Wireshark yog ib daim ntawv pub dawb uas tso cai rau koj mus ntes thiab saib cov ntaub ntawv taug kev tawm mus rau hauv koj lub network, muab lub peev xwm los xyaum thiab nyeem cov ntawv ntawm txhua pob ntawv - lim kom tau raws li koj cov kev xav tau. Nws yog nquag siv los txhim kho cov teeb meem hauv lub network nrog rau kev tsim thiab sim software. Qhov kev sib tham ntawm qhov qhib los ntawm tus kws tshawb fawb tau txais kev pom zoo los ntawm kev ua lag luam, kev sib tw ncaj ncees ntawm ntau xyoo.
Keeb kwm paub zoo li Ethereal, Wireshark ntseg ib tus neeg siv tus phooj ywg interface uas tuaj yeem tso cov ntaub ntawv los ntawm ntau pua kev sib tham ntawm txhua hom loj network. Cov ntaub ntawv packets tau saib nyob rau hauv real-time lossis analyzed offline, nrog dozens ntawm kev ntes / kab tawm cov ntaub ntawv tawm suab xws li CAP thiab ERF . Cov cuab yeej siv kho cov ntaub ntawv tso cai rau koj mus saib cov ntaub ntawv encrypted rau ntau ntau cov txheej txheem xws li WEP thiab WPA / WPA2 .
01 ntawm 07
Daus thiab Txhim Kho Wireshark
Wireshark tuaj yeem rub tawm tsis tau them nyiaj los ntawm Wireshark Foundation lub website rau ob qho lag luam thiab lub tshuab ua haujlwm hauv Windows. Tshwj tsis yog tias koj yog tus neeg siv siab heev, nws tau pom zoo kom tias koj tsuas download tau qhov tseeb ruaj khov tso. Thaum cov txheej txheem teeb meem (Qhov rais tsuas yog) koj yuav tsum xaiv los tsim WinPcap yog tias muaj kev cuam tshuam, raws li nws muaj xws li ib lub tsev qiv ntawv uas yuav tsum tau ua rau cov ntaub ntawv khaws cia tau nyob.
Daim ntawv thov no kuj muaj rau Linux thiab feem ntau lwm lub platform UNIX xws li Red Hat , Solaris, thiab FreeBSD. Lub binaries uas yuav tsum tau muaj rau cov kev khiav hauj lwm ua haujlwm no muaj nyob rau hauv qab ntawm nplooj ntawv ntawm phab ntsa peb sab.
Koj tuaj yeem luam tau Wireshark tus cai los ntawm nplooj ntawv no.
02 ntawm 07
Yuav Nrhiav Tshaj Cov Ntaub Ntawv Npaum Cas
Thaum koj xub qhib Wireshark ib qho khoom txais tos zoo ib yam li cov lus qhia saum toj saud yuav tsum pom, muaj ib daim ntawv teev cov kev sib txuas sib txuas rau hauv koj lub cuab tam tam sim no. Hauv qhov ua piv txwv no, koj yuav pom tias cov kev txuas nram qab no muaj qhia: Bluetooth Network Connection , Ethernet , VirtualBox Host-Only Network , WI-Fi . Tso tawm rau sab xis ntawm txhua tus yog daim EKG-style kab uas sawv cev rau cov tsheb khiav hauv lub zos.
Yog xav pib khaws cov pob ntawv, xub xaiv ib los yog ntau dua ntawm cov kev sib txuas los ntawm qhov koj xaiv (s) thiab siv cov haujlwm tuav haujlwm lossis Ctrl yog tias koj xav sau cov ntaub ntawv los ntawm ntau lub network sib txig sib luag. Thaum ib hom kev txuas raug xaiv los ua rau lub hom phiaj, nws cov keeb kwm yav dhau los yuav xuas xiav lossis xiav. Nias ntawm Kev Capture los ntawm cov ntawv qhia zaub mov tseem ceeb, nyob rau sab saum toj ntawm Wireshark interface. Thaum cov ntawv ceeb toom tuaj saib, xaiv Qhov Kev Xaiv Pib .
Koj tuaj yeem pib pib pob ntawv ntes ntawm ib qho ntawm cov hauv qab no.
- Keyboard: Xovxwm Ctrl + E
- Nas: Yuav pib khaws cov pob ntawv ntawm ib qho network, nyem ob-nias ntawm nws lub npe
- Toolbar: Nias ntawm xiav npias npias khawm, nyob ntawm sab laug ntawm tes ntawm Wireshark toolbar
Qhov kev txav ntawm lub sijhawm tam sim no yuav pib, nrog cov ntaub ntawv qhia tias tau tso tawm hauv Wireshark qhov rais thaum lawv kaw. Ua ib qho ntawm cov yeeb yam hauv qab no kom tsis txhob ntes.
- Keyboard: Xovxwm Ctrl + E
- Toolbar: Nias lub khawm liab nres, nyob ntawm ib sab ntawm tus nplhaib ntawm Wireshark toolbar
03 ntawm 07
Saib thiab Tshawb Fawb Cov Lus Cim
Tam sim no uas koj tau kaw qee cov ntaub ntawv network nws yog lub sijhawm los saib xyuas cov ntawv ntes. Raws li muaj nyob rau hauv qhov screenshot saum toj no, tus ntes cov ntaub ntawv muaj peev xwm muaj 3 lub ntsiab khej: Cov ntawv sau pane, pob ntawv pane, thiab pob ntawv bytes pane.
Pob ntawv sau
Cov ntawv sau npe pane, nyob rau sab saum toj ntawm lub qhov rais, qhia txhua pob khoom pom nyob rau hauv cov ntaub ntawv nquag tuaj. Txhua pob ntawv nws muaj nws tus kheej thiab tus xov tooj uas raug muab tso rau nws, nrog rau txhua cov ntsiab lus ntawm cov ntaub ntawv.
- Lub sij hawm: Lub timestamp ntawm thaum lub pob ntawv tau ntes tau tshwm nyob rau hauv kab no, nrog lub neej ntawd hom yog cov vib nas this (los yog ib nrab vib nas this) vim qhov cov ntaub ntawv ntes no tau tsim thawj zaug. Txhawm rau hloov cov hom ntawv no rau tej yam uas yuav pab tau me ntsis, xws li sij hawm ntawm hnub, xaiv Lub Sij Hawm Lub Sij Hawm Npe ntawm Wireshark's View menu - nyob rau sab saum toj ntawm lub ntsiab interface.
- Source: Kem no muaj qhov chaw nyob (IP los yog lwm yam) qhov twg pob ntawv originated.
- Lo Lus Npe: Qhov kem no muaj qhov chaw nyob uas xa mus rau.
- Raws tu (Protocol): Lub pob ntawv raws npe (piv txwv, TCP) tuaj yeem pom muaj nyob hauv kab no.
- Ntev: Lub pob ntawv ntev, hauv cov bytes, tso tawm kom pom hauv kab no.
- Info: Cov lus qhia ntxiv txog cov pob ntawv uas tau muab nthuav tawm ntawm no. Cov ntsiab lus ntawm kem no yuav txawv heev nyob ntawm cov txheej txheem.
Thaum twg pob ntawv xaiv nyob rau sab saum toj lub pane, koj yuav pom ib qho los yog ntau dua cim tshwm hauv thawj kab ntawv. Cov ntawv qhib thiab / los yog kaw, nrog rau txoj kab ncaj ncaj, tuaj yeem qhia tau tias cov pob ntawv lossis pawg pob ntawv yog ib feem ntawm kev sib tham sib txuas-tawm thiab sib tham hauv lub network. Lub kab rov tav tawg qhia tias qhov pob ntawv tsis yog ib feem ntawm kev sib tham.
Cov lus qhia ntxiv
Cov ntsiab lus pane, pom nyob hauv nruab nrab, nthuav txog cov txheej txheem thiab cov txheej txheem ntawm cov xaiv pob ntawv nyob rau hauv hom txheej txheem. Ntxiv rau kev nthuav tawm txhua qhov kev xaiv, koj tuaj yeem siv cov Vireshark cov ntxaij lim dej raws li cov ntsiab lus tseem ceeb thiab raws li cov kwj ntawm cov ntaub ntawv raws li hom ntawv pov thawj ntawm cov ntsiab lus ntsiab lus qhia - siv tau los ntawm koj tus nas nia ntawm yam khoom hauv qhov pane.
Packet Bytes
Ntawm sab hauv qab yog lub pob ntawv bytes pane, uas qhia txog cov ntaub ntawv raw ntawm cov pob ntawv xaiv nyob rau hauv kev pom hexadecimal. Pob zeb hla no muaj 16 hexadecimal bytes thiab 16 ASCII bytes alongside cov ntaub ntawv offset.
Xaiv ib feem ntawm cov ntaub ntawv no yuav qhia txog nws cov seem hauv cov ntaub ntawv pane thiab lwm txoj haujlwm. Cov ntawv keeb kwm uas tsis tuaj yeem muab luam tawm tsuas yog ib lub sijhawm.
Koj tuaj yeem xaiv los qhia cov ntaub ntawv no hauv me ntsis raws li tau txwv kom tau hexadecimal los ntawm txoj cai-nias nyob rau hauv lub pane thiab xaiv qhov kev xaiv tsim nyog los ntawm cov ntawv qhia zaub mov.
04 ntawm 07
Siv Wireshark Lim
Ib qho ntawm qhov tseem ceeb tshaj plaws feature teev nyob rau hauv Wireshark yog nws lub peev xwm lim, tshwj xeeb tshaj yog thaum koj nyob nraum soj ntsuam nrog cov ntaub ntawv uas tseem ceeb nyob rau hauv loj. Capture lim tau tso tawm ua ntej qhov tseeb, qhia Wireshark tsuas sau cov ntawv ntim uas ua tau raws li koj tau teev tseg.
Cov lim dej kuj tuaj yeem yuav muaj ntaub ntawv thov kom ntes tau cov ntaub ntawv uas twb tau tsim kom tsuas muaj qee cov ntawv ntim. Cov no yog hu ua cov ntxaij lim dej.
Wireshark muab ntau tus lim cov khoom ua ntej los ntawm lub neej, cia koj nqaim cia cov ntawv pom nrog muaj ob peb lub ntsiab lus los yog cov tswb nas. Siv ib qho ntawm cov lim dej uas twb muaj lawm, muab nws lub npe tso rau hauv Daim Ntawv Cuam Tshuam Yam Ntxim Saib Ntxim Ua (nyob ncaj qha hauv qab Wireshark toolbar) los yog hauv lub Nkag Mus Cuam Tshuam chaw nkaum (nyob hauv nruab nrab ntawm kev txais tos).
Muaj ntau txoj hauv kev los ua qhov no. Yog tias koj twb paub lub npe ntawm koj lub lim, tsuas sau nws rau hauv qhov chaw uas tsim nyog. Piv txwv, yog tias koj tsuas xav kom tso saib TCP pob ntawv koj yuav ntaus tcp . Wireshark's autocomplete feature yuav qhia pom cov npe thaum koj pib typing, ua nws yooj yim mus nrhiav qhov tseeb moniker rau lub lim koj nyob nraum nrhiav.
Lwm txoj kev xaiv lub lim yog mus nias rau ntawm qhov zoo li lub thev nias cim rau ntawm sab xub ntiag ntawm kev nkag teb chaws. Qhov no yuav nthuav tawm ib qho zaub mov uas muaj qee cov feem ntau siv cov ntxaij lim dej thiab ib qho kev xaiv rau Kev Tswj Cuam Tshuam los sis Tswj Zaub Cov Khoom . Yog tias koj xaiv tswj ob hom ib qho interface yuav tshwm sim rau koj ntxiv, rho tawm lossis hloov lim.
Koj kuj tuaj yeem nkag mus siv cov lim uas tau xaiv los ntawm kev xaiv tus xub lawm, nyob rau ntawm sab xis sab ntawm txoj cai nkag teb chaws, uas qhia txog keeb kwm ntawm kev sau npe.
Tom qab teeb, ntes cov ntxaij lim dej yuav siv thaum koj pib sau cov tsheb khiav. Yuav ua li cas thiaj thov tau cov duab lim, tab sis, koj yuav tsum tau nyem rau ntawm txoj xub xub khawm pom nyob rau ntawm sab sab xis sab ntawm txoj cai nkag teb chaws.
05 ntawm 07
Txoj Cai Kev Ncauj Lus
Thaum Wireshark kev ntes thiab tso saib cov duab tso cai rau koj txwv cov packets raug kaw los yog pom ntawm qhov kev tshuaj ntsuam, nws qhov kev ua haujlwm zoo nkauj yuav siv ntau yam ntxiv los ntawm kev ua kom yooj yim kom paub qhov sib txawv ntawm cov pob ntawv sib txawv raws li lawv tus neeg Hawj. Qhov kev daws teeb meem no cia kom koj nrhiav tau cov pob ntawv nyob rau hauv qhov kev cawm dim los ntawm lawv cov kab xev xim nyob rau hauv cov ntawv sau pane.
Wireshark los txog 20 lub hnub tso cai cov cai uas ua rau hauv; txhua tus uas kho tau, xiam oob qhab lossis tshem tawm yog tias koj xav tau. Koj tseem tuaj yeem ntxiv cov ntxoov ntxoo-ntxim ntxoov ntxoo tshiab los ntawm cov kev cai tswj xim, ua tau zoo los ntawm Saib Ntawv qhia zaub mov. Ntxiv rau qhov txhais lub npe thiab lim cov cai rau txhua txoj cai, koj kuj tau hais kom koom nrog ob qho xim tom qab thiab xim xim.
Pob ntawv colorization yuav toggled thiab nyob rau ntawm Colorize Packet Daim ntawv xaiv, kuj pom nyob rau hauv cov Saib Ntawv qhia.
06 ntawm 07
Txheeb cais
Ntxiv nrog rau cov ncauj lus kom ntxaws txog koj cov ntaub ntawv network hauv Wireshark lub qhov rais loj, ob peb lwm yam kev pabcuam muaj nyob rau ntawm Kev Tshawb Fawb Cov Ncauj Lus tawm ntawm cov lus qhia nyob rau sab saum toj ntawm qhov screen. Cov no suav nrog cov ntaub ntawv me me thiab cov sij hawm txog cov ntaub ntawv nws tus kheej, nrog rau ntau cov kab kos thiab duab ua ke ntawm cov ntsiab lus ntawm kev sib txuas lus kev sib txuas lus mus rau kev faib khoom ntawm HTTP kev thov.
Cov ntxaij lim dej tuaj yeem siv rau ntau cov kev txheeb cais ntawm lawv tus kheej interfaces, thiab cov qhab-nees tuaj yeem xa tuaj rau ntau hom ntaub ntawv xws li CSV , XML , thiab TXT.
07 ntawm 07
Advanced Nta
Txawm hais tias peb tau them feem ntau ntawm Wireshark's main functionality nyob rau hauv qhov tsab xov xwm no, kuj muaj ib phau ntawm cov nta ntxiv uas muaj nyob rau hauv cov cuab yeej muaj zog uas feem ntau tshwj tseg rau cov neeg siv tau zoo siab. Qhov no suav nrog kev muaj peev xwm sau koj tus kheej cov neeg sib cav sib ceg hauv Luv lub programming lus.
Yog xav paub ntxiv txog cov kev tshaj lij no, hu rau Wireshark's official user guide.