Wireshark is a powerful tool widely used to analyze traffic on a network. In this tutorial we will examine a single packet and analyze its contents to calculate its overhead.

Download Wireshark

Download Wireshark now and let us get started: https://www.wireshark.org/#download

Overhead is the additional data that is used in order to send the payload (data inside a packet). In other words, overhead percentage is the total header size divided by the total payload – header multiplied by 100.

Overhead % = (header x 100) / (payload – header)

Let’s examine the below HTTP packet which was captured using Wireshark.

HTTP is a layer 7 protocol, specifically Application Layer. When we click on the packet we can see the different protocols at each layer of the packet we chose.

Layer 7 – Application Layer : HTTP
Layer 5 – Transport Layer : TCP
Layer 3 – Network Layer : IP
Layer 2 – Data Link Layer : Ethernet
Layer 1 – Physical Layer : Frame

If we click on Frame, using the middle pane, we notice at the bottom of the Wireshark window, it shows us the total packet size in bytes:

If we want to get the size of the payload, it is just simply a matter of clicking on the HTTP layer in the middle pane.

Payload = 911 Bytes
Packet = 977 Bytes

We know that payload = total packet size – header size
header size (overhead) = packet (977) – payload (911) = 66 bytes.
However, we know that the Ethernet header minimum size is 18 bytes

So header size will be 66+4 = 70 bytes
Overhead % = (70 x 100) / (911) = 7.68%

So in every packet, we are using 7.68% as headers, and 92.32% is used for data. The higher the overhead the less data we are able to transfer.

Note that if you want to check the header sizes of every layer, you can do that by clicking on the layer you want using the same middle window pane. Wireshark is a strong tool and I recommend everyone to start using it to expand their knowledge in Networking.