本文参考《Computer Networking: A Top-Down Approach》

目录

  • packet sniffer (分组嗅探器)
  • Getting Wireshark
  • Running Wireshark
  • Taking Wireshark for a Test Run

packet sniffer (分组嗅探器)

  • The basic tool for observing the messages exchanged between executing protocol entities is called a packet sniffer.
  • A packet sniffer passively copies (sniffs) messages being sent from and received by your computer; it also displays the contents of the various protocol fields (协议字段) of these captured messages.
    • A packet sniffer itself is passive. It observes messages being sent and received by applications and protocols running on your computer, but never sends packets itself.
    • Similarly, received packets are never explicitly addressed to the packet sniffer. Instead, a packet sniffer receives a copycopycopy of packets that are sent/received from/by application and protocols executing on your machine.

如图所示,packet sniffer 分为两部分:packet capture library 通过复制数据链路层上的数据帧来监控指定链路上传输的所有网络信息;packet analyzer 则负责显示协议信息中的所有字段内容

  • Wireshark is a free packet sniffer that runs on Windows, Linux/Unix, and Mac computers. It operates in computers using Ethernet, serial (PPP), 802.11 (WiFi) wireless LANs, and many other link-layer technologies.

Wireshark 其实是一个 packet analyzer,在安装 Wireshark 时可以勾选安装 packet capture library (pcap)

Getting Wireshark

  • 下载地址:https://www.wireshark.org/#download

Running Wireshark

  • 初始化界面的 Capture 栏目下,列出了若干 interfaces,可以看到我的电脑上目前有一个 WLAN 接口,双击它即可开始捕获所有该接口上的数据帧 (最后解析为相应的协议)

  • 按左上角的小红方块停止抓包
  • command menus
    • The File menu allows you to save captured packet data or open a file containing previously captured packet data and exit the Wireshark application.
    • The Capture menu allows you to begin packet capture.
  • The packet-listing window displays a one-line summary for each packet captured, including the packet number (assigned by Wireshark; note that this is not a packet number contained in any protocol’s header), the time at which the packet was captured, the packet’s source and destination addresses, the protocol type, and protocol-specific information contained in the packet.
    • The packet listing can be sorted according to any of these categories by clicking on a column name.
    • The protocol type field lists the highest-level protocol that sent or received this packet.
    • By default, the value of the Time column in the packetlisting window is the amount of time, in seconds, since Wireshark tracing began. To display the Time field in time-of-day format, select the Wireshark View pull down menu, then select Time Display Format, then select Time-of-day.
  • The packet-header details window provides details about the packet selected in the packet-listing window. These details include information about the Ethernet frame and IP datagram that contains this packet. If the packet has been carried over TCP or UDP, TCP or UDP details will also be displayed. Finally, details about the highest-level protocol that sent or received this packet are also provided.
  • The packet-contents window displays the entire contents of the captured frame, in both ASCII and hexadecimal format.
  • Towards the top of the Wireshark graphical user interface, is the packet display filter field, into which a protocol name or other information can be entered in order to filter the information displayed in the packet-listing window (and hence the packet-header and packet-contents windows).

Taking Wireshark for a Test Run

In the example below, we’ll use the packet-display filter field to have Wireshark hide packets except those that correspond to HTTP messages. Do the following:

  1. Select the Capture pull down menu and select InterfacesInterfacesInterfaces. This will cause the “Wireshark: Capture Interfaces” window to be displayed.
  2. Start up your favorite web browser, which will use the HTTP protocol to download content from a website.
  3. While Wireshark is running, enter the URL: http://gaia.cs.umass.edu/wireshark-labs/INTRO-wireshark-file1.html and have that page displayed in your browser. In order to display this page, your browser will contact the HTTP server at gaia.cs.umass.edu and exchange HTTP messages with the server in order to download this page. The Ethernet or WiFi frames containing these HTTP messages will be captured by Wireshark.
  4. After your browser has displayed the INTRO-wireshark-file1.html page (it is a simple one line of congratulations), stop Wireshark packet capture. You now have live packet data that contains all protocol messages exchanged between your computer and other network entities! The HTTP message exchanges with the gaia.cs.umass.edu web server should appear somewhere in the listing of packets captured. But there will be many other types of packets displayed as well.
  5. Type in “httphttphttp” (without the quotes, and in lower case – all protocol names are in lower case in Wireshark) into the display filter specification window at the top of the main Wireshark window. Then select ApplyApplyApply or just hit returnreturnreturn. This will cause only HTTP message to be displayed in the packet-listing window.

Wireshark: Getting Started相关推荐

  1. 网络安全工具:Wireshark

    使用Wireshark 捕获登陆FTP服务器的数据流,并分析 分别设置本地机和虚拟机的IP地址,使它们在同一个局域网段,并在虚拟机Windows Server 2003上启用FTP服务. 在Wires ...

  2. linux wireshark使用教程,技术|Ubuntu 上 Wireshark 的安装与使用

    在本教程中,你将学习如何在 Ubuntu 和其它基于 Ubuntu 的发行版上安装最新的 Wireshark.同时你也将学习如何在没有 sudo 的情况下来运行 Wireshark,以及如何设置它来进 ...

  3. Ubuntu 14.04 64bit上解析wireshark抓包pcap文件格式和源码实现

    pcap文件格式是常用的数据报存储格式,包括wireshark在内的主流抓包软件都可以生成这种格式的数据包 下面对这种格式的文件简单分析一下:  pcap文件的格式为:   文件头    24字节   ...

  4. Linux tcpdump命令详解与Wireshark

    简介 用简单的话来定义tcpdump,就是:dump the traffic on a network,根据使用者的定义对网络上的数据包进行截获的包分析工具. tcpdump可以将网络中传送的数据包的 ...

  5. Wireshark网络抓包(三)——网络协议

    一.ARP协议 ARP(Address Resolution Protocol)地址解析协议,将IP地址解析成MAC地址. IP地址在OSI模型第三层,MAC地址在OSI第二层,彼此不直接通信: 在通 ...

  6. tcp断开连接,4次握手,为什么wireshark 只能抓到3个包?

    用wireshark 抓包,看看tcp 断开连接的过程.  以前书上说tcp断开连接,4次握手,可我为什么wireshark 只能抓到3个包? 百度一下,别人也有类似的疑问. [求助]书上和网上的资料 ...

  7. ubuntu下wireshark添加root权限

    wireshark要监控eth0,但是必须要root权限才行.但是,直接用root运行程序是相当危险,也是非常不方便的. 解决方法如下: 1.添加wireshark用户组 sudo groupadd ...

  8. wireshark的使用教程--用实践的方式帮助我们理解TCP/IP中的各个协议是如何工作的

     wireshark的使用教程 --用实践的方式帮助我们理解TCP/IP中的各个协议是如何工作的 wireshark是一款抓包软件,比较易用,在平常可以利用它抓包,分析协议或者监控网络,是一个比较好的 ...

  9. 网络数据包分析软件Wireshark简介

    Wireshark是被广泛使用的免费开源的网络协议分析软件(network protocol analyzer)或网络数据包分析软件,它可以让你在微观层面上查看网络上发生的事情,它的功能是截取网络数据 ...

  10. Wireshark实验 - 入门

    # Wireshark实验 - 入门 **官方英文文档:[Wireshark_Intro_v6.0.pdf](Wireshark_Intro_v6.0.pdf)** **以下内容为笔者翻译:** ** ...

最新文章

  1. 在Ubuntu 16.04.6 LTS升级python 3.5.x到3.7.3之后导致gnome-ternimal无法打开的解决办法
  2. 一个动作让全球震惊!百度Apollo就这样改写了全球智能驾驶格局
  3. shell中的小括号与大括号
  4. Java-马士兵设计模式学习笔记-观察者模式-读取properties文件改成单例模式
  5. 测试Join(插队)
  6. Graphviz样例之有向图
  7. 一些同样适用于人生的计算机原理
  8. 电力电子技术(15)——晶闸管直流电动机调速相控电路的驱动控制
  9. linux自动补全快捷键,linux常用快捷键
  10. 主板维修从入门到精通视频教程
  11. Python敏感词汇检测
  12. 顶级摄影师的磨皮美白利器Portraiture,支持搭配微设证件大师使用
  13. Dialogs(对话框)
  14. Excel 如何用万元单位表示,并且保留两位小数点,亲测真实有效!自定义格式即可解决!如:100.25万---但是此方法会导致最后一位永远都是0
  15. 数据分析笔记--对NBA球员数据的聚类分析(代码)
  16. Cesium专栏-空间分析之坡度分析(附源码下载)
  17. Linux文件查看命令
  18. matlab数表数据类型转换,[转载]Matlab 数据类型  五、表
  19. 谷粒商城-04-P44-P60
  20. asp前端日历_ASP完成的日历代码实例程序

热门文章

  1. 浅释丹道筑基功―—―混元桩【转载】
  2. 503错误的原因和解决方法
  3. 显卡更新后重启计算机就没了,在windows10系统更新显卡后黑屏的解决方法
  4. windows查看系统运行时间和cmd命令大全
  5. mysql表join和union_mysql – 使用JOIN和UNION组合来自不同表的记录
  6. 用计算机计算的加减乘除题目,在电脑上怎么做加减乘除算术题
  7. 移动端轮播图——网易云音乐手机端样式
  8. 《NLP汉语自然语言处理原理与实践》学习二
  9. 第四届全国大学生GIS应用技能大赛试题参考答案(上午第2套)
  10. 使用ffmpeg修改视频文件的分辨率