WiresharkÊÇÒ»¿î·Ç³£°ôµÄUnixºÍwindowsÉϵĿªÔ´ÏµÍ³ÍøÂç²ãЭÒé½âÎöÆ÷¡£Wiresharkºº»¯°æ¿ÉÒÔ¼´Ê±¼ìÑéÍøÂçͨÐÅÊý¾ÝÐÅÏ¢£¬»¹¿ÉÒÔ¼ìÑéÆäץȡµÄÍøÂçͨÐÅÊý¾ÝÐÅÏ¢¿ìÕÕ¸üÐÂÎĵµ¡£Wiresharkºº»¯°æ¿ÉÒÔ¸ù¾ÝÓû§½çÃæ·ÃÎÊÕâÖÖÊý¾ÝÐÅÏ¢£¬¿ÉÒÔ²éѯÍøÂçͨÐÅÊý¾Ý°üÖÐÿһ²ãµÄÏ꾡ƒÈÈÝ¡£WiresharkÓÐןܶàÇ¿ÓÐÁ¦µÄÌص㣺°üÀ¨ÓÐÇ¿±íÃ÷¹ýÂËÆ÷ÓïÑÔ±í´ï£¨rich display filter language£©ºÍ²éѯTCP¶Ô»°ÖØй¹½¨Á÷µÄ¹¤×÷ÄÜÁ¦£»Ëü¸üÊÊÓÃÉÏǧÖÖЭÒéÊéºÍÐÂÎÅýÌåÖÖÀࣻ ÓÐ×ÅÒ»¸öÏà½ütcpdump(Ò»¸öLinuxϵÄÍøÂç²ãЭÒé·ÖÎö¹¤¾ß)µÄÃû½ÐtetherealµÄµÄcmd°æ±¾ºÅ¡£

Èí¼þ¹¦ÄÜ

Wireshark£¨Ç°³ÆEthereal£©ÊÇÒ»¸ö»¥ÁªÍø·â°ü·ÖÎöϵͳ¡£»¥ÁªÍø·â°ü·ÖÎöϵͳµÄ¹¦ÓÃÊDzÉߢ»¥ÁªÍø·â°ü, ²¢¾¡Á¿±íÃ÷³ö¸üΪÏ꾡µÄ»¥ÁªÍø·â°ü²ÄÁÏ¡£»¥ÁªÍø·â°ü·ÖÎöϵͳµÄ×÷ÓÿÉÏëÏñ³É µç¹¤¼¼Ê¦Ó¦Óõç¶È±íÀ´Á¿²âµçÁ÷Á¿¡¢¹¤×÷µçѹ¡¢µç×èÆ÷ µÄ¹¤×÷ÖÐ - ½ö½ö½«Çé¾°ÒÆÖ³µ½»¥ÁªÍøÉÏ£¬²¢½«µçÀÂÏß»»³ÉÍøÏß¡£

¹ýÈ¥£¬»¥ÁªÍø·â°ü·ÖÎöϵͳÊÇÊ®·Ö¼Û¸ñ°º¹ó£¬»òÕßרҵ¹éÊôÓÚÓªÔËÓõÄÊÖ»úÈí¼þ¡£EtherealµÄ·¢Éúת±äÁËÕâÒ»ÇС£ÔÚGNU GPLͨÓÃÐÔÐí¿ÉÖ¤ÊéµÄÈ·±£·¶³ëϱߣ¬Ê¹ÓÃÈË¿ÉÒÔС˵Ãâ·Ñ¿´µÄ³É±¾»ñµÃÊÖ»úÈí¼þÓëÆä˵³ÌʽÂ룬²¢ÓÐ×ŶÔÓÚÆä³õʼÂë¸Ä¶¯¼°hkkbµÄÖ§ÅäȨ¡£EtherealÊÇÏֽ׶ÎÈ«Çò×îÆÕ±éµÄ»¥ÁªÍø·â°ü·ÖÎöϵͳ֮һ

Wireshakr×¥°üÈí¼þÒ³Ãæ

±íÃ÷£ºÊý¾Ý°üÁбíÇøÖв»Ò»ÑùµÄЭÒéÊéÓ¦ÓÃÁ˲»Ò»ÑùµÄÉ«²ÊÇø±ð¡£Ð­ÒéÊéÉ«µ÷±êÖ¾¾«×¼¶¨Î»ÔÚ¹¤¾ßÀ¸View --gt; Coloring Rules¡£ÈçÏÂËùʾËùÏÔʾ

WireShark ¹Ø¼ü·Ö³ÉÕâºÃ¶à¸öÒ³Ãæ

1. Display Filter(±íÃ÷¹ýÂËÆ÷)£¬ ÓÃÒÔÉ趨¹ýÂDZê×¼¿ªÕ¹Êý¾Ý°üÁбí¹ýÂÇ¡£²Ëµ¥À¸Í¾¾¶£ºAnalyze --gt;Display Filters¡£

2. Packet List Pane(Êý¾Ý°üÁбí)£¬ ±íÃ÷²¶×½µ½µÄÊý¾Ý°ü£¬Ã¿Ò»¸öÊý¾Ý°ü°üÀ¨ÐòºÅ£¬Ê±¼ä¸ñʽ£¬·þÎñÆ÷ip£¬×ÜÌåÄ¿±êÏêϸµØÖ·£¬Ð­ÒéÊ飬³¤¶Ì£¬¼°ÆäÊý¾Ý°üÐÅÏ¢¡£ ²»Ò»ÑùЭÒéÊéµÄÊý¾Ý°üÓ¦ÓÃÁ˲»Ò»ÑùµÄÉ«²ÊÇø±ð±íÃ÷¡£

3. Packet Details Pane(Êý¾Ý°üÏ꾡ÐÅÏ¢), ÔÚÊý¾Ý°üÁбíÖÐÌôÑ¡Ìض¨Êý¾Ý°ü£¬ÔÚÊý¾Ý°üÏ꾡ÐÅÏ¢Öлá±íÃ÷Êý¾Ý°üµÄÈ«²¿Ï꾡ÐÅÏ¢ƒÈÈÝ¡£Êý¾Ý°üÏ꾡ÐÅÏ¢¿ØÖÆÃæ°åÊÇ×îÖØÒªµÄ£¬ÓÃÓÚ²éѯЭÒéÊéÖеÄÿһ¸ö×Ö¶ÎÃû¡£¸÷Ðи÷ÒµÐÅÏ¢¸÷×ÔΪ

£¨1£©Frame:mac²ãµÄÊý¾ÝÖ¡¸ÅÊö

£¨2£©EthernetII:Êý¾ÝÁ´Â·²ãÒÔÌ«Íø½Ó¿ÚÖ¡Í·¶¥²¿ÐÅÏ¢

£¨3£©Internet Protocol Version 4:»¥ÁªÍø¼¼Êõ²ãIP°üÍ·¶¥²¿ÐÅÏ¢

£¨4£©Transmission Control Protocol:ÍøÂç²ãTµÄÊý¾ÝÐÅÏ¢¶ÎÍ·¶¥²¿ÐÅÏ¢£¬ÕâÀïÊÇTCP

£¨5£©Hypertext Transfer Protocol:ÍøÂç²ãµÄÐÅÏ¢£¬ÕâÀïÊÇHTTPЭÒéÊé

TCP°üµÄÖ÷ÒªÄÚÈÝ

´ÓͼƬ¿ÉÒÔ¼ûµ½wireshark²¶×½µ½µÄTCP¿âÖеÄÿһ¸ö×Ö¶ÎÃû¡£

4. Dissector Pane(Êý¾Ý°ü×Ö½ÚÊýÇø)¡£

Wireshark¹ýÂËÆ÷É趨

ÐÂÊÖÓ¦ÓÃwiresharkʱ£¬¿ÉÄÜ»ñµÃºÜ¶àµÄ³ÁÓàÊý¾Ý°üÁÐ±í£¬ÒÔÖÂÓÚÄÑÒÔÑ°ÕÒ×ÔÉí×ÔÉíץȡµÄÊý¾Ý°üÒ»²¿·Ö¡£wiresharרÓù¤¾ßÖÐÄÚÖÃÁ˶þÖÖÀà±ðµÄ¹ýÂËÆ÷£¬Ñ§ºÃÔËÓÃÕâ¶þÖÖ¹ýÂËÆ÷»áЭÖúÎÒÃÇÔںܶàµÄͳ¼ÆÊý¾ÝÖпìËÙ·¢ÏÖ´ó¼Ò±ØÐëµÄÐÅÏ¢¡£

£¨1£©×¥°üÈí¼þ¹ýÂËÆ÷

²¶×½¹ýÂËÆ÷µÄ¹¤¾ßÀ¸Í¾¾¶ÎªCapture --gt; Capture Filters¡£ÓÃÒÔÔÚץȡÊý¾Ý°üÇ°É趨¡£

ÔõôʹÓã¿¿ÉÒÔÔÚץȡÊý¾Ý°üÇ°É趨ÈçÏÂËùʾ¡£

ip host 60.207.246.216 and icmp±íÃ÷Ö»²¶×½·þÎñÆ÷IPΪ60.207.246.216µÄICMPÊý¾Ý°ü¡£»ñµÃ½Y¹ûÈçÏÂËùʾ£º

£¨2£©±íÃ÷¹ýÂËÆ÷

±íÃ÷¹ýÂËÆ÷ÊÇÓÃÒÔÔÚץȡÊý¾Ý°üºóÉ趨¹ýÂDZê×¼¿ªÕ¹¹ýÂÇÊý¾Ý°ü¡£Ò»°ãÊÇÔÚץȡÊý¾Ý°üʱÉ趨±ê×¼Ïà¶ÔÐԹ㷺£¬×¥È¡µÄÊý¾Ý°üƒÈÈݽ϶àʱӦÓñíÃ÷¹ýÂËÆ÷É趨±ê×¼¹Ë¼ÉÒÔ±ã½ÝÆÊÎö¡£Ò»ÑùÒÔÉÏÇé¾°£¬ÔÚ²¶×½Ê±Î´É趨²¶×½±ê×¼Á¢¼´¸ù¾ÝÍø¿Ú¿ªÕ¹×¥È¡È«²¿Êý¾Ý°ü£¬ÈçÏÂËùʾ

ʵÐÐping huawei»ñµÃµÄÊý¾Ý°üÁбíÈçÏÂËùʾ

¹Û²éÒÔÉÏ»ñµÃµÄÊý¾Ý°üÁÐ±í£¬´øÓдóÁ¿µÄµÄʧЧÊý¾ÝÐÅÏ¢¡£Õâʱºò¿ÉÒÔ¸ù¾ÝÉ趨ÏÔʾÆÁ¹ýÂDZê×¼¿ªÕ¹»ñÈ¡ÆÊÎöÐÅÏ¢¡£ip.addr == 211.162.2.183 and icmp¡£²¢ÊµÏÖ¹ýÂÇ¡£

ÒÔÉϽ²½âÁË×¥°üÈí¼þ¹ýÂËÆ÷ºÍ±íÃ÷¹ýÂËÆ÷µÄ»ù±¾ÉϲÙ×÷·½·¨¡£ÔÚ×éÍø·½°¸²»·±ÔÓ»òÊÇ×ÜÁ÷Á¿²¢²»´ó×´¿öÏ£¬Ó¦ÓÃÏÔʾÆÁ¹ýÂËÆ÷¿ªÕ¹×¥°üÈí¼þºó´¦Àí¹¤ÒվͿÉÒÔ´ïµ½´ó¼ÒÓ¦Óá£Ï±߽éÉÜһ϶þÕß¼äµÄÓ¢ÓïµÄÓï·¨¼°ÆäÆäµÄ²î±ð¡£