±¾ÎÄתÔØ×Ô
¡¾Ð¡Ì¹¿Ë¡¿£¬ÔÎÄÁ´½Ó
http://www.cnblogs.com/tankxiaoÔĶÁĿ¼
- wireshark½éÉÜ
- wireshark²»ÄÜ×öµÄ
- wireshark VS Fiddler
- ͬÀàµÄÆäËû¹¤¾ß
- ʲôÈË»áÓõ½wireshark
- wireshark ¿ªÊ¼×¥°ü
- wireshark ´°¿Ú½éÉÜ
- wireshark ÏÔʾ¹ýÂË
- ±£´æ¹ýÂË
- ¹ýÂ˱í´ïʽ
- ·â°üÁбí(Packet List Pane)
- ·â°üÏêϸÐÅÏ¢ (Packet Details Pane)
- wiresharkÓë¶ÔÓ¦µÄOSIÆß²ãÄ£ÐÍ
- TCP°üµÄ¾ßÌåÄÚÈÝ
- ʵÀý·ÖÎöTCPÈý´ÎÎÕÊÖ¹ý³Ì
wireshark½éÉÜ
wiresharkµÄ¹Ù·½ÏÂÔØÍøÕ¾£ºhttp://www.wireshark.org/
wiresharkÊǷdz£Á÷ÐеÄÍøÂç·â°ü·ÖÎöÈí¼þ£¬¹¦ÄÜÊ®·ÖÇ¿´ó¡£¿ÉÒÔ½ØÈ¡¸÷ÖÖÍøÂç·â°ü£¬ÏÔʾÍøÂç·â°üµÄÏêϸÐÅÏ¢¡£
wiresharkÊÇ¿ªÔ´Èí¼þ£¬¿ÉÒÔ·ÅÐÄʹÓᣠ¿ÉÒÔÔËÐÐÔÚWindowsºÍMac OSÉÏ¡£
ʹÓÃwiresharkµÄÈ˱ØÐëÁ˽âÍøÂçÐÒ飬·ñÔò¾Í¿´²»¶®wiresharkÁË¡£
Wireshark²»ÄÜ×öµÄ
ΪÁË°²È«¿¼ÂÇ£¬wiresharkÖ»Äܲ鿴·â°ü£¬¶ø²»ÄÜÐ޸ķâ°üµÄÄÚÈÝ£¬»òÕß·¢ËÍ·â°ü¡£
Wireshark VS Fiddler
FiddlerÊÇÔÚwindowsÉÏÔËÐеijÌÐò£¬×¨ÃÅÓÃÀ´²¶»ñHTTP£¬HTTPSµÄ¡£
wiresharkÄÜ»ñÈ¡HTTP£¬Ò²ÄÜ»ñÈ¡HTTPS£¬µ«ÊDz»ÄܽâÃÜHTTPS£¬ËùÒÔwireshark¿´²»¶®HTTPSÖеÄÄÚÈÝ
×ܽᣬÈç¹ûÊÇ´¦ÀíHTTP,HTTPS »¹ÊÇÓÃFiddler, ÆäËûÐÒé±ÈÈçTCP,UDP ¾ÍÓÃwireshark
ͬÀàµÄÆäËû¹¤¾ß
΢ÈíµÄnetwork monitor
sniffer
ʲôÈË»áÓõ½wireshark
1. ÍøÂç¹ÜÀíÔ±»áʹÓÃwiresharkÀ´¼ì²éÍøÂçÎÊÌâ
2. Èí¼þ²âÊÔ¹¤³ÌʦʹÓÃwireshark×¥°ü£¬À´·ÖÎö×Ô¼º²âÊÔµÄÈí¼þ
3. ´ÓÊÂsocket±à³ÌµÄ¹¤³Ìʦ»áÓÃwiresharkÀ´µ÷ÊÔ
4. Ìý˵£¬»ªÎª£¬ÖÐÐ˵Ĵ󲿷ֹ¤³Ìʦ¶¼»áÓõ½wireshark¡£
×ÜÖ®¸úÍøÂçÏà¹ØµÄ¶«Î÷£¬¶¼¿ÉÄÜ»áÓõ½wireshark.
wireshark ¿ªÊ¼×¥°ü
¿ªÊ¼½çÃæ
wiresharkÊDz¶»ñ»úÆ÷ÉϵÄijһ¿éÍø¿¨µÄÍøÂç°ü£¬µ±ÄãµÄ»úÆ÷ÉÏÓжà¿éÍø¿¨µÄʱºò£¬ÄãÐèҪѡÔñÒ»¸öÍø¿¨¡£
µã»÷Caputre->Interfaces.. ³öÏÖÏÂÃæ¶Ô»°¿ò£¬Ñ¡ÔñÕýÈ·µÄÍø¿¨¡£È»ºóµã»÷"Start"°´Å¥, ¿ªÊ¼×¥°ü
Wireshark ´°¿Ú½éÉÜ
WireShark Ö÷Òª·ÖΪÕ⼸¸ö½çÃæ
1. Display Filter(ÏÔʾ¹ýÂËÆ÷)£¬ ÓÃÓÚ¹ýÂË
2. Packet List Pane(·â°üÁбí)£¬ ÏÔʾ²¶»ñµ½µÄ·â°ü£¬ ÓÐÔ´µØÖ·ºÍÄ¿±êµØÖ·£¬¶Ë¿ÚºÅ¡£ ÑÕÉ«²»Í¬£¬´ú±í
3. Packet Details Pane(·â°üÏêϸÐÅÏ¢), ÏÔʾ·â°üÖеÄ×Ö¶Î
4. Dissector Pane(16½øÖÆÊý¾Ý)
5. Miscellanous(µØÖ·À¸£¬ÔÓÏî)
Wireshark ÏÔʾ¹ýÂË
ʹÓùýÂËÊǷdz£ÖØÒªµÄ£¬ ³õѧÕßʹÓÃwiresharkʱ£¬½«»áµÃµ½´óÁ¿µÄÈßÓàÐÅÏ¢£¬ÔÚ¼¸Ç§ÉõÖÁ¼¸ÍòÌõ¼Ç¼ÖУ¬ÒÔÖÁÓÚºÜÄÑÕÒµ½×Ô¼ºÐèÒªµÄ²¿·Ö¡£¸ãµÃÔÎͷתÏò¡£
¹ýÂËÆ÷»á°ïÖúÎÒÃÇÔÚ´óÁ¿µÄÊý¾ÝÖÐѸËÙÕÒµ½ÎÒÃÇÐèÒªµÄÐÅÏ¢¡£
¹ýÂËÆ÷ÓÐÁ½ÖÖ£¬
Ò»ÖÖÊÇÏÔʾ¹ýÂËÆ÷£¬¾ÍÊÇÖ÷½çÃæÉÏÄǸö£¬ÓÃÀ´ÔÚ²¶»ñµÄ¼Ç¼ÖÐÕÒµ½ËùÐèÒªµÄ¼Ç¼
Ò»ÖÖÊDz¶»ñ¹ýÂËÆ÷£¬ÓÃÀ´¹ýÂ˲¶»ñµÄ·â°ü£¬ÒÔÃⲶ»ñÌ«¶àµÄ¼Ç¼¡£ ÔÚCapture -> Capture Filters ÖÐÉèÖÃ
±£´æ¹ýÂË
ÔÚFilterÀ¸ÉÏ£¬ÌîºÃFilterµÄ±í´ïʽºó£¬µã»÷Save°´Å¥£¬ È¡¸öÃû×Ö¡£±ÈÈç"Filter 102",
FilterÀ¸ÉϾͶàÁ˸ö"Filter 102" µÄ°´Å¥¡£
¹ýÂ˱í´ïʽµÄ¹æÔò
±í´ïʽ¹æÔò
1. ÐÒé¹ýÂË
±ÈÈçTCP£¬Ö»ÏÔʾTCPÐÒé¡£
2. IP ¹ýÂË
±ÈÈç ip.src ==192.168.1.102 ÏÔʾԴµØַΪ192.168.1.102£¬
ip.dst==192.168.1.102, Ä¿±êµØַΪ192.168.1.102
3. ¶Ë¿Ú¹ýÂË
tcp.port ==80, ¶Ë¿ÚΪ80µÄ
tcp.srcport == 80, Ö»ÏÔʾTCPÐÒéµÄÔ¸¶Ë¿ÚΪ80µÄ¡£
4. Httpģʽ¹ýÂË
http.request.method=="GET", Ö»ÏÔʾHTTP GET·½·¨µÄ¡£
5. Âß¼ÔËËã·ûΪ AND/ OR
³£ÓõĹýÂ˱í´ïʽ
¹ýÂ˱í´ïʽ | ÓÃ; |
http | Ö»²é¿´HTTPÐÒéµÄ¼Ç¼ |
ip.src ==192.168.1.102 or ip.dst==192.168.1.102 | Ô´µØÖ·»òÕßÄ¿±êµØÖ·ÊÇ192.168.1.102 |
| |
| |
·â°üÁбí(Packet List Pane)
·â°üÁбíµÄÃæ°åÖÐÏÔʾ£¬±àºÅ£¬Ê±¼ä´Á£¬Ô´µØÖ·£¬Ä¿±êµØÖ·£¬ÐÒ飬³¤¶È£¬ÒÔ¼°·â°üÐÅÏ¢¡£ Äã¿ÉÒÔ¿´µ½²»Í¬µÄÐÒéÓÃÁ˲»Í¬µÄÑÕÉ«ÏÔʾ¡£
ÄãÒ²¿ÉÒÔÐÞ¸ÄÕâЩÏÔʾÑÕÉ«µÄ¹æÔò£¬ View ->Coloring Rules.
·â°üÏêϸÐÅÏ¢ (Packet Details Pane)
Õâ¸öÃæ°åÊÇÎÒÃÇ×îÖØÒªµÄ£¬ÓÃÀ´²é¿´ÐÒéÖеÄÿһ¸ö×ֶΡ£
¸÷ÐÐÐÅÏ¢·Ö±ðΪ
Frame.ÎïÀí²ãµÄÊý¾ÝÖ¡¸Å¿ö
EthernetII:Êý¾ÝÁ´Â·²ãÒÔÌ«ÍøÖ¡Í·²¿ÐÅÏ¢
Internet Protocol Version 4:»¥ÁªÍø²ãIP°üÍ·²¿ÐÅÏ¢
Transmission Control Protocol:´«Êä²ãTµÄÊý¾Ý¶ÎÍ·²¿ÐÅÏ¢£¬´Ë´¦ÊÇTCP
Hypertext Transfer Protocol:Ó¦ÓòãµÄÐÅÏ¢£¬´Ë´¦ÊÇHTTPÐÒé
wiresharkÓë¶ÔÓ¦µÄOSIÆß²ãÄ£ÐÍ
TCP°üµÄ¾ßÌåÄÚÈÝ
´ÓÏÂͼ¿ÉÒÔ¿´µ½wireshark²¶»ñµ½µÄTCP°üÖеÄÿ¸ö×ֶΡ£
ʵÀý·ÖÎöTCPÈý´ÎÎÕÊÖ¹ý³Ì
¿´µ½Õ⣬ »ù±¾É϶ÔwireshakÓÐÁ˳õ²½Á˽⣬ ÏÖÔÚÎÒÃÇ¿´Ò»¸öTCPÈý´ÎÎÕÊÖµÄʵÀý
Èý´ÎÎÕÊÖ¹ý³ÌΪ
ÕâͼÎÒ¶¼¿´¹ýºÜ¶à±éÁË£¬ Õâ´ÎÎÒÃÇÓÃwiresharkʵ¼Ê·ÖÎöÏÂÈý´ÎÎÕÊֵĹý³Ì¡£
´ò¿ªwireshark, ´ò¿ªä¯ÀÀÆ÷ÊäÈëhttp://www.cnblogs.com/tankxiao
ÔÚwiresharkÖÐÊäÈëhttp¹ýÂË£¬ È»ºóÑ¡ÖÐGET /tankxiao HTTP/1.1µÄÄÇÌõ¼Ç¼£¬ÓÒ¼üÈ»ºóµã»÷"Follow TCP Stream",
ÕâÑù×öµÄÄ¿µÄÊÇΪÁ˵õ½Óëä¯ÀÀÆ÷´ò¿ªÍøÕ¾Ïà¹ØµÄÊý¾Ý°ü£¬½«µÃµ½ÈçÏÂͼ
ͼÖпÉÒÔ¿´µ½wireshark½Ø»ñµ½ÁËÈý´ÎÎÕÊÖµÄÈý¸öÊý¾Ý°ü¡£µÚËĸö°ü²ÅÊÇHTTPµÄ£¬ Õâ˵Ã÷HTTPµÄÈ·ÊÇʹÓÃTCP½¨Á¢Á¬½ÓµÄ¡£
µÚÒ»´ÎÎÕÊÖÊý¾Ý°ü
¿Í»§¶Ë·¢ËÍÒ»¸öTCP£¬±ê־λΪSYN£¬ÐòÁкÅΪ0£¬ ´ú±í¿Í»§¶ËÇëÇó½¨Á¢Á¬½Ó¡£ ÈçÏÂͼ
µÚ¶þ´ÎÎÕÊÖµÄÊý¾Ý°ü
·þÎñÆ÷·¢»ØÈ·ÈÏ°ü, ±ê־λΪ SYN,ACK. ½«È·ÈÏÐòºÅ(Acknowledgement Number)ÉèÖÃΪ¿Í»§µÄI S N¼Ó1ÒÔ.¼´0+1=1, ÈçÏÂͼ
µÚÈý´ÎÎÕÊÖµÄÊý¾Ý°ü
¿Í»§¶ËÔٴη¢ËÍÈ·ÈÏ°ü(ACK) SYN±ê־λΪ0,ACK±ê־λΪ1.²¢ÇÒ°Ñ·þÎñÆ÷·¢À´ACKµÄÐòºÅ×Ö¶Î+1,·ÅÔÚÈ·¶¨×Ö¶ÎÖз¢Ë͸ø¶Ô·½.²¢ÇÒÔÚÊý¾Ý¶Î·ÅдISNµÄ+1, ÈçÏÂͼ:
¾ÍÕâÑùͨ¹ýÁËTCPÈý´ÎÎÕÊÖ£¬½¨Á¢ÁËÁ¬½Ó.