interface card, modem and the cables . Interference with any of the elements in the networks renders ineffective functioning of the whole network. A network connection can be either wireless or through cable, although the network interface cards must be used in both cases for the data transmission between the networks. The private information and any other data in the networks are kept at one end. The computer within the network has to encompass security programs that ensure the data is not compromised. There are various types of cables that are used in networking to enhance the data transfer. An example is the cat5e commonly used for a strong network purpose and it is the most standardized for network connections.
Network connection over a long distance such as the oceans can also be achieved by the use of fiber optic cable. The conversion of the digital data into analog by the modem ensures a free flow of data from the mobile lines. In networking, a separation between the network and its components is required and the firewall is tasked with the responsibility . Each of the network components has its own special function. However, the Hub is most preferred to be simpler among the elements.
Retransmissions of TCP
PC192.168.1.130- The host PC IP address
C8-Oa-a9-fa-de-od- The MAC IP address
The Google web server and the PC’s three-way handshake is shown by frame 15. The queried Domain Name System IP address of the website https:// iview.abc.net.au is 10.1.50.230. Frame 15 represents both the PC and the Google web server’s three-way handshake. The Domain Name System of the websites https:// iview.abc.net.au has an IP address 10.1.50.230 thus making it easy for the website in the computer to convey the packet .
Re-transmitted segments in the trace file
With the destination and the source valued 80 and 49523, it means that the destination represents the HTTP port while the source represents the random port. For this network analysis, the relative frequency is set at zero with no flag sets.
Comparison 1: Comparison of the throughput and TCP retransmissions of both applications on three networks and discussion of the reasons for the difference.
The connection orientation property of the TCP and its transmission mechanism are much different. At the look of its property, one may assume that the TCP is more appropriate, but when it comes to the packet transmission purpose, then it causes a delay . It, therefore, requires the administrator to have another more appropriate option. In this case, the UDP can transmit a stream of real-time voice. Consequently, it is far much better than the TCP. The information transfer from the source to the subset of destination in the network is enhanced through the multicast communication.
Moreover, to transfer the packet from source to the destination in a multicast application, a reliable transfer is required. Various multicast applications also need the best effort to transfer the packet. However, it becomes more challenging when a more reliable multicast stream of transfer services is required to be implemented since the TCP is not designed for the implementation . In most cases, the TCP is preferred in the transmission of the dependable packet due to its transfer reliability. It enhances remote basic login applications for the keystroke stream transfer.
The above diagram shows the connection initiation process of the network among the web server and the client. The connection allows the flow of the data frames. The graph flow shows the number of frames, the transmission time, the frame sequence and other details concerning the frame.
The start of the session according to the above diagram is zero. However, when the packet starts wrapping, the zero value becomes the time offset . The end time of a session refers to the total time taken during the session. The vertical dashed lines and the green view in the diagram represent the discontinuity and the correspondence of time range to the visible slots in the timeline. Moreover, the match and resize of the viewport occurs as a result of the timeline change for the slot range.
Comparison 2: Comparison of Message Analyzer tool with Wireshark
Ease of access and use
The two-analysis software; Wireshark and Message Analyzer are accessed through online. They are downloaded and install with less technology required. However, when it comes to the usage, the Wireshark is more complex and has a lot of features as compared to the Message Analyzer .
Graphical User Interface (GUI)
The Message Analyzer and the Wireshark has an enabled automation vital for browsing, re-assembling, importing and sending different types of logs and payloads. However, the Microsoft message in Wireshark does not allow automation. Moreover, the Message Analyzer can analyze data from logs and also offer different view formats of the traced files . It also has more GUI enabled feature that ensures useful functionality of the software.
Visualization of traffic
There is a similarity between the Wireshark and the Message Analyzer as they are all tasked with capturing and display of the live traffic. Additionally, viewing of the traffic by the network administrator without directly watching the data is made possible in both cases .
There is a similarity in the analysis of the packet delivery between the Wireshark and the Message Analyzer. By observing the graphical view of the two analysis tools, it is noted that both have variations in the packet transfer in bits per second. Change in time experiences different variations in throughput.
Even though the applications of Wireshark have highly grown worldwide, I would prefer the Message Analyzer over the Wireshark. The Wireshark tool is used in most of the functions within the network such as the network and communication protocol troubleshooting an analysis. A back up is enhanced by monitoring and putting the controllers in the network. The network analysis by the Wireshark in most cases is faced with the time challenge. This is as a result of the manual analysis required by the Microsoft message. However, compared to the Message Analyzer, most of the functions are automated. The automation of the tasks in the Message Analyzer saves time which is an advantage. Although the Message Analyzer is less commonly used worldwide as compared to the Wireshark, it is the most convenient in time-saving. I would, therefore, recommend the applications of the Message Analyzer in the network analysis.
 C. Laura. Wireshark 101: Essential Skills for Network Analysis-Wireshark Solution Series. Laura Chappell University, vol.14, 2017, pp.112-119.
 Chen, Wei, F. Guo and F. Wang, "A survey of traffic data visualization," IEEE Transactions on Intelligent Transportation Systems vol. 16, 2015, pp. 2970-2984.
 L. Jack, Y. Bun and K. Liu, "Method and system for improved TCP performance over mobile data networks," U.S. Patent vol. 17, 2017, pp.541-556.
 M. Qusay, "Towards a power consumption estimation model for routers over TCP and UDP protocols." Journal of Network and Information Technology, vol. 19, 2016, pp. 12-17
 M. Umakant, "10 Inventions on Command Buttons in a Graphical User Interface," arXiv preprint arXiv, vol.22, 2014, pp. 437-465.
 T. Veniamin, "Analysis of queues with hyper exponential arrival distributions," Problems of Information Transmission vol. 21, 2016, 14-23.
 Tarasov and V. Malakhov. Statistical data handling program of Wireshark analyzer and incoming traffic research. Proceedings of the Institute for System Programming of the RAS, vol. 3, 2015, pp.303-314.
 V. Ismila and S. Veniamin, "Data analysis using Message analyzer," In Proceedings of the Spring/Summer Young Researchers’ Colloquium on Software Engineering, vol. 27, 2015, pp. 32-37.
 V. Ramirez and J. Beale. Wireshark & Ethereal network protocol analyzer toolkit, vol.9, 2016, pp.312-331.
 W. Daniel, I. Baggili, A. Moore and F. Breitinger, "Network and device forensic analysis of android social-messaging applications," Digital Investigation, vol. 14, 2015, pp. 77-84.
 Wasserman, Stanley and K. Faust, “Social network analysis: Methods and applications,” Cambridge university press, vol. 34,2015, pp. 121-125.
 X. Jianguo, E. Gill and R. Hancock, "Network Analysis for statistical, visual and network-based meta-analysis of gene expression data," Nature protocols 10, 2015, pp. 801-823.
 Z. Marat, "A lockfree shared memory design for high?throughput multicore packet traffic capture," International Journal of Network Management, vol. 24, 2014, pp. 304-317.
 Z. Marat, " A network forensics tool for precise data packet capture and replay in cyber-physical systems," In Network Operations and Management Symposium (APNOMS), vol. 15, 2016, pp. 411-432, IEEE.
 ZHANG and CHEN. "A congestion-aware and robust multicast protocol in SDN-based data center networks." Journal of Network and Computer Applications, vol. 95, no. 5, 2017, pp. 105-117.
 Zirnje and T. PATEL, "International Journal of Advance Engineering and Research Development." Development, vol. 6, 2016, pp. 444-451.