Shulou(Shulou.com)06/01 Report--

According to international practice, start with the most basic.

The author's current operating system is: Windows 10 Professional Edition

Package capture software: Wireshark2.0.4 WinPcap version: 4.1.3

Grab message:

After downloading and installing Wireshark, launch Wireshark and select the interface name in the interface list, and then start grabbing the package on this interface. For example, if you want to grab traffic on a wireless network, click the wireless interface. Click the capture Capture option Options to configure advanced properties, but this is not necessary now.

After clicking on the interface name, you can see the message received in real time. Wireshark captures every message sent and received by the system. If the crawling interface is wireless and the option is mixed mode, you will also see other messages on the network.

Each line of the upper panel corresponds to a network message, which by default displays the message receiving time (relative to the time to start crawling), source and destination IP addresses, protocol and message-related information. Click on a line to see more information in the two windows below. The "+" icon or ">" displays the details of each layer in the message. The bottom window lists the contents of the message in both hexadecimal and ASCII codes.

When you need to stop grabbing messages, click the stop button in the upper left corner.

Color identification:

At this point, we have seen that the message is displayed in green, blue and black. Wireshark makes the messages of all kinds of traffic clear at a glance through color. For example, the default green is TCP messages, dark blue is DNS, light blue is UDP, and black identifies problematic TCP messages-such as out-of-order messages.

Sample message:

For example, if you have installed Wireshark at home, but there are no messages of interest to observe in the home LAN environment, you can go to Wireshark wiki to download the message sample file.

It is quite easy to open a crawled file, just click Open on the main interface and browse the file. You can also save your own package file in Wireshark and open it later.

Filter messages:

If you are trying to analyze a problem, such as a message sent by a program while making a phone call, you can shut down all other applications that use the network to reduce traffic. However, there may still be a large number of messages to be filtered, and a Wireshark filter is used.

The most basic way is to type in the filter bar at the top of the window and click Apply (or press enter). For example, type "dns" and you will see only the DNS message. When typed, Wireshark helps to automatically complete the filter criteria.

You can also click the analyze Analyze menu and select Show filter Display Filters to create a new filter.

Another interesting thing is that you can right-click the message and choose to track the TCP stream.

After closing the window, you will find that the filter condition is automatically referenced-Wireshark displays the messages that make up the session.

Check the message:

After selecting a message, you can dig deeper into its contents.

You can also create filter criteria here-you can create filter criteria based on this detail by right-clicking the details and using the apply filter Apply as Filter submenu.

Wireshark is a very powerful tool, and the first section only introduces its most basic usage. Network experts use it to debug network protocol implementation details, check security issues, network protocol internals, and so on.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.