什么是Wireshark网络流量和数据包分析器？

最新推荐文章于 2024-08-03 21:32:06 发布

cunjiu9486

最新推荐文章于 2024-08-03 21:32:06 发布

阅读量900

点赞数 1

文章标签：网络网络协议 linux python java

原文链接：https://www.poftut.com/what-is-wireshark-network-traffic-and-packet-analyzer/

版权

Wireshark是一款强大的网络流量捕获和分析工具，适用于网络管理员和安全专家，用于实时捕捉、过滤网络流量、进行网络检查。它支持多种接口类型和协议，如Ethernet、WiFi、USB，并能解密SSL/TLS等加密协议。Wireshark还提供美观的GUI、命令行工具tshark，以及多平台支持，助力网络故障排查和安全审计。

摘要由CSDN通过智能技术生成

Wireshark is a tool used to capture and analyze network traffic. Wireshark mainly used by network administrators and security professionals in order to inspect networks and find security vulnerabilities or malware behaviors.

Wireshark是用于捕获和分析网络流量的工具。 Wireshark主要由网络管理员和安全专业人员使用，以检查网络并查找安全漏洞或恶意软件行为。

实时捕捉 (Live Capture)

Wireshark can capture network traffic of the given interface. Wireshark supports different interface types and protocols. Here is a list of interface types supported by Wireshark

Wireshark可以捕获给定接口的网络流量。 Wireshark支持不同的接口类型和协议。这是Wireshark支持的接口类型的列表

Ethernet
乙太网路
Wifi 802.11
无线802.11
USB
USB

Wireshark supports a lot of different protocols. But listing them here is unfeasible we will only list most popular of them.

Wireshark支持许多不同的协议。但是在这里列出它们是不可行的，我们只会列出其中最受欢迎的。

USB 2.0,3.0
USB 2.0、3.0
Ethernet
乙太网路
WiFi
无线上网
Wimax
Wimax
IRDA
IRDA

Wireshark can capture the given traffic of the interface or protocol lively. We can filter and get detailed information about the given traffic or packet like below.

Wireshark可以生动地捕获接口或协议的给定流量。我们可以过滤并获取有关给定流量或数据包的详细信息，如下所示。

网络检查(Network Inspection)

Wireshark is mainly designed to be a network capture or inspection tool. The inspection of features of the Wireshark is very advanced. We can list all captured data in a structured format like below. All captured packets are numbered and inspected one by one. We can see below Packet 1754 data and information provided in an easy to read way. We can get information about Frame, Ethernet, IP, UDP, and DNS.

Wireshark主要设计为网络捕获或检查工具。 Wireshark的功能检查非常先进。我们可以按照以下结构化格式列出所有捕获的数据。对所有捕获的数据包进行编号和检查。我们可以在下面看到以易于阅读的方式提供的Packet 1754数据和信息。我们可以获得有关帧，以太网，IP，UDP和DNS的信息。

过滤网络流量(Filter Network Traffic)

We can also filter given traffic according to our parameters. We can filter on according to the following parameters.

我们还可以根据参数过滤给定的流量。我们可以根据以下参数进行过滤。

Ethernet and options
以太网和选件
IP and options
IP和选项
IP Address
IP地址
Source IP Address
源IP地址
Destination IP Address
目的IP地址
TCP and options
TCP和选项
UDP and options
UDP和选项
TCP Session
TCP会话

We can filter by using the expression box with the related parameter. In the following screenshot, we will filter only DNS traffic for inspection. We will just put dns to the expression box.

我们可以使用带有相关参数的表达式框进行过滤。在以下屏幕截图中，我们将仅过滤DNS流量进行检查。我们将dns放到表达式框中。

网络和捕获统计 (Network and Capture Statistics)

During the end of the capture, we can get a network and capture statistics. Statistics provide a lot of information for different protocols. We can use the Statistics menu which provides End Point, PAckaet Length, Protocol Hierarchy, DNS, TCP, HTTP related statistics. Here we see the Conversation Statistics about protocols. We can see the IP source and destination endpoints with traffic size.

在捕获的最后，我们可以获取网络并捕获统计信息。统计信息为不同的协议提供了大量信息。我们可以使用Statistics菜单来提供端点，PAckaet长度，协议层次结构，DNS，TCP，HTTP相关统计信息。在这里，我们看到有关协议的会话统计信息。我们可以看到IP源和目标端点的流量大小。

颜色规则(Color Rules)

While analyzing packets we have to make the analyzing job easier with coloring. There will be a lot of packets where it will be very hard to read and track them one by one. We can colorize the packets according to their types of situations. Wireshark provides 20colors for different packet protocols and cases. New color rules can be added.

在分析数据包时，我们必须通过着色使分析工作更容易。将会有很多数据包，很难一一读取和跟踪它们。我们可以根据情况的不同对数据包进行着色。 Wireshark为不同的数据包协议和案例提供20种颜色。可以添加新的颜色规则。

We can see that Bad TCP or OSP State Change packets are colored with a dark color like black. There is also some filter to match the given case.

我们可以看到Bad TCP或OSP State Change数据包被涂成黑色之类的深色。还有一些过滤器可以匹配给定的情况。

LEARN MORE What is Address Resolution Protocol (ARP) and How It Works?

了解更多什么是地址解析协议(ARP)及其工作原理？

多平台 (Multi-Platform)

Wireshark is a multi-platform application. We can install Wireshark to the following platform and use most of its features.

Wireshark是一个多平台应用程序。我们可以将Wireshark安装到以下平台并使用其大多数功能。

Windows 32 and 64 Bit
Windows 32和64位
Windows Portable
Windows便携式
MacOSX
MacOSX
Linux
Linux
FreeBSD
FreeBSD
Unix
Unix系统

VoIP分析(VoIP Analysis)

VoIP is very popular in recent years. Wireshark provides support for VoIP traffic capture and analysis. We can access these features from the Telephony menu below. The following Protocols and Statistics are supported by Wireshark.

VoIP在最近几年非常流行。 Wireshark为VoIP流量捕获和分析提供支持。我们可以从下面的“ Telephony菜单访问这些功能。 Wireshark支持以下协议和统计信息。

VoIP Calls
VoIP通话
RTP
RTP
RTSP
RTSP
SCTP
计划
SIP Flows
SIP流程
SIP Statistics
SIP统计

支持多种捕获格式(Support For A Lot Of Capture Formats)

During live captures captured traffic will be stored in memory but If we want to inspect later or store we need to save it. There are different formats to store captured traffic supported by the Wireshark. Wireshark supports the following capture formats.

在实时捕获期间，捕获的流量将存储在内存中，但是如果我们以后要检查或存储，则需要将其保存。 Wireshark支持使用不同的格式来存储捕获的流量。 Wireshark支持以下捕获格式。

cap
帽
pcap
pcap
pcapng
pcapng
dmp
dmp
bfr
bfr
snoop
窥探
trc
trc

解密SSL / TLS，WEP和WPA / WPA2等加密协议 (Decryption Of Encryption Protocols Like SSL/TLS, WEP and WPA/WPA2)

Some network protocol like SSL/TLS, WEP, WPA/WPA2 provides encryption for security reasons. In a security assessment or inspection, we may need to see this encrypted traffic in clear text format. We can use Wireshark to encrypt these encrypted traffics by providing the Key, Passphrase, Password, or Certificate.

出于安全原因，某些网络协议(例如SSL / TLS，WEP，WPA / WPA2)提供加密。在安全评估或检查中，我们可能需要以明文格式查看此加密流量。我们可以使用Wireshark通过提供密钥，密码短语，密码或证书来加密这些加密的流量。

漂亮的GUI (Pretty GUI)

Wireshark has a very pretty and useful GUI to inspect a ton of captured traffic. We can also customize the given GUI from the Preferences menu. This will provides us to set the location of the Packet List, Packet Details, Packet Bytes etc.

Wireshark具有非常漂亮且有用的GUI，可以检查大量捕获的流量。我们还可以从“ Preferences菜单中自定义给定的GUI。这将为我们提供设置Packet List ， Packet Details ， Packet Bytes等的位置。

tshark工具的命令行支持 (Command Line Support with tshark Tool)

Wireshark provides its features with GUI but if we need command line support Wireshark provides tshark command line tool. We can use all of the GUI features with this tshark command.

Wireshark通过GUI提供其功能，但是如果需要命令行支持，Wireshark提供tshark命令行工具。我们可以使用此tshark命令使用所有GUI功能。