Wireshark packet capture and analysis: Before we talk about Wireshark, the packet capture tool, let’s talk about packet capture first.Packet capture, that is, packet capture, which is to transmit and receive data packets through network transmission. Operations such as interception, retransmission, editing, and dumping are also used to check network security. Packet capture is also often used for data interception and so on. There are many packet capture tools, and Wireshark is a very commonly used one.
Introduction to Wireshark: Wireshark, formerly known as Ethereal, is network packet analysis software. The function of network packet analysis software is to capture network packets and display the most detailed network packet data as much as possible. Wireshark uses WinPCAP as the interface to exchange data packets directly with the network card. In the past, network packet analysis software was either very expensive or specialized for profit. The advent of Ethereal changed all that. Under the protection scope of the GNU GPL general license, users can obtain the software and its source code at a free price, and have the right to modify and customize its source code. Ethereal is one of the most extensive network packet analysis software in the world.
Wireshark packet capture and analysis: Before we introduce Wireshark, the packet capture tool, let’s talk about packet capture. The so-called packet capture, also known as packet capture.It intercepts, resends, edits, and dumps the data packets sent and received by network transmission, and is also used to check network security. Packet capture is most often used for data interception and so on. There are many packet capture tools for packet capture, and Wireshark is a very commonly used packet capture tool.
Introduction to Wireshark: Wireshark, formerly known as Ethereal, is network packet analysis software. The function of network packet analysis software is to capture network packets and display the most detailed network packet data as much as possible. Wireshark uses WinPCAP as the interface to exchange data packets directly with the network card. In the past, network packet analysis software was very expensive or specialized for profit. The emergence of Ethereal changed all that. Within the scope of the GNU GPL general license, users can obtain the software and its source code for free, and have the right to modify and customize its source code. It can be said that Ethereal is one of the most extensive network packet analysis software in the world.
How to capture packets with Wireshark? Next, we will introduce the operation process of Wireshark in detail. First, we open the main interface of the wireshark software, select the network card on the main interface, and then click start. Wireshark enters the packet capture analysis process. In this article, we choose Ethernet to capture packets.
Next, we can see the real-time data packets captured by wireshark on the interface. We explain the various fields of the packet.
1. No: represents the packet number.
2. Time: How long does it take to catch the software when it starts.
3.Source: source IP
4.Destination: destination IP
5.Protocol: Protocol.
6.Length: the length of the data packet.
7. Info: Packet information.
Next, we click on a piece of parsed data to view the detailed information of the data packet. In the process of capturing packets, we can click the icon to start or stop capturing packets.
Furthermore, we will briefly introduce how to write the filter expressions of source IP and destination IP at Filter: first, we fill in ip.addr eq 192.168.2.101 at Filter, indicates that the source ip and destination ip are both 192.168.2.101 packets. (It is explained here that eq is replaced by == with the same effect)
Fill in Filter: ip.src == 192.168.2.101. Indicates to obtain data packets whose source address is 192.168.2.101; fill in at Filter: ip.dst == 119.167.140.103. Indicates to obtain data packets whose destination address is 119.167.140.103; fill in at Filter: ip.dst == 119.167.140.103 or ip.dst == 192.168.2.45, indicates to obtain data packets whose destination address is 119.167.140.103 or 192.168.2.45. (The example of this method mainly illustrates the usage of or. Different expressions can be followed before and after or.); fill in the filter: ip.dst == 119.167.140.103 and ip.src == 192.168.2.101. Indicates that the destination address is 119.167.140.103 and the source address is 192.168.2.101. (This method example mainly illustrates the usage of and)
This is done. Wireshark can be said to be one of the most widely used network packet analysis software, and its functions are very powerful. It can capture and display various types of data packets in real time, filter data packets in various ways, and perform various statistical analysis. The overall operation is not very difficult, but it should be noted that the above introduction is only one of the operation methods. Its usage is very flexible, and it is enough to master the specific ideas.<a https://cciedump.spoto.nethere