Shulou(Shulou.com)06/01 Report--

Getting started with wireshake what is wireshake

To put it simply, it is a packet sniffing tool for network analysis.

Installation

The experiments here are all based on windows. You can download and install it on the official website. There is nothing to say. Pay attention to installing WinPcap (you can check it during the installation process).

Capture packet

Open wireshake. In the interface, we need to choose which network card to capture the traffic on. Select and double-click.

We can see that the main interface has three panels:

-packet list: the top panel, in which we can see all the packets captured by the network card, including the packet sequence number, capture time, source and destination address of the packet, the protocol of the packet and the overview information found in the packet

-packet details: this middle panel displays the contents of a packet hierarchically, and can display all the contents captured in the packet by expanding and shrinking

-packet bytes: the bottom panel shows the raw appearance of an unprocessed packet

Preferenc

Make some settings according to your own needs, which means the same thing as setting.

You can find preferences in the editing options above, or you can use the shortcut key ctrl+shift+p

Appearance (appearance): the options here determine how to display data Capture (capture): these options allow you to make special settings for the way you capture packets Fileter buttons (filter expression): filter traffic based on setting criteria Name Resolution (name resolution): with this setting, the address can be resolved to a more recognizable name And you can set the maximum number of Protocols (protocols) for concurrent processing of name resolution requests: the options in this section adjust the ability to capture and display various decoded packets

Statistics (Statistics): setting options for statistics

Packet color highlights

When we capture the packet, we can see that the color of the packet is not the same, this is not a randomly assigned color, each color corresponds to the protocol used by the packet, DNS is blue, HTTP is green. This can help us identify packets of different protocols.

You can find the coloring rule under the view bar. If you open it, you can see the corresponding color of the protocol. If you don't think it looks good, you can also create your own coloring rule.

Configuration file

When you want to modify the settings, you need to know the location of the configuration file of wireshake. Under the help bar, find out about wireshake and select a folder. In general, you don't have to worry about it. Advanced users can

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.