"Grab Bag Tool" Wireshark

Source: Internet
Author: User


First, Wireshark advantages and disadvantages

Wireshark disadvantage: Can only view the packet, not modify the packet content, or send packets;

Wireshark VS Fiddler

Fiddler: Specifically capture HTTP, HTTPS;

Wireshark: Can get http, HTTPS, but can not decrypt HTTPS, so wireshark not decrypt HTTPS content;

Summary: Handle HTTP and HTTPS using Fiddler, others such as ftp,udp use Wireshark;

Ii. Use of Wireshark users

1, network administrator use to check network problems

2, software Testing engineer to grasp the package analysis of their own software

Three, Wireshark window introduction


OSI (Open System Interconnection): Open Network interconnect

OSI layer Seven Network model:

Physical Layer: Physical layer

Data Link Layer

Transport Layer: Transport Layer

Networking layer: Network layers

Session Layers: Sessions layer

Presentation Layer: Presentation layer

Application Layer: Application layer

TCP/IP layered models (TCP/IP layening model)

Application Layer

Application Layer



Presentation Layer



Session Layer



Transport Layer

Transport Layer



Network layer

Network layer



Data Link Layer

Network interface Layer



Physical Layer

TCP Package Specific content

Four, Wireshark filtration method



3. Filter expression rules

Protocol filtering: TCP, UDP, etc.

IP filtering: ip.src== and ip.dst==;

Port filtering: tcp.port==80;tcp.srcport==80;

HTTP Filtering mode: http.request.method== "GET";

logical operators: and/or;

五、三次 Handshake Protocol

First time: The client sends a TCP, flag bit seq=x,ack=0, which represents the client request to establish a connection;

The client requests to establish a connection, sending its own serial number 0to the server side;

The second time: The server sends back the confirmation package,seq=y,ack=x+1;

The server side received the request from the client, sent back the confirmation ordinal 0+1, and returned to their own serial number 0;

The third time: The client sends the confirmation packet again,seq=x+1,ack=y+1;

The client receives a confirmation number from the server side and sends back the transport official sequence number 1to the server and sends back

Own serial number 0+1;

Vi. how to get the relevant data report information

"Grab Bag Tool" Wireshark

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.