Wireshark series of 1 Wireshark Introduction

Those who learn the network must be not unfamiliar to Wireshark, but I was only wireshark to use it, the technical level is very shallow. In 2015, the Information security management and evaluation of the national test, the use of Wireshark put forward a very high demand, in addition to a foreign network security tools ranking (http://sectools.org/), the list of the CPC includes 125 security tools, One of the most stable ranking is Wireshark. All this has led to the determination to systematically learn about Wireshark and use it as the next blog topic after DVWA.

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" image "border=" 0 "alt=" image "src=" http ://s3.51cto.com/wyfs02/m01/79/56/wkiol1ao_aicsjpuaahynpc68s0142.png "height=" 192 "/>

Wireshark is currently the most widely used open source capture software, formerly known as Ethereal, written by Gerald Combs and released under the GPL open source license in 1998. Remember the GNU program you mentioned when you learned Linux? The GPL is the GNU core Agreement, and all software that follows this agreement must be open source free, which should be the main reason why Wireshark can quickly develop and rank first in the Sectools rankings for a long time.

The core function of Wireshark is to capture network packets and display the details of the packets as much as possible, with the underlying needs WINPCAP support. It basically works by: when the network card on the computer receives a data frame, it looks at the destination Mac and the MAC address of the network card for the data frame. If it is different, discard the frame, and if it is the same, receive the frame and give it to the previous layer processing. For broadcast frames or multicast frames, the network card is also received, but under normal circumstances, these frames are discarded. When the computer starts Wireshark, the network card will be set to promiscuous mode, as long as the data frame can reach the network card, regardless of the frame of the Mac and the network card MAC address is the same, the network card will be all received and handed over to Wireshark processing.

The application of Wireshark is very extensive. If it is a network engineer, the network can be fault-locating and troubleshooting via Wireshark, and if it is a security engineer, it can quickly locate and identify the source of the attack by Wireshark the penetration attack of the network hacker, if it is a penetration or software engineer, The underlying communication mechanism can be analyzed by Wireshark and so on.

Wireshark's official website is https://www.wireshark.org/, you can download the appropriate version to use according to your needs.

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" image "border=" 0 "alt=" image "src=" http ://s3.51cto.com/wyfs02/m02/79/56/wkiol1ao_arr-zjtaag7ct3ebyo871.png "height=" 325 "/>

The installation of the Wireshark is very simple and all you can do is click the Next button. Wireshark relies on WinPcap to work, and if the computer does not have WINPCAP software installed, the installer will require the installation of WinPcap and all click the Next button.

After the Wireshark is running, select the network card to be monitored in the Capture module and click Start to start grabbing the packet.

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" image "border=" 0 "alt=" image "src=" http ://s3.51cto.com/wyfs02/m02/79/58/wkiom1ao--lxd4moaacovjoq2dg664.png "height=" 262 "/>

Click the Stop button in the toolbar to terminate the capture, and then you can choose to save the captured packet, so you can open it for analysis at any time, or send it to someone to help you analyze it.

Starting with the latest version 2.0, Wireshark has been able to support the Chinese language perfectly and is more convenient to use.

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" image "border=" 0 "alt=" image "src=" http ://s3.51cto.com/wyfs02/m02/79/56/wkiol1ao_a7a6hkwaahhfebwdkm674.png "height=" 176 "/>

This article from "a pot of turbid wine" blog, reproduced please contact the author!

Wireshark series of 1 Wireshark Introduction