Shulou(Shulou.com)05/31 Report--

How to introduce Wireshark, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain for you in detail, people with this need can come to learn, I hope you can gain something.

Anyone who studies the Internet must be no stranger to Wireshark, but I only know how to use Wireshark before, and the technical level is very shallow. In the 2015 National Competition for Information Security Management and Evaluation, there are high requirements for the use of Wireshark. In addition, there is a ranking of network security tools abroad (http://sectools.org/), including a total of 125 security tools, of which Wireshark ranks first in the list. All this has led to the determination to learn Wireshark systematically as the next blog topic after DVWA.

Wireshark is currently the most widely used open source package capture software, its predecessor is Ethereal, written by Gerald Combs and released under the GPL open source license in 1998. Do you still remember the GNU project mentioned when you were learning Linux? GPL is the core protocol of GNU, and all software that follows this agreement must be open source and free, which should be the main reason why Wireshark can develop rapidly and rank first in Sectools rankings for a long time.

The core function of Wireshark is to capture network packets and show the details of the packets as much as possible. The underlying layer needs the support of Winpcap. Its basic working principle is that when the network card on the computer receives the data frame, it will check whether the destination MAC of the data frame is the same as the MAC address of the local network card. If it is different, discard the frame, if it is the same, receive the frame and give it to the upper layer for processing. For broadcast or multicast frames, the network card also receives them, but under normal circumstances, these frames are discarded. When Wireshark is started on the computer, the network card will be set to promiscuous mode. As long as the data frame can reach the network card, no matter whether the destination MAC of the frame is the same as the MAC address of the local network card, the network card will be received and handed over to Wireshark for processing.

Wireshark is widely used. If you are a network engineer, you can locate and troubleshoot the network through Wireshark; if you are a security engineer, you can quickly locate the network * and find out the source of * *; if you are a * * or software engineer, you can analyze the underlying communication mechanism through Wireshark, and so on.

The official website of Wireshark is https://www.wireshark.org/, and you can download the corresponding version according to your needs.

The installation of Wireshark is very simple, just click the next button. Wireshark relies on Winpcap to work, and if the computer does not have WinPcap software installed, the installer will require Winpcap to be installed, or click the next button all.

After the Wireshark is running, select the network card to be monitored in the Capture module, and then click Start to start grabbing the package.

Click the stop button in the toolbar to stop the packet capture, and then you can choose to save the captured packet, so that you can open it for analysis at any time, or send it to others for analysis.

Since the latest version 2.0, Wireshark has been able to support Chinese perfectly and is more convenient to use.

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.