Shulou(Shulou.com)06/01 Report--

In this issue, the editor will bring you about how to troubleshoot the network in Wireshark. The article is rich in content and analyzes and narrates it from a professional point of view. I hope you can get something after reading this article.

Configure user interface and global, protocol parameters

Through the Preferences menu item in the Edit menu and the Protocol configuration option in the Preferences window, we can not only control the display interface of the Wireshark software, but also change the way the software crawls and presents the conventional protocol packets. This section describes how to configure the most common protocols in the Protocol configuration interface of the Preferences window.

2.1 preparation work

Click the Preferences menu item in the Edit menu, and the Preferences window will pop up immediately, as shown in figure 2.1.

Figure 2.1

As you can see from figure 2.1, in the Preferences window, as long as you select the configuration option on the left side of the window, the corresponding configuration parameters appear on the right side of the window.

2.2 configuration method

This section describes how to configure the Appearance configuration options in the Preferences window and how to configure the Protocol options in the Preferences window for the most commonly used protocols. How to configure the remaining configuration options contained in the Preferences window can be found in the relevant chapters later in this book.

Be careful

Since the purpose of this book is to teach readers how to use Wireshark and how to use it skillfully as a troubleshooting tool, it is not possible to elaborate on all the functions of Wireshark. For the simple functions of Wireshark, please refer to the user manual on its official website. The author will focus on the important and special features that can improve the proficiency of users.

Focus on the settings of the configuration options included in the Preferences window to see if these configuration options are helpful to the user.

1. General appearance settin

Figure 2.2 shows the Appearance (appearance) configuration option of the Wireshark Preferences window, which can be configured to improve the experience.

Figure 2.2

The Appearance configuration options of the Preferences window are available for configuration:

Displays the size of the buffer for filters and * grab files

The language of the user interface (more national languages will be supported in future versions)

The display style of the main toolbar-icon, text, or icon plus text.

two。 Grab the layout settings of the main window

In the Appearance configuration option of the Preferences window, there is a layer subconfiguration option that sets how the packet list (Packet List), packet structure (Packet Details), and packet content (Packet Bytes) areas are rendered in the Wireshark capture main window, as shown in figure 2.3.

Figure 2.3

In the Preferences window shown in figure 2.3, you can set how the above three areas are rendered in the main Wireshark grab window by selecting the arrangement style of the Pane.

3. Adjust and add packet property columns

In the Appearance configuration option of the Preferences window, there is a columns subconfiguration option to add or remove the packet properties column (column) in the packet list area of the main window. By default, the packet attributes that appear in the packet list area of the packet capture main window are listed as No. (number), Time (crawl time), Source (source address), Destination (destination address), Protocol (protocol type), Length (length), and Info (information), as shown in figure 2.4.

To add a new column to the packet list area, there are two ways.

Click the "+" button in figure 2.4, select the predefined parameters (such as IP DSCP value, src port, dest port, etc.) in the Type column as the new property column, then give it a name in the Title column, and * click the OK button.

Click the "+" button in figure 2.4, select Custom in the Type column, enter any parameter that can appear in the display filter in the Fields Name column, then give it a name in the Title column, and * click the OK button. Here are a few examples of packet property columns that are added in a customized manner in the main capture window.

To add a column to the main capture window so that you can view the TCP window size of TCP packets, enter the display filter parameter tcp.window_size in the Fields Name column.

To add a column to the main grab window to view the TTL field value in each IP packet header, enter the display filter parameter ip.ttl in the Fields Name column.

To add a column to the main capture window to view an instance of marker location 1 in each RTP packet, enter the display filter parameter rtp.marker in the Fields Name column.

Figure 2.4

Be careful

Another way to add a new packet attribute column is to select a field in the packet structure area of the main packet capture window, right-click, and click the Apply as Column menu item in the pop-up menu. At this point, that field becomes the new packet attribute column in the packet list area.

When analyzing network faults, adding packet attribute columns in a customized way as appropriate can speed up the location of the cause of the fault. The content related to this will be described later in this book.

4. Set fonts and color matches

In the Appearance configuration option of the Preferences window, there is a Font and colors subconfiguration option to change the font size, shape, and color. The font of the main window of the grab package can be modified as shown in figure 2.5.

Figure 2.5

Be careful

If you don't know how to restore the font in the main window to the default settings, select Font as Consolas, Size as 11.0, and Font style as Normal as shown in figure 2.5.

5. Grab bag setting

Through the Capture setting option in the Preferences window, the common network card of the host or notebook computer can be set as the Wireshark default grab network card.

In figure 2.6, the author sets the wireless network card named Wireless Network Connection 2 on his laptop to the Wireshark default grab network card. The remaining configuration parameters of the Capture setting option remain as they are.

Figure 2.6

6. Configure display filter expression * * items

You can define the display filter expression that appears to the right of the display filter sidebar in the main window of the grab through the Filter Expressions setting option in the Preferences window.

To define such a display filter expression, follow these steps.

1. Click the Filter Expressions settings option in the Preferences window, as shown in figure 2.7.

Figure 2.7

two。 Click the "+" button, enter the display filter expression in the Filter Expression column, then give it a name in the Button Label column, and * click the OK button.

3. After clicking the OK button, the previously entered display filter expression will appear as a button on the right side of the display filter bar.

4. As you can see from figure 2.8, the two filter expressions named TCP-Z-WIN and TCP-RETR defined in figure 2.7 appear as buttons on the right side of the display filter sidebar in the main window of the grab packet.

Figure 2.8

Be careful

As described in the * * section of this chapter, in Wireshark, you can configure different display filter entries for each template. In this way, various templates can be configured to troubleshoot various faults such as TCP, IP phone (IPT), or to diagnose various network protocol failures.

As described in Chapter 4, in the Filter Expressions setting options, the display filter expression should be configured according to the format of the Wireshark display filter.

7. Adjust name resolution

Wireshark supports the following three levels of name resolution.

Second floor (L2)

Wireshark parses the first half of the MAC address of the packet and displays it as the name or ID of the Nic chip manufacturer. For example, the first three bytes of 14:da:e9 of an MAC address can be parsed and displayed as AsusTeckC (ASUSTeK Computer Inc, Asustek computer).

Third floor (L3)

Wireshark parses the IP address of the packet and displays it as a DNS name. For example, the IP address of 157.166.226.46 can be parsed and displayed as the Edition page of the CNN website.

Fourth floor (L4)

Wireshark parses the TCP/UDP port number and displays it as an application (service) name For example, TCP port 80 can be parsed and displayed as HTTP, and UDP port 53 can be parsed and displayed as DNS.

Figure 2.9 shows the configuration content that appears on the right side of the Preferences window after clicking the Name Resolution configuration option on the left.

Figure 2.9

In the Preferences window shown in figure 2.9, the following can be configured from top to bottom.

Layer 2, layer 3, and layer 4 name resolution.

The method to perform name resolution (through DNS and / or hosts files), and the maximum number of concurrent DNS requests (designed to ensure that the speed of the Wireshark software is not affected).

Simple Network Management Protocol (SNMP) object identifiers, ID, and whether to convert them to object names.

GeoIP and whether to enable it. For more information, see Chapter 10 [4] of this book.

Be careful

For the source and destination port numbers of an TCP/UDP packet, it only makes sense to convert the destination port number to the application name. The source port number is generally randomly generated (above 1024), and it doesn't make any sense to convert it to an application name.

Wireshark resolves layer 2 MAC addresses and layer 4 TCP/UDP port numbers by default and displays them by name. Parsing IP addresses slows down Wireshark because it causes the Wireshark software itself to perform a large number of additional DNS queries, so you should consider carefully before turning on this feature.

8. Adjust the IPv4 configuration parameters in the Protocol configuration options

With the help of the Protocols configuration option in the Preferences window, you can adjust the way Wireshark crawls and presents the traffic of related protocols. Click the arrow to the left of the configuration option Protocols, and a variety of protocol configuration suboptions appear. Figure 2.10 shows the configuration parameters that appear on the right side of the Preferences window when you select the IPv4 or IPv6 protocol configuration suboption.

Figure 2.10

The following is an explanation of some of the configuration parameters under the IPv4 configuration suboption.

Decode IPv4 TOS field as DiffServ field

At the beginning of the establishment of the IPv4 protocol standard, in order to guarantee the quality of service in the IPv4 network, a field called ToS was set up in the IPv4 header. Later, IETF formulated a new set of IPv4 service quality standards (differentiated Services, DiffServ), which was also the idea of the ToS field in the IPv4 header, but had a new definition of the placement of each bit in it. If this check box is not checked, Wireshark parses the ToS field in the captured IPv4 packet header according to the old IPv4 quality of service standard.

Enable GeoIP lookups

GeoIP is a database in which Wireshark can present the geographical location of the IP address (the source and destination in the IP header of the captured packet) according to the contents of the database. If you check this check box, Wireshark will present the geographic location to which it belongs for the IP address of the captured IPv4 and IPv6 packets. This sub-option feature involves name resolution. Once enabled, it will slow down the real-time packet capture rate of Wireshark. Chapter 10 describes how to configure GeoIP.

9. Adjust the TCP and UDP configuration parameters in the Protocol configuration options

UDP is a very simple protocol. Compared with Wireshark version 1, the UDP protocol configuration sub-option in the Protocols configuration option of Wireshark version 2 has almost no change, and there are not many parameters available for configuration, which generally do not need to be adjusted; while the TCP protocol is very complex, and there are more parameters available for configuration in the TCP protocol configuration sub-option in Protocols configuration options, as shown in figure 2.11.

Figure 2.11

To adjust the parameters under the TCP protocol configuration sub-option is to adjust the way Wireshark parses TCP message segments. The following is an explanation of some of these parameters.

Validate the TCP checksum if possible

Wireshark sometimes catches packets of excessive checksum errors (checksum errors), which is due to the TCP Checksum offloading (TCP checksum decentralization) function enabled on the network card of the packet grabbing host. As soon as this feature is turned on, it will cause Wireshark to display the captured locally generated packets as checksum errors (the specific reasons will be listed later). Therefore, if Wireshark catches packets with too many checksum errors, it is necessary to uncheck the check box before verifying whether there is a checksum problem.

Analyze TCP sequence numbers

For Wireshark to analyze TCP packets in detail, you must check this check box because TCP sequence numbers (TCP sequence number) is one of the most important features of TCP.

Relative sequence numbers

When establishing a TCP connection, the host randomly selects a sequence number and stores its value in the sequence number field of the TCP header of * message segments exchanged with each other. As long as this check box is checked, Wireshark will display the sequence number field value of * TCP message segments (TCP header) in a TCP data stream as 0, and the sequence number field value of subsequent TCP message segments will be incremented in turn, thus hiding the real sequence number field value. In most cases, Wireshark should be asked to display the relative serial number (relative number) of the TCP message segment for easy viewing by network administrators.

Calculate conversation timestamps

Once the check box is checked, in the data packet structure area of the main window of the capture packet, as long as it is a TCP packet, there will be an extra timestamps structure under the transmission control protocol tree. Click the arrow in front of it, and you can see the time stamp (timestamp) of the TCP packet recorded by Wireshark in the local TCP data stream. Having Wireshark display the time stamp of each TCP packet will help troubleshoot time-sensitive TCP applications.

2.2.3 the principle behind the scenes

By modifying the parameters of the relevant protocol subconfiguration options under the Protocols option in the Preferences window, some functions of Wireshark software for analyzing the corresponding protocol traffic can be turned on or disabled. It should be noted that in order to ensure the running speed of Wireshark software, unnecessary analysis functions should be disabled as far as possible.

For an introduction to TOS and DiffServ, see Chapter 10 of this book.

SNMP is a protocol used to perform network management functions. The purpose of the SNMP object identifier (OID) is to identify the object and its location in the management information base (MIB). The so-called object can be either a counter that counts the packets flowing into the interface, or the IP address of the router interface, the name and location of the device, the CPU payload, or any other entity that can be presented or measured.

The SNMP MIB is built in a tree structure, as shown in figure 2.12. The top-level MIB object ID belongs to different standards organizations. Each network vendor defines private branches (including managed objects) for its own network products.

Figure 2.12

When Wireshark parses the SNMP MIB, it displays not only the object ID, but also its name, which helps the troubleshooter identify the monitored data.

3 import and export of grab package files

It is common to share the package files with the support staff of other operation and maintenance teams or equipment manufacturers in order to find out the root cause of network failure. Such a packet capture file will contain a lot of packets, and the troubleshooting person may be interested in only a number of data streams or some packets. Wireshark not only supports the selective export of captured data to a new file, but can even modify its format for transmission. This section will explore the various package file import and export features supported by Wireshark.

3.1 preparation work

Run the Wireshark software and click the Capture button on the main sidebar to start grabbing the package (or opening a saved package file).

3.2 configuration method

In the Wireshark main grab package window, you can not only save all the captured data into a file, but also export the data you need in different formats or file types.

Now let's show you how to perform these operations.

1. Export the package file in whole or in part

It can not only save all the captured data packets (or all the packets in the capture file) into a file, but also export specific data in various file formats and file types.

To save all captured packets in a single file (or save an existing capture file as a new file), follow these steps.

Click the Save menu item in the File menu (or press the Ctrl+S key), and enter the name of the package file to be saved in the File name input bar of the pop-up window.

Click the Save as menu item in the File menu (or press Shift + Ctrl + S), and enter the new name of the package file to be saved in the File name input bar of the pop-up window.

To save some of the data in the capture file (or captured packets) (for example, data filtered by a display filter), follow these steps.

Click the Export Specified Packets menu item in the File menu, and the Export Specified Packets window will pop up immediately, as shown in figure 2.13.

Figure 2.13

In the lower left corner of the Export Specified Packets window, click the appropriate radio button to select the export method of the file.

To export all packets or all captured packets in the grab file as one file, select both the All packets and Captured radio buttons, and then click the Save button.

To export the packets filtered by the display filter in the grab file (or captured packets) as a file, select both the All packets and Displayed radio buttons, and then click the Save button.

To export selected packets (that is, packets clicked with the mouse in the packet list area) as a file, select the Selected packets only checkbox, and then click the Save button.

To export all tagged packets (by selecting a packet in the packet list area, then right-clicking and selecting the Mark/unmark packet menu item from the pop-up menu) as a file, select the Marked packets only radio button, and then click the Save button.

To export all packets listed in the packet list area between two tagged packets as a file, select the First to last marked radio button and click the Save button.

To grab the number in the package file (see "No." in the "packet list" area for details. Column) the contiguous part of the packet is exported as a file, please select the Range radio button, fill in the packet number range in the subsequent input field, and then click the Save button.

When exporting the capture file, if you want to discard some of the packets, first select those packets in the "packet list" area and right-click, select the Ignore/Unignore packet tog menu item in the pop-up menu, then select the Remove ignored packets check box in the Export Specified Packets window, and then click the Save button.

To save the packet in compressed form, check the Compress with gzip check box in the Export Specified Packets window, and then click the Save button.

The above "save disk" operation can be carried out not only based on all the packets in the whole packet capture file, but also on the data packets filtered by the display filter in the packet capture file.

two。 Format selection of saved data

Wireshark supports saving captured data in different formats for further analysis with a variety of other tools.

By clicking on each submenu item in the Export Packet Dissections menu item of the File menu, you can save the grab file in the following format.

Plain text format (* .txt)

Save to plain text ASCII file format

PostScript (* .pst)

: save to PostScript file format.

Comma split value format (Comma Separated Values) (* .csv)

Save to comma split file format Files in this format can be used by spreadsheet programs such as Microsoft Excel.

C language array format (* .c)

Save the contents of the data packet in the format of C language array, which is easy to import into C program.

PSML format (* .psml)

Save as PSML file format PSML is a XML-based file format that only holds summary information about packets.

PDML format (* .pdml)

Save as PDML file format PSML is also a XML-based file format, but can save the details of the packet.

3. Data printing

To print the data, click the Print menu item in the File menu, and the Print window will pop up immediately, as shown in figure 2.14.

You can make the following choices in the Print window.

In the upper right corner of the window (1), you can select the specific contents of the packet to be printed.

Check the Summary line check box to print the contents of the packets you see in the packet list (Packet Summary) area.

Check the Details check box to print the contents of the packets you see in the packet structure (Packet Details) area.

Check the Bytes check box to print out the contents of the packet you see in the packet content (Packet Byte) area.

In the lower-left area of the window, you can select the packets to be printed (the method of operation is similar to file saving, which was mentioned in the previous section).

Figure 2.14

3.3 the principle behind the scenes

Wireshark supports printing data in text format or PostScript format (when printing in the latter format, the printer should be a PostScript-aware printer), as well as printing data to a file. After selecting the options in the Print window, clicking the Print button will pop up the regular "print" window that comes with the operating system, in which you can select a specific printer to print.

3.4 pick up and fill in the gaps

To view the system folder where the Wireshark software stores various files, click the About Wireshark menu item in the Help menu and select the Folders tab in the pop-up About Wireshark window, as shown in figure 2.15. In the About Wireshark window, you can see the actual folders where the Wireshark software stores various files, and on the far right of the window, you can see the file types stored in those folders.

Figure 2.15

Click the link under Location and you will go to the folder where the corresponding files are stored.

4 adjust the color matching rules of packets

Wireshark will use different colors to display the data in the grab file according to the pre-defined color matching rules. Reasonably defining color matching rules so that packets that match different protocols show people in different colors (or packets of the same protocol in different states show multiple colors) can be of great help in troubleshooting the network.

Wireshark supports the configuration of new color matching rules based on various filtering criteria. In this way, you can customize different color schemes for different scenes and save them with different templates. In other words, the network administrator can enable color rule A when resolving TCP failures and color rule B when resolving SIP and IP voice failures.

Be careful

The configuration for the Wireshark software itself (for example, pre-configured color rules and display filters, etc.) can be saved by defining a template (profile). To do this, click the Configuration Profiles menu item under the Edit menu.

4.1 preparation work

To define color matching rules, follow these steps.

1. Select the View menu.

two。 Click the Coloring Rules menu item in the lower middle, and the Coloring Rules-Default window will pop up immediately, as shown in figure 2.16.

This window shows the color rules enabled by Wireshark by default, including color rules for TCP packets, routing protocol packets, and packets that match certain protocol events.

Figure 2.16

4.2 method of operation

To adjust the color rules, follow these steps.

To define a new color rule, click the "+" button, as shown in figure 2.17.

Figure 2.17

Fill in the name of this color matching rule in the Name field. For example, to customize the color rules for NTP protocol packets, fill in the input field with NTP.

Fill in the display filter expression in the Filter field to indicate the packets for which this color rule takes effect. For more information about display filters, please read Chapter 4.

Click the Foreground button to select a foreground color for this color matching rule. This color will be the foreground color of packets bound by this color matching rule in the packet list area of the main capture window.

Click the Background button to select a background color for this color matching rule. This color will become the background color of packets bound by this color matching rule in the packet list area of the main window of the grab packet.

To delete a color rule, click the "−" button (to the right of the "+" button).

To modify an existing color rule, double-click the color rule.

Click the Import button to import the ready-made color scheme, and click the Export button to export the current color scheme.

Be careful

The discharge order of the color matching rules in the Coloring Rules window is exquisite. It is important to make sure that the discharge order of the color matching rules matches the execution order of the color scheme. For example, the color matching rules acting on application layer protocol packets should be placed before the color matching rules acting on TCP/UDP packets. Only in this way can Wireshark prevent Wireshark from interfering with the color of TCP/UDP packets for application layer protocol packets.

4.3 the principle behind the scenes

Many actions in Wireshark software are closely related to display filters, as are defining color matching rules, because packets constrained by color matching rules are filtered by predefined display filters.

4.4 Advanced Reading

Many classic Wireshark packet color schemes can be downloaded from Wireshark's official website, and many other examples of color schemes can be found on Internet.

To use a color matching rule file, download those files to your local machine, select the View menu in Wireshark, click the Coloring Rules menu item, and click the Import button in the pop-up Coloring Rules-Default window to import the file.

5 configure time parameters

The adjustment to the time display format is reflected in the contents of the Time column (the default is the second column on the left) in the packet list area of the main Wireshark capture window. In some cases, it is necessary for Wireshark to display packets in multiple time formats. For example, when observing all TCP packets belonging to the same connection, the sending interval of each packet should be the focus of attention; when the packets being observed are being crawled from multiple sources, the exact grab time of each packet should be the most concerned.

5.1 preparation work

To configure the time display format of packets in the packet list area of the Wireshark capture window, go to the View menu, select the Time Display Format menu item, and the submenu shown in figure 2.18 appears on the right.

Figure 2.18

5.2 configuration method

The top half of the submenu of the Time Display Format menu item shown in figure 2.18 contains the following submenu items.

Date and Time of Day

When Wireshark grabs packets to help troubleshoot the network, and the time when the fault occurs is also an important basis for locating the fault (for example, you already know the exact time of the fault and want to know other events that occur in the network at the same time), you should select this submenu item according to the specific situation.

Seconds Since 1970-01-01 (seconds since January 1, 1970)

Epoch refers to 0: 00 a.m. on January 1, 1970, Universal coordinated time (formerly Greenwich mean time). This is also the approximate time when the UNIX system came out.

Seconds Since Beginning of Capture (number of seconds since starting to grab the bag)

This is the default option for Wireshark.

Seconds Since Previous Captured Packet (number of seconds since the last packet was captured)

This is also a common option. Once this menu item is clicked, the Time column in the packet list area will show the crawl time difference for each packet. This submenu item should be selected when monitoring time-sensitive packets (for example, TCP traffic, real-time video traffic, VoIP voice traffic), because the interval at which such packets are sent has a critical impact on the user experience.

Seconds Since Previous Displayed Packet

In cases where a display filter has been applied to have Wireshark display only part of the data in the grab file (for example, if only all packets belonging to a TCP stream are displayed), you should usually click on this submenu item At this time, network administrators should be more concerned about the capture time difference between packets belonging to a certain TCP data stream.

UTC Date and Time of Day

: provide UTC time.

The lower half of the molecular menu item of the Time Display Format menu item involves the adjustment of time precision. It is recommended that you change the default setting only if time precision is required.

You can use any of the Ctrl+Alt+ number keys to adjust the above time format options.

5.3 the principle behind the scenes

When leaving a time imprint on a captured packet, Wireshark is based on the time of the operating system. By default, it is the Seconds Since Beginning of Capture submenu item feature that takes effect.

6. Build a configuration template for troubleshooting

Wireshark configuration templates can be defined to save various configurations for the Wireshark software itself (for example, appearance, predefined color matching rules, packet grabbing and display filters, etc.). To do this, go to the Edit menu and select the Configuration Profile menu item.

The Wireshark configuration template saves the following information.

The definition of the configuration options contained in the Preferences menu item in the Edit menu, including the definition of the Appearance and Protocols function items (for example, the definition of the font of the Wireshark grab main window and the column width of the property column).

Grab the filter.

Display filters and display filter macros (see Chapter 4 for details).

Color matching rules.

Customized HTTP, IMF, and LDAP headers (see Chapter 12 for details).

A user-defined decoding method, for example, as a decoding mode of a function, users can use this function to temporarily change the way Wireshark parses a particular protocol.

All configuration template files are saved in the profiles directory of the Wireshark software Personal Configuration directory.

6.1 preparation work

Run the Wireshark software and click the Capture button on the main sidebar to start grabbing the package (or opening a saved package file).

6.2 method of operation

To open an existing configuration template file, do the following.

1. Click the Profile area on the * side of the status bar and select the existing configuration template you want to use, as shown in figure 2.19.

Figure 2.19

two。 You can also go to the Edit menu, select the Configuration Profiles menu item, and select the existing configuration template you want to adopt in the Configuration Profiles window, as shown in figure 2.20.

Figure 2.20

To create a new configuration template, perform the following steps.

1. Right-click the Profile area on the * side of the status bar and select the New menu item from the pop-up menu, or click the "+" button in the window shown in figure 2.20.

two。 After the new configuration template is created, a new directory is created under the profiles directory, as shown in figure 2.21.

Figure 2.21

3. As you can see from figure 2.21, under the newly created configuration template directory (Wireless template and Wireless directory in this example), you can see the cfilter file containing the capture filter, the colorfilters file containing the color matching rules, the custom_http_header_fields file that saves the HTTP field configuration, and the preference file that saves the function configuration of the preference menu item.

6.3 the principle behind the scenes

When you create a new template, the Wireshark software creates a new directory with the same name under the profiles directory. After that, when you close Wireshark or load another configuration template, a file called recent is born in that new template directory. This file contains general Wireshark window settings, including visual toolbars, timestamp display, font zoom levels, and column widths. If you create grab filters, display filters, and color rules after creating a new configuration template, other files (cfilters, dfilters, and colorfilters, respectively) will be created in that new template directory.

6.4 pick up the gaps and fill the gaps

As mentioned earlier, the files that save the template configuration parameters are located in the profiles directory. Then, it is natural to transfer configuration parameters between different configuration templates, for example, the default preference file contains the following configuration parameters related to the display filter toolbar in the startup window [5].

# Filter Expressions # gui.filter_expressions.label: SIP gui.filter_expressions.enabled: FALSE gui.filter_expressions.expr: sip gui.filter_expressions.label: RTP gui.filter_expressions.enabled: FALSE gui.filter_expressions.expr: rtp the above is how to troubleshoot the network in the Wireshark shared by the editor. If you happen to have similar doubts, please refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.