Wireshark is a tool used to capture and analyze network traffic. Wireshark mainly used by network administrators and security professionals in order to inspect networks and find security vulnerabilities or malware behaviors.
Wireshark是用于捕获和分析网络流量的工具。 Wireshark主要由网络管理员和安全专业人员使用,以检查网络并查找安全漏洞或恶意软件行为。
实时捕捉 (Live Capture)
Wireshark can capture network traffic of the given interface. Wireshark supports different interface types and protocols. Here is a list of interface types supported by Wireshark
Wireshark可以捕获给定接口的网络流量。 Wireshark支持不同的接口类型和协议。 这是Wireshark支持的接口类型的列表
- Ethernet乙太网路
- Wifi 802.11无线802.11
- USB USB
Wireshark supports a lot of different protocols. But listing them here is unfeasible we will only list most popular of them.
Wireshark支持许多不同的协议。 但是在这里列出它们是不可行的,我们只会列出其中最受欢迎的。
- USB 2.0,3.0 USB 2.0、3.0
- Ethernet 乙太网路
- WiFi无线上网
- WimaxWimax
- IRDA IRDA
Wireshark can capture the given traffic of the interface or protocol lively. We can filter and get detailed information about the given traffic or packet like below.
Wireshark可以生动地捕获接口或协议的给定流量。 我们可以过滤并获取有关给定流量或数据包的详细信息,如下所示。
网络检查(Network Inspection)
Wireshark is mainly designed to be a network capture or inspection tool. The inspection of features of the Wireshark is very advanced. We can list all captured data in a structured format like below. All captured packets are numbered and inspected one by one. We can see below Packet 1754 data and information provided in an easy to read way. We can get information about Frame, Ethernet, IP, UDP, and DNS.
Wireshark主要设计为网络捕获或检查工具。 Wireshark的功能检查非常先进。 我们可以按照以下结构化格式列出所有捕获的数据。 对所有捕获的数据包进行编号和检查。 我们可以在下面看到以易于阅读的方式提供的Packet 1754数据和信息。 我们可以获得有关帧,以太网,IP,UDP和DNS的信息。
过滤网络流量(Filter Network Traffic)
We can also filter given traffic according to our parameters. We can filter on according to the following parameters.
我们还可以根据参数过滤给定的流量。 我们可以根据以下参数进行过滤。
- Ethernet and options 以太网和选件
- IP and optionsIP和选项
- IP AddressIP地址
- Source IP Address源IP地址
- Destination IP Address目的IP地址
- TCP and optionsTCP和选项
- UDP and optionsUDP和选项
- TCP SessionTCP会话
We can filter by using the expression box with the related parameter. In the following screenshot, we will filter only DNS traffic for inspection. We will just put dns
to the expression box.
我们可以使用带有相关参数的表达式框进行过滤。 在以下屏幕截图中,我们将仅过滤DNS流量进行检查。 我们将dns
放到表达式框中。
网络和捕获统计 (Network and Capture Statistics)
During the end of the capture, we can get a network and capture statistics. Statistics provide a lot of information for different protocols. We can use the Statistics
menu which provides End Point, PAckaet Length, Protocol Hierarchy, DNS, TCP, HTTP related statistics. Here we see the Conversation Statistics about protocols. We can see the IP source and destination endpoints with traffic size.
在捕获的最后,我们可以获取网络并捕获统计信息。 统计信息为不同的协议提供了大量信息。 我们可以使用Statistics
菜单来提供端点,PAckaet长度,协议层次结构,DNS,TCP,HTTP相关统计信息。 在这里,我们看到有关协议的会话统计信息。 我们可以看到IP源和目标端点的流量大小。
颜色规则(Color Rules)
While analyzing packets we have to make the analyzing job easier with coloring. There will be a lot of packets where it will be very hard to read and track them one by one. We can colorize the packets according to their types of situations. Wireshark provides 20colors for different packet protocols and cases. New color rules can be added.
在分析数据包时,我们必须通过着色使分析工作更容易。 将会有很多数据包,很难一一读取和跟踪它们。 我们可以根据情况的不同对数据包进行着色。 Wireshark为不同的数据包协议和案例提供20种颜色。 可以添加新的颜色规则。
We can see that Bad TCP
or OSP State Change
packets are colored with a dark color like black. There is also some filter to match the given case.
我们可以看到Bad TCP
或OSP State Change
数据包被涂成黑色之类的深色。 还有一些过滤器可以匹配给定的情况。
多平台 (Multi-Platform)
Wireshark is a multi-platform application. We can install Wireshark to the following platform and use most of its features.
Wireshark是一个多平台应用程序。 我们可以将Wireshark安装到以下平台并使用其大多数功能。
- Windows 32 and 64 Bit Windows 32和64位
- Windows PortableWindows便携式
- MacOSXMacOSX
- Linux Linux
- FreeBSD FreeBSD
- Unix Unix系统
VoIP分析(VoIP Analysis)
VoIP is very popular in recent years. Wireshark provides support for VoIP traffic capture and analysis. We can access these features from the Telephony
menu below. The following Protocols and Statistics are supported by Wireshark.
VoIP在最近几年非常流行。 Wireshark为VoIP流量捕获和分析提供支持。 我们可以从下面的“ Telephony
菜单访问这些功能。 Wireshark支持以下协议和统计信息。
- VoIP Calls VoIP通话
- RTPRTP
- RTSP RTSP
- SCTP 计划
- SIP FlowsSIP流程
- SIP StatisticsSIP统计
支持多种捕获格式(Support For A Lot Of Capture Formats)
During live captures captured traffic will be stored in memory but If we want to inspect later or store we need to save it. There are different formats to store captured traffic supported by the Wireshark. Wireshark supports the following capture formats.
在实时捕获期间,捕获的流量将存储在内存中,但是如果我们以后要检查或存储,则需要将其保存。 Wireshark支持使用不同的格式来存储捕获的流量。 Wireshark支持以下捕获格式。
- cap 帽
- pcappcap
- pcapng pcapng
- dmp dmp
- bfr bfr
- snoop 窥探
- trctrc
解密SSL / TLS,WEP和WPA / WPA2等加密协议 (Decryption Of Encryption Protocols Like SSL/TLS, WEP and WPA/WPA2)
Some network protocol like SSL/TLS, WEP, WPA/WPA2 provides encryption for security reasons. In a security assessment or inspection, we may need to see this encrypted traffic in clear text format. We can use Wireshark to encrypt these encrypted traffics by providing the Key, Passphrase, Password, or Certificate.
出于安全原因,某些网络协议(例如SSL / TLS,WEP,WPA / WPA2)提供加密。 在安全评估或检查中,我们可能需要以明文格式查看此加密流量。 我们可以使用Wireshark通过提供密钥,密码短语,密码或证书来加密这些加密的流量。
漂亮的GUI (Pretty GUI)
Wireshark has a very pretty and useful GUI to inspect a ton of captured traffic. We can also customize the given GUI from the Preferences
menu. This will provides us to set the location of the Packet List
, Packet Details
, Packet Bytes
etc.
Wireshark具有非常漂亮且有用的GUI,可以检查大量捕获的流量。 我们还可以从“ Preferences
菜单中自定义给定的GUI。 这将为我们提供设置Packet List
, Packet Details
, Packet Bytes
等的位置。
tshark工具的命令行支持 (Command Line Support with tshark Tool)
Wireshark provides its features with GUI but if we need command line support Wireshark provides tshark
command line tool. We can use all of the GUI features with this tshark
command.
Wireshark通过GUI提供其功能,但是如果需要命令行支持,Wireshark提供tshark
命令行工具。 我们可以使用此tshark
命令使用所有GUI功能。
$ tshark
翻译自: https://www.poftut.com/what-is-wireshark-network-traffic-and-packet-analyzer/