wiresharkÊǷdz£Á÷ÐеÄÍøÂç·â°ü·ÖÎöÈí¼þ£¬¹¦ÄÜÊ®·ÖÇ¿´ó¡£¿ÉÒÔ½ØÈ¡¸÷ÖÖÍøÂç·â°ü£¬ÏÔʾÍøÂç·â°üµÄÏêϸÐÅÏ¢¡£Ê¹ÓÃwiresharkµÄÈ˱ØÐëÁ˽âÍøÂçÐÒ飬·ñÔò¾Í¿´²»¶®wiresharkÁË¡£
ΪÁË°²È«¿¼ÂÇ£¬wiresharkÖ»Äܲ鿴·â°ü£¬¶ø²»ÄÜÐ޸ķâ°üµÄÄÚÈÝ£¬»òÕß·¢ËÍ·â°ü¡£
wiresharkÄÜ»ñÈ¡HTTP£¬Ò²ÄÜ»ñÈ¡HTTPS£¬µ«ÊDz»ÄܽâÃÜHTTPS£¬ËùÒÔwireshark¿´²»¶®HTTPSÖеÄÄÚÈÝ£¬×ܽᣬÈç¹ûÊÇ´¦ÀíHTTP,HTTPS »¹ÊÇÓÃFiddler, ÆäËûÐÒé±ÈÈçTCP,UDP ¾ÍÓÃwireshark.
wireshark ¿ªÊ¼×¥°ü
¿ªÊ¼½çÃæ
wiresharkÊDz¶»ñ»úÆ÷ÉϵÄijһ¿éÍø¿¨µÄÍøÂç°ü£¬µ±ÄãµÄ»úÆ÷ÉÏÓжà¿éÍø¿¨µÄʱºò£¬ÄãÐèҪѡÔñÒ»¸öÍø¿¨¡£
µã»÷Caputre->Interfaces.. ³öÏÖÏÂÃæ¶Ô»°¿ò£¬Ñ¡ÔñÕýÈ·µÄÍø¿¨¡£È»ºóµã»÷"Start"°´Å¥, ¿ªÊ¼×¥°ü
Wireshark ´°¿Ú½éÉÜ
WireShark Ö÷Òª·ÖΪÕ⼸¸ö½çÃæ
1. Display Filter(ÏÔʾ¹ýÂËÆ÷)£¬ ÓÃÓÚ¹ýÂË
2. Packet List Pane(·â°üÁбí)£¬ ÏÔʾ²¶»ñµ½µÄ·â°ü£¬ ÓÐÔ´µØÖ·ºÍÄ¿±êµØÖ·£¬¶Ë¿ÚºÅ¡£ ÑÕÉ«²»Í¬£¬´ú±í
3. Packet Details Pane(·â°üÏêϸÐÅÏ¢), ÏÔʾ·â°üÖеÄ×Ö¶Î
4. Dissector Pane(16½øÖÆÊý¾Ý)
5. Miscellanous(µØÖ·À¸£¬ÔÓÏî)
ʹÓùýÂËÊǷdz£ÖØÒªµÄ£¬ ³õѧÕßʹÓÃwiresharkʱ£¬½«»áµÃµ½´óÁ¿µÄÈßÓàÐÅÏ¢£¬ÔÚ¼¸Ç§ÉõÖÁ¼¸ÍòÌõ¼Ç¼ÖУ¬ÒÔÖÁÓÚºÜÄÑÕÒµ½×Ô¼ºÐèÒªµÄ²¿·Ö¡£¸ãµÃÔÎͷתÏò¡£
¹ýÂËÆ÷»á°ïÖúÎÒÃÇÔÚ´óÁ¿µÄÊý¾ÝÖÐѸËÙÕÒµ½ÎÒÃÇÐèÒªµÄÐÅÏ¢¡£
¹ýÂËÆ÷ÓÐÁ½ÖÖ£¬
Ò»ÖÖÊÇÏÔʾ¹ýÂËÆ÷£¬¾ÍÊÇÖ÷½çÃæÉÏÄǸö£¬ÓÃÀ´ÔÚ²¶»ñµÄ¼Ç¼ÖÐÕÒµ½ËùÐèÒªµÄ¼Ç¼
Ò»ÖÖÊDz¶»ñ¹ýÂËÆ÷£¬ÓÃÀ´¹ýÂ˲¶»ñµÄ·â°ü£¬ÒÔÃⲶ»ñÌ«¶àµÄ¼Ç¼¡£ ÔÚCapture -> Capture Filters ÖÐÉèÖÃ
±£´æ¹ýÂË
ÔÚFilterÀ¸ÉÏ£¬ÌîºÃFilterµÄ±í´ïʽºó£¬µã»÷Save°´Å¥£¬ È¡¸öÃû×Ö¡£±ÈÈç"Filter 102",
FilterÀ¸ÉϾͶàÁ˸ö"Filter 102" µÄ°´Å¥¡£
¹ýÂ˱í´ïʽµÄ¹æÔò
±í´ïʽ¹æÔò
1. ÐÒé¹ýÂË
±ÈÈçTCP£¬Ö»ÏÔʾTCPÐÒé¡£
2. IP ¹ýÂË
±ÈÈç ip.src ==192.168.1.102 ÏÔʾԴµØַΪ192.168.1.102£¬
ip.dst==192.168.1.102, Ä¿±êµØַΪ192.168.1.102
3. ¶Ë¿Ú¹ýÂË
tcp.port ==80, ¶Ë¿ÚΪ80µÄ
tcp.srcport == 80, Ö»ÏÔʾTCPÐÒéµÄÔ¸¶Ë¿ÚΪ80µÄ¡£
4. Httpģʽ¹ýÂË
http.request.method=="GET", Ö»ÏÔʾHTTP GET·½·¨µÄ¡£
5. Âß¼ÔËËã·ûΪ AND/ OR
³£ÓõĹýÂ˱í´ïʽ
¹ýÂ˱í´ïʽ | ÓÃ; |
http | Ö»²é¿´HTTPÐÒéµÄ¼Ç¼ |
ip.src ==192.168.1.102 or ip.dst==192.168.1.102 | Ô´µØÖ·»òÕßÄ¿±êµØÖ·ÊÇ192.168.1.102 |
·â°üÁбí(Packet List Pane)
·â°üÁбíµÄÃæ°åÖÐÏÔʾ£¬±àºÅ£¬Ê±¼ä´Á£¬Ô´µØÖ·£¬Ä¿±êµØÖ·£¬ÐÒ飬³¤¶È£¬ÒÔ¼°·â°üÐÅÏ¢¡£ Äã¿ÉÒÔ¿´µ½²»Í¬µÄÐÒéÓÃÁ˲»Í¬µÄÑÕÉ«ÏÔʾ¡£
ÄãÒ²¿ÉÒÔÐÞ¸ÄÕâЩÏÔʾÑÕÉ«µÄ¹æÔò£¬ View ->Coloring Rules.
·â°üÏêϸÐÅÏ¢ (Packet Details Pane)
Õâ¸öÃæ°åÊÇÎÒÃÇ×îÖØÒªµÄ£¬ÓÃÀ´²é¿´ÐÒéÖеÄÿһ¸ö×ֶΡ£
¸÷ÐÐÐÅÏ¢·Ö±ðΪ
Frame: ÎïÀí²ãµÄÊý¾ÝÖ¡¸Å¿ö
Ethernet II: Êý¾ÝÁ´Â·²ãÒÔÌ«ÍøÖ¡Í·²¿ÐÅÏ¢
Internet Protocol Version 4: »¥ÁªÍø²ãIP°üÍ·²¿ÐÅÏ¢
Transmission Control Protocol: ´«Êä²ãTµÄÊý¾Ý¶ÎÍ·²¿ÐÅÏ¢£¬´Ë´¦ÊÇTCP
Hypertext Transfer Protocol: Ó¦ÓòãµÄÐÅÏ¢£¬´Ë´¦ÊÇHTTPÐÒé
TCP°üµÄ¾ßÌåÄÚÈÝ
´ÓÏÂͼ¿ÉÒÔ¿´µ½wireshark²¶»ñµ½µÄTCP°üÖеÄÿ¸ö×ֶΡ£
¿´µ½Õ⣬ »ù±¾É϶ÔwireshakÓÐÁ˳õ²½Á˽⣬ ÏÖÔÚÎÒÃÇ¿´Ò»¸öTCPÈý´ÎÎÕÊÖµÄʵÀý
Èý´ÎÎÕÊÖ¹ý³ÌΪ
ÕâͼÎÒ¶¼¿´¹ýºÜ¶à±éÁË£¬ Õâ´ÎÎÒÃÇÓÃwiresharkʵ¼Ê·ÖÎöÏÂÈý´ÎÎÕÊֵĹý³Ì¡£
´ò¿ªwireshark, ´ò¿ªä¯ÀÀÆ÷ÊäÈë http://www.cr173.com
ÔÚwiresharkÖÐÊäÈëhttp¹ýÂË£¬ È»ºóÑ¡ÖÐGET /tankxiao HTTP/1.1µÄÄÇÌõ¼Ç¼£¬ÓÒ¼üÈ»ºóµã»÷"Follow TCP Stream",
ÕâÑù×öµÄÄ¿µÄÊÇΪÁ˵õ½Óëä¯ÀÀÆ÷´ò¿ªÍøÕ¾Ïà¹ØµÄÊý¾Ý°ü£¬½«µÃµ½ÈçÏÂͼ
ͼÖпÉÒÔ¿´µ½wireshark½Ø»ñµ½ÁËÈý´ÎÎÕÊÖµÄÈý¸öÊý¾Ý°ü¡£µÚËĸö°ü²ÅÊÇHTTPµÄ£¬ Õâ˵Ã÷HTTPµÄÈ·ÊÇʹÓÃTCP½¨Á¢Á¬½ÓµÄ¡£
µÚÒ»´ÎÎÕÊÖÊý¾Ý°ü
¿Í»§¶Ë·¢ËÍÒ»¸öTCP£¬±ê־λΪSYN£¬ÐòÁкÅΪ0£¬ ´ú±í¿Í»§¶ËÇëÇó½¨Á¢Á¬½Ó¡£ ÈçÏÂͼ
µÚ¶þ´ÎÎÕÊÖµÄÊý¾Ý°ü
·þÎñÆ÷·¢»ØÈ·ÈÏ°ü, ±ê־λΪ SYN,ACK. ½«È·ÈÏÐòºÅ(Acknowledgement Number)ÉèÖÃΪ¿Í»§µÄI S N¼Ó1ÒÔ.¼´0+1=1, ÈçÏÂͼ
µÚÈý´ÎÎÕÊÖµÄÊý¾Ý°ü
¿Í»§¶ËÔٴη¢ËÍÈ·ÈÏ°ü(ACK) SYN±ê־λΪ0,ACK±ê־λΪ1.²¢ÇÒ°Ñ·þÎñÆ÷·¢À´ACKµÄÐòºÅ×Ö¶Î+1,·ÅÔÚÈ·¶¨×Ö¶ÎÖз¢Ë͸ø¶Ô·½.²¢ÇÒÔÚÊý¾Ý¶Î·ÅдISNµÄ+1, ÈçÏÂͼ:
¾ÍÕâÑùͨ¹ýÁËTCPÈý´ÎÎÕÊÖ£¬½¨Á¢ÁËÁ¬½Ó