Wireshark How to use (Learn note i)

Source: Internet
Author: User

Wireshark is a very popular network packet analysis software, the function is very powerful. Various network packets can be intercepted to display details of network packets. People who use Wireshark must understand the network protocol, otherwise they can not understand Wireshark.
For security reasons, Wireshark can only view packets, not modify the contents of the package, or send packets.

First download Install WinPcap http://www.winpcap.org/install/default.htm

Wireshark https://www.wireshark.org/download.html

Now there is a npcap, is the development of the WinPcap version of the Freebuf on the introduction, but the actual installation, only grab the package, no back, so still use winpcap, test environment, win10-x64

Once the installation is ready, you can start grabbing the bag.

  

Select an adapter to grab the packet and a flow wave graph to see which is the current NIC

After the selection, we start to grab the bag.

I got 27,055 packets in 213 seconds.

You can filter out the specified protocol in the filter.

Ip.addr==ip Address common comparison operator = = equals! = is not equal to > greater than < less than >= greater than or equal to <= less than or equal to contains: Contains matches: matching And,or,not:&& | | ! Logical, logical, or logical, non-

For example: ip.addr==192.168.1.1;ip.dst==192.168.1.106;

Ip.addr = = 192.168.1.106 and not tcp.port in {80 25} address is 192.168.1.106 and TCP port is not 80, 25

ip.ttl==64 TTL value of 64, this is the contract, or the intranet packet

DNS or HTTP or TCP multiple protocol filtering

Http.server matches "microsoft-iis/6.0" filters specific content, filtering HTTP packet server is microsoft-iis/6.0

The following is the DNS

Is the local contract, sent by 192.168.1.106 DNS Query package to DNS server 101.226.4.6, query the IP address of qurl.f.360.cn

A callback for the DNS server

For the ARP protocol, the ARP broadcast of the Tplink router 192.168.1.1 asks who is 192.168.1.109, only the IP for 192.168.1.109 reply, the other host receives the direct discard

Packet Details (Packet details Pane)

Used to view each field in the protocol.

Each line information is

Frame: Data Frame overview of the physical layer

Ethernet II: Data Link Layer Ethernet frame header information

Internet Protocol Version 4: Network layer IP packet header information

Transmission Control Protocol: Data segment header information for the transport layer, here is the TCP

Hypertext Transfer Protocol: Application layer information, here is the HTTP protocol

Wireshark How to use (Learn note i)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.