Microsoft Copilot Network Analysis with Wireshark

This article is the second in a series where I explore how AI tools can work hand in hand with Wireshark to help network engineers capture, inspect, and analyse network traffic. We engineers all know how time-consuming it can be to manually sift through endless network packets trying to spot anomalies or patterns. With the help of AI, that tedious process can be dramatically simplified, allowing us to parse and interpret network data far faster (and often more accurately) than we could with just our eyes and a mouse cursor.

So can we simply enter targeted prompts or queries directly into MS Copilot to help with network data? Was I able to obtain instant, context-analytical insights from the Wireshark information, let’s see.

Understand Wireshark’s native PCAP file is not supported in Co-Pilot so I had to export the file in CSV format, see below link for supported file formats.

https://support.microsoft.com/en-us/topic/file-formats-supported-by-microsoft-365-copilot-1afb9a70-2232-4753-85c2-602c422af3a8

As you can imagine, I’ve kept the traffic capture as minimal as possible to avoid revealing too much about my live network, so focusing only on Google searches and generating Microsoft 365/Azure traffic. Let’s get started!

This article is the first instalment in a series examining how AI tools can complement Wireshark to enhance the way network engineers capture, inspect, and analyse network traffic.

Part One - ChatGPT Network Analysis with Wireshark

Part Three - Google Gemini Network Analysis with Wireshark

From the Wireshark Interface, Select the NIC you want to capture traffic from.

Start Capturing Traffic, by selecting Capture/Start.  Keep the capture file to about 500 packets for best results.  (if traffic populates to quickly reduce the amount of applications in your taskbar)

Pause the Traffic Capture by selecting Capture/Stop and File/Export traffic and save PCAP file as .CSV file.

Login to Co-pilot and upload the .CSV file or you could simply copy and paste the .CSV contents into the prompt.  Note you have to give Co-pilot context of what it’s about to analyse so just enter “Can you analyse my Wireshark Capture?”

Now that the .CSV file is uploaded we are going to use the following tried and tested “prompts” to query the Wireshark Capture.  Again, be creative and use prompts that are applicable to your network context.

Each of these prompts can be used individually to generate a range of responses from the AI interface.

Sample outputs for each of these are shown below.

ChatGPT Observations:

Top 5 Destination IPs:

Notes:

These domains suggest activity related to:

Notes:

As we can see the timestamps logic is an arbitrary number only Co-pilot can understand, which is clearly no help to us

• eu-mobile.events.data.microsoft.com
• browser.events.data.microsoft.com
• mobile.events.data.microsoft.com
• onedscolprdweu04.westeurope.cloudapp.azure.com
• onedscolprdgwc00.germanywestcentral.cloudapp.azure.com
• onedscolprdwus05.westus.cloudapp.azure.com
• onedscolprdcus19.centralus.cloudapp.azure.com
• onedscolprdeus01.eastus.cloudapp.azure.com
• onedscolprdcus21.centralus.cloudapp.azure.com
• onedscolprdweu04.westeurope.cloudapp.azure.com
• onedscolprdcus19.centralus.cloudapp.azure.com
• onedscolprdcus21.centralus.cloudapp.azure.com

Notes / Observations:

These domains are typically associated with Microsoft telemetry, event tracking, and cloud services hosted on Azure.

• Left side: Source IPs (e.g., your device)
• Right side: Destination IPs labeled with their service type (e.g., Webex, Microsoft, Google)
• Flow width: Represents the number of packets exchanged

Simply put, using Co-Pilot for network analysis was an agonizing experience. It’s nowhere near ready to assist network engineers in making sense of network data. From the very first prompt where I had to explicitly tell it to “analyze network data” to the incomprehensible “gobble-de-goo” diagram it eventually produced, the entire process felt more frustrating than functional.

Throughout my evaluation, I was unable to identify a single scenario in which Co-Pilot delivered meaningful assistance or demonstrated performance superior to ChatGPT. The model consistently failed to interpret packet captures accurately, frequently misclassifying protocol fields and misinterpreting fundamental networking terminology. In several test cases, Co-Pilot produced generic or contextually irrelevant summaries that added little analytical value. Moreover, it required constant manual intervention, I had to repeatedly provide explicit contextual prompts and reference details that were already present within the supplied CSV file.

That said, Co-Pilot does shine in other areas. Its AI-powered assistance across Microsoft 365 applications, automating routine Office tasks and offering contextual suggestions in Word, Excel, and Outlook is genuinely impressive. When it comes to productivity in the Office suite, Co-Pilot is leaps and bounds ahead. But for analysing network traffic? It’s simply not there yet.

Final Thoughts, ChatGPT dramatically outperforms Co-Pilot when it comes to analysing network data. It saves massive amounts of time and effort by parsing complex information and presenting it in a clear, easy-to-read format that can be shared effortlessly with colleagues. I’m afraid there is no bonus content with this one guys.

This article is part of a three part series on WireShark Analysis with AI Tools, Part One (ChatGPT) and Part Three (Gemini) are also available. This article was written by our Senior Collaboration Architect, Dylan James. If you'd like to reach out to Dylan to discuss the article or any similar concepts, he'd be happy to hear from you. Please reach out to us via our contact page and we'll get you in touch with him.

Thanks for reading.