Wireshark: Wireshark: Wireshark: Wireshark: Wireshark: Wireshark
function
It supports hundreds of decryption sniffer analysis of what happened on the Internet, many small details can be through the analysis of it, and it can not only real-time caught, can also be offline analysis, it also provides a GUI interface tools, you caught in the most other caught tool of data files can be used to analyze a wave here, and, Wireshark is cross-platform and runs on most systems.
Meet Wireshark
The first is to install: www.wireshark.org/download.ht… Install according to your own version. After installation, open the picture below:
Now let’s take a look at what each module does:
It’s easy to see now, but the interface changes when you capture a packet.
Again, what do these panels do
You can use CTRL +E or click the first icon in the toolbar to capture packets
Let’s first filter the Http request:
Then go to any browser and look for some images:
The wireshark then listens for the requested packets:
In the packet list, each item is clear at a glance. From left to right, the requested time, requested IP, responded IP, requested protocol, content length and relevant information are respectively:
There will be specific information displayed below each data packet. You can also double-click a specific data packet directly, and a window will pop up to show the relevant transmission information of the specific data packet:
Let’s look at the information captured by the application layer:
As you can see, we are making a Get request, where Http parameters and request headers are available in the application layer. Response information:
So what does the Hypertext Transfer Protocol display?
Let’s do it one by one. The Frame mainly displays the specific information of the packet:
For example, here shows the network card information, capture time, data size, protocol and other information. Ethernet Enternet II represents the data link layer, and the source MAC address and destination MAC address can be seen here:
Here you can see some information about the IP protocol header:
Here you can see some information about TCP packets, such as source port, destination port, sequence number, Ack confirmation, etc. :
Finally, there is the HTTP protocol application layer we just looked at:
Now that you’ve gotten to know Wireshark, let me introduce you to some of its common features. We just entered HTTP for display filtering:
In fact, Wireshark filters are very powerful, and you can define different parameter filters. You can click the view-internals-support Protocols menu bar to see the filter fields for various Protocols:
For example, HTTP filtering fields:
From the value in the Filter field, you can use it directly to define filters, such as http.host == fxxkPYTHon.com
Filter the data of port 80:
Another way of filtering is to filter at fetch time, that is, we only need to fetch a certain range of data, not all the data requested by the network card, so you can use the shortcut Ctrl + K to open the search box definition below the input panel, which only defines fxxkPYTHon.com data:
In addition, you can also choose different network adapter device crawl:
Click Start to capture packets according to the rules you define. When you capture packets you will see the packet list in various colors:
In the view-coloring Rules, you can customize the Coloring for different protocols:
When you click on a specific packet, something like this appears on the left side of the data list:
The boxed packets represent an entire session, with dashed lines indicating no connection to the session, –> for request, and <– for return. √ indicates the confirmation of packets:
If you want to analyze the Packets later, you can also Export the Packets you want to local by clicking File–Export Specified Packets on the menu bar:
When you are ready to analyze, open the Wireshark and import the file to continue the analysis:
Xiaobian himself is a Python development engineer. I spent three days arranging a set of Python learning tutorials, from the most basic Python scripts to Web development, crawlers, data analysis, data visualization, machine learning, etc. These materials can be obtained by clicking on any friend you want