Use wireshark in Ubuntu for network packet capture

The following is a network packet capture tutorial in Ubuntu. 1. install wireshark terminal run: sudoapt-getinstallwireshark2. modify init. when lua runs wireshark directly, the following error occurs: Lua: Errorduringloading: [string "/usr/share/wireshark/init. lua "]: 45: dofilehasbeendi

The following is a network packet capture tutorial in Ubuntu.

1. Install wireshark

Terminal run: sudo apt-get install wireshark

2. Modify init. lua

If wireshark is run directly, an error is reported:

Lua: Error during loading:
[String "/usr/share/wireshark/init. lua"]: 45: dofile has been disabled

To modify it, run the terminal

Sudo gedit/usr/share/wireshark/init. lua

Change the last row to -- dofile (DATA_DIR .. "console. lua ")

3. Start the software

Terminal running: sudo wireshark

Click the icon in the upper-left corner. Next, you will be prompted to select a network port. I am using a wired network and select eth0.

 

4. Analyze the TCP three-way handshake process

We all know that under normal circumstances, TCP connections are established through the three-way handshake process, as shown below:

The specific description is as follows:

First handshake: when a connection is established, the client sends the syn Packet (syn = j) to the server and enters the SYN_SEND status. Wait for the server to confirm;
The second handshake: when the server receives the syn packet, it must confirm the customer's SYN (ack = j + 1) and send a SYN Packet (syn = k), that is, the SYN + ACK packet, the server enters the SYN_RECV status;

The third handshake: the client receives the server's SYN + ACK package and sends the ACK (ack = k + 1) Confirmation package to the server. After the package is sent, the client and server enter the ESTABLISHED status, complete three handshakes. After three handshakes are completed, the client and the server start to transmit data.