Академический Документы
Профессиональный Документы
Культура Документы
Introduction:
In late 1997 Gerald Combs needed a tool for tracking down network
problems and wanted to learn more about networking so he started writing
Ethereal.
In 2006 the project moved house and re-emerged under a new name:
Wireshark.
In 2008, after ten years of development, Wireshark finally arrived at version
1.0.
In 2015 Wireshark 2.0 was released, which featured a new user interface.
Working Principle:
Bit view
Human
readable
format
Applications:
Network
administrators
use
it
to
troubleshoot network problems
Network security engineers use it to
examine security problems
Developers use it to debug protocol
implementations
People use it to learn network protocol
internals
How it Works?
List
OSI Layers:
HTTP, SMTP
Jpeg, Gif, MPEG
WinSock
TCP, UDP
IP, ICMP
Ethernet, FDDI
Fiber, WireLess
Physical
presentation
Data link
Network
Transport
the
the
not
the
Capture Filters:
Host 172.18.5.4 Net 192.168.0.0/24
host www.example.com and not (port 80 or port 25)
Port 53 capture packets from specific port
(tcp[0:2] > 1500 and tcp[0:2] < 1550) or (tcp[2:2] > 1500 and
tcp[2:2] < 1550) capture packets within range of ports
src net 192.168.0.0 mask 255.255.255.0
pppoes and (host 192.168.0.0 and port 80) capture pppoe
traffic.
Display Filters:
Ip.addr eq 172.16.52.110
Ip.src eq addr1 and ip.dst addr2
http contains url
http.request.method == "GET"
tcp.port == 80 and ip.src ==
192.168.2.1
Ip.src ne addr1 or ip.dst ne addr1
http.content_type matches "audio/*"
https://www.wireshark.org/#learnWS
https://en.wikipedia.org/wiki/Wireshark
Identify Packet
https://ask.wireshark.org/questions/7621/identify-packet
Wireshark Filters
https://www.wireshark.org/docs/man-pages/wireshark-filter.html
Ethernet Packet
http://www.infocellar.com/networks/ethernet/frame.htm
http://ecomputernotes.com/computernetworkingnotes/communicationnetworks/cyclic-redundancy-check