转自:vonnie
Do you want to be a Wireshark ninja? All the pros know about profiles!
Wireshark profiles are what allow you to switch up the configuration on the fly. You can have one configuration tweaked for network forensics and another configured for latency. You can tune Wireshark to instantly change its behavior with a simple click of the mouse. And it’s the profiles that make this happen! You can different columns, settings and features based on the specific task you’re using Wireshark for.
Let’s check it out.
Any changes made within a profile stay within that profile.
Powering up with Profiles
Let’s say we’re investigating a profile with network latency. Users are complaining that an application is super slow and you need to figure out if the problem is endemic to the PC’s, the network, or the Server. Let’s look how we can create a specialized profile to focus our research.
There are three ways to create profiles in Wireshark
- Select the Edit menu and choose Configuration Profiles at the bottom of the screen
- Press Shift + Ctrl + a
- Click “Profile: Default” in the status bar sitting at the bottom of the Wireshark window
Highlight the existing profile, choose Copy and rename it. Your profile copy includes everything from the from the version you copied but any changes you make in your new profile will stay in your new profile.
So let’s tweak your new profile.
You may have noticed that the Time column displays the number of seconds since the first PDU. To change this go to View, pick Time Display Format and Seconds since previous packet.
You’ll notice the values in the time column have been adjusted to show the delta between the previous packet rather than the first packet.
To switch to your other profile, right click the Profile in the status bar and flip to your other profile.
Notice how the Time column returned to the way it was before! That’s the beauty of profiles.
That’s it.
In the next guide, I’ll show you how to use Wireshark to cure a slow network!
Stay tuned tomorrow.
362
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
