1. Introduction

Caught is we know in the network data transmission is a commonly used method, common grasp the contractor with Charles, Fiddler, Wireshark, etc., most of them by setting the network proxy to intercept packets, only Wireshark is caught by the data on the sniffer network card, Therefore, the Wireshark can intercept lower-layer packets, such as TCP and UDP packets, whereas common packet capture software can intercept only application-layer packets such as HTTP packets.

2. Use the Wireshark in simple mode

To open the Wireshark, select a NETWORK adapter on the page for selecting a network adapter.

After the NETWORK adapter is selected, the Wireshark automatically starts to capture packets. We can view the structure of any packet we choose. The Wireshark uses TCP/IP to layer data. You can view the fields in the Wireshark by expanding each layer.

2.1. Simple use of filters

When you use the Wireshark to capture packets, the Wireshark captures all the packets that pass through the NETWORK adapter. Therefore, the Wireshark provides filters to filter out the packets. There are two types of filters. One is the packet capture filter that takes effect during packet capture. The filter discards the packets that do not meet the conditions, leaving only the packets that meet the conditions. The second type is display filter, display filter is to filter all packets conditionally, only the packets that meet the conditions are displayed.

2.1.1 Packet Capture Filter

At the beginning of the packet capture select network adapter can select the required packet capture filter.

The filter is composed of four parts:

1. Direction: SRC, DST.

2. Type: Host,net,port.

3. Protocol: IP, TCP, UDP, HTTP.

4. Logical operators, &&, | |,!

Example: 1. Filter IP address: host 192.168.0.1.

2. Capture the IP address and specified port: host 192.168.0.1&& port 80

2.1.2 Displaying filters

Enter the corresponding display filter syntax in the input box at the top of the packet capture interface to filter the displayed packets.

Grammar rules:

1. ==,! =, >, <,

2. Logical operators: and, or, not, xor

3. Directions: ip.src, ip.dst

4. Protocols: IP, ARP, ICMP, TCP

Example: 1. Ip.addr = 192.168.0.1

2.tcp

3.tcp.srcport = 1207

In addition to manually entering the filter syntax, we can also manually select a field of the packet for filtering

After the field is selected, the Wireshark automatically generates filter syntax for the selected field.

3. Grab bags on your Android phone

The above steps demonstrate packet capture on the Windows platform, but sometimes we need to capture packets on the Android platform, there are two main ways to capture packets on the Android platform, one is to use the computer to open a hotspot for the mobile phone, the computer will generate a virtual network card when opening a hotspot. The Wireshark is used to capture packets of virtual nics. This method is not much different from capturing packets on Windows platforms. The second method is to use the packet capture tool of Android called tcpdump to capture packets. To use this method, you need a root phone. The specific steps are as follows:

adb shell

Adb root // Enables the root permission

Tcpdump -w /sdcard/ XXX //-w Is followed by the path for saving captured packets. If this parameter is not specified, captured packets are displayed on the screen

Adb pull XXX // Run the ADB pull command to push the captured package to the PC, and then use the Wireshark to view the package. To use this command, you need to exit adb shell

Because DNS is used in different zones, packets captured by the same APP may have different destination IP addresses. Therefore, you can use Wireshark to capture packets using domain names rather than IP addresses. To view the domain Name, select Name Resolution- in the Wireshark.

3.1. Common Parameters of tcpdump

-a Translates network and broadcast addresses into domain names

-c Stops after a specified number of packets are received

-p Sets the nic to promiscuous mode

-w Writes the packet capture result to the specified file

Statistics of 4.

Sometimes we want to see the overall situation of a packet capture, this is where the statistics function comes in handy. The most commonly used statistics function is the Conversations option, which enables you to view the overall situation of packets sent between hosts in a captured packet. This includes the total number of packets sent, the total size of data sent, the speed of data transmission and so on.

mo4tech.com (Moment For Technology) is a global community with thousands techies from across the global hang out!Passionate technologists, be it gadget freaks, tech enthusiasts, coders, technopreneurs, or CIOs, you would find them all here.

Record a packet capture process

1. Introduction

2. Use the Wireshark in simple mode

2.1. Simple use of filters

2.1.1 Packet Capture Filter

2.1.2 Displaying filters

3. Grab bags on your Android phone

3.1. Common Parameters of tcpdump

Statistics of 4.

Record a packet capture process

1. Introduction

2. Use the Wireshark in simple mode

2.1. Simple use of filters

2.1.1 Packet Capture Filter

2.1.2 Displaying filters

3. Grab bags on your Android phone

3.1. Common Parameters of tcpdump

Statistics of 4.

Related Posts

Check out the Android Studio plugin for comics Enhancement tools

Python context manager

Discussion JS ⚡ : documentation