Go to www.p1028.nl for documenting your Wireshark File.
When you have a Wireshark npcap file which is less then 10 MB you can get a wonderful documentation of your network traffice
The ARP module is ready and gives you an good insight view which PC’s do have printer drivers installed for devices long ago switch off. Furthermore you can see if what the response times for the used machines are. And when you are a real pro, you can detect a “man in the middle” vulnerability. In this case one MAC adres does have more then one IP adres.
The UPD module is partly working too, not all protocols will be documented yet. What you can already see is NTP protocol. This protocol is not only used for Time updates but is also used for Mall-Ware to “Call Home”. Also the DNS protol is already documented, so you can see which workstation is asking for a certain url to resolve. You can also see which DNS server is used for this request. Maintenance for your firewall will be a bit easier.
The TCP protocol is already partly active and coming soon.