wireshark----teach you how to grab a bag .
Wireshark is a powerful grab bag tool, pass by must not miss is, when you learn the TCP/IP protocol, learning to use Wireshark grab bag is the best method of theory and practice, first about the agreement, Then crawl the various protocol packets to analyze each byte to correspond to the encapsulation of each layer of protocol. Well, I'm still not a good writer. What's written is really.
first you have to install Wireshark before you grab the bag.
The Wireshark icon is probably the case.
This is probably the case when you open it:
There are two net cards:
I use the wireless network card to surf the internet so I choose the following:
start grabbing the bag:
It
's a lot of catching, isn't it.
But what are the meanings of these packages?
we take the DNS protocol as an example,
we open the grab bag and visit http://blog.csdn.net/
we know that when we visit a website, we first query the domain name's IP on the domain name server .
then we'll see a package like this:
We right-click on the package:
follow UDP stream tracks the entire DNS query process.
There will be
only two packages left, a request query package, a response package
Here are two IP addresses: 192.168.1.109 is my native IP address, 202.112.14.151 is the DNS server address
This information we can query through DOS ipconfig/all
Let's open the first bag.
from top to bottom are: can see the corresponding protocol, User Datagram protocol indicates that the DNS query package uses the UDP transport protocol, so follow UDP stream understand it
Domain Name System (query) DNS query you know what?
We click on Domain Name System (query) to see what 16 binary is about .
Let's take a look at the first package:
See, we're looking at the blog.csdn.net domain name .
Take
a look at the second package:
See, this is the second package. Returns our query IP
I don't write the logic of my text is too messy.
Wireshark----teach you how to grab a bag.