Directory
- Wireshark's introduction
- Wireshark-oriented users
- Wireshark Download and install
- Wireshark Crawl a traffic packet
Content
1.Wireshark the introduction
Wireshark (formerly known as Ethereal) is a packet analysis software. The function of packet analysis software is to retrieve network packets and display the most detailed data packets as far as possible. Wireshark uses WinPCAP as an interface to exchange data messages directly with the network card . (Wireshark can only be used to monitor the network, not to modify the traffic packet)
What is a packet? WinPCAP? Card?
- Packet: The network communication of the computer is the transmission of binary data, but the computer cannot recognize any binary data, so the uniform stipulation is that the data packet is transmitted in this format. A packet can be likened to an ordinary envelope, with an address, postal code, and other prescribed formats (in a well-defined format), as well as envelope content (transmitted data).
- WinPCAP: Provides a programming interface to provide Win32 applications with access to the network's underlying capabilities
- Network card: Whether it is transmitted over the data flow, or the computer to the outside of the data flow, you have to pass the network card processing.
2.Wireshark user-facing
- Network administrator to solve network problems
- Network security engineers to detect security risks
- Developers used to test protocol execution
- Used to learn network protocols
Where you need to see the network at work
3.Wireshark Download and Installation
- Latest Version: https://www.wireshark.org/
- Available for XP versions (officially 1.10 versions below):https://www.wireshark.org/download/win32/all-versions/
1. First open the Web site, then find the version for XP (below 1.10), and then download
2. Just download it is u3p format file, here directly modified to zip format and then extracted, run Wireshark.bat on the line
4.Wireshark Crawl a traffic packet
- Select the interface you want to capture, and be aware that you want to capture that portion of the traffic information. So what is an interface? How do we make the choice? Interface can be simply understood as the system for local communication with the outside world Bridge, the general system exists in the interface has Ethernet (network cable), Wi-Fi (WiFi) and other virtual interfaces. In the selection is can be used by the local WiFi or network cable to choose, if the first capture of the virtual machine traffic, you can also select the virtual network interface
- Main display window used to capture traffic: display filter, packet list, packet details, 16 binary data
- Save the captured traffic: Stop the traffic capture first, then select Save As to save as pcap format. What is the PCAP format? pcap format is the packet storage format, now Wireshark in the latest version of the PCAPNG packet format introduced
Wireshark Simple use tutorial (above)