Wireshark抓包工具的使用

妖狐艹你老母 2024-04-21 19:29 88阅读 0赞

WireShark是非常流行的网络封包分析工具，可以截取各种网络数据包，并显示数据包详细信息。常用于开发测试过程中各种问题定位。本文主要内容包括：  
1、Wireshark软件下载和安装以及Wireshark主界面介绍。

2、WireShark简单抓包示例。通过该例子学会怎么抓包以及如何简单查看分析数据包内容。

3、Wireshark过滤器使用。通过过滤器可以筛选出想要分析的内容。包括按照协议过滤、端口和主机名过滤、数据包内容过滤。

安装

[线鲨 ·深入 (wireshark.org)][_ _wireshark.org]

![b5bddf5d221a42c291efb49e58c8b4cc.png][]

设置抓包过滤器

![30bc2309a4c347e39a40bf0a4045bc4b.png][]

参数示例

![afb91869f40d493481b62cc5c3d22477.png][]

捕获数据

![2a833f5dedee4258bd74fb52c3f779a7.png][]

![b53c07f4b0394d9e8ae6979fde779099.png][]

展示过滤

![d9f33382c6664ced9132a1997e642771.png][]

在这里输入过滤条件，结合图形界面输入要筛选的协议.....

![b941c6fbbaef4692abbf6413fcc5110c.png][]

![1f2eaf9c4d7a41d2a0e724f56987651f.png][]

其他设置

抓包文件的存储地址

![b6f4a61acbb241fe9754e6fbab91627a.png][]

![286c6644e2e24264b5dae63ead78fa19.png][]

设置抓包停止条件

![ed0e95dd25344b0a8b0aa3ce56557d69.png][]

![fc12a39b1313474cbcae08752a1202ed.png][]

![25f0b1ede9c741c4a71553ca5eb3ff4b.png][]

![7f12f8b64c694dc0b52e848de88fb217.png][]

处理分析出来的数据

打标

右键数据，标记

![1904b1f8d5f240cf8a661647d9f3a8fc.png][]

时间参考和注释

右键本条数据设置成时间参考则下边的数据就显示出和当前条数据相差的时间

将当前数据设置注释后再下边会多出来一栏

![25ae461b19ab4261a376b62d2733c66c.png][]

![fd4a8d9cda7d422d82242ef7c565072d.png][]

![85e2fabd31cb43a2a7baedd8b6abed39.png][]

将第二栏添加为列，有符合数据时为yes，没有的时候为no

![41146491768244b5aa086bfe6e9ed7fb.png][]

在过滤器顶端选中后自动生成过滤条件表达式（第二栏的过滤信息更详细一些）

![74aaa2bde7b04fa8b1257334a8296a94.png][]

注：被\[ \]标注起来的数据并不是抓取到的真实数据，而是wireshark的数据不用管

协助生成防火墙规则

![784f809fa12544f4a9d8213c7d4eabbf.png][]

异常信息展示

![e3da13d6bd694fdbb09a9e8c56f36be7.png][]

管理首页自己添加的过滤规则

![3521c54518a3469c847c35b56105f4c7.png][]

数据流追踪（例如get请求，抓到账号登信息）

![5f0d171288624dfa8671216edee50ee2.png][]

红色部分是我们得到的访问信息（访问的网址、用的什么浏览器），蓝色部分是访问网络界面数据信息

![bd9e856d2c0d426b8c6e565c30a9182c.png][]

协议分级，查看各类协议下包所占比例

![1fd686e5d27f430db4c0cae197376df4.png][]

网络会话统计

![c2a5091af0c04b87b2cc54930fe13b0c.png][]

数据包长度，可根据筛选条件

![0a5779e4f83841d687232893cde838d6.png][]

IO图标统计

![8e3ccddaa332431f94c7c2e9d46620de.png][]

![e7c8a45c46a645a1a5c6d693c42c50e0.png][]

[_ _wireshark.org]: https://www.wireshark.org/
[b5bddf5d221a42c291efb49e58c8b4cc.png]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/21/839071e49c6544839a7a40fee4c54cbb.png
[30bc2309a4c347e39a40bf0a4045bc4b.png]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/21/241c6732f6bf439db66448da3998ea5e.png
[afb91869f40d493481b62cc5c3d22477.png]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/21/5125716c408e461bb4905b06baf5e929.png
[2a833f5dedee4258bd74fb52c3f779a7.png]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/21/93a1c23ced824e6583756e318c60d6d4.png
[b53c07f4b0394d9e8ae6979fde779099.png]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/21/e87f77bf08c24cceae072ef4440edfa2.png
[d9f33382c6664ced9132a1997e642771.png]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/21/71a445841cc84b85b3def45812c33f68.png
[b941c6fbbaef4692abbf6413fcc5110c.png]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/21/e151e08be08148f3ae48013918ede5ea.png
[1f2eaf9c4d7a41d2a0e724f56987651f.png]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/21/a142532e82094ef7807b15b0efedadbe.png
[b6f4a61acbb241fe9754e6fbab91627a.png]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/21/267b2a5b75d64981a736e3d279733867.png
[286c6644e2e24264b5dae63ead78fa19.png]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/21/b2d683e980634b93b150974faf87c958.png
[ed0e95dd25344b0a8b0aa3ce56557d69.png]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/21/50223c24a48e4b86b048aae8287dd38c.png
[fc12a39b1313474cbcae08752a1202ed.png]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/21/c9c0ca1c1fe346278f5830a6c82364b8.png
[25f0b1ede9c741c4a71553ca5eb3ff4b.png]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/21/bfae59703fba48dbac80cb8942f37008.png
[7f12f8b64c694dc0b52e848de88fb217.png]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/21/81b6b7577a8d447cbd059cd81d7162fb.png
[1904b1f8d5f240cf8a661647d9f3a8fc.png]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/21/b6cb2845d9cf4c6781a50c89f1c1cdff.png
[25ae461b19ab4261a376b62d2733c66c.png]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/21/b2227786d9e54209a6b1ef1e320f98df.png
[fd4a8d9cda7d422d82242ef7c565072d.png]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/21/5054502f0af74d53bcfc7a94fbb2af0b.png
[85e2fabd31cb43a2a7baedd8b6abed39.png]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/21/d76b7918f1d747d8893a1051eb24c04a.png
[41146491768244b5aa086bfe6e9ed7fb.png]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/21/c82ebc08de604c6f8656c1297346fa38.png
[74aaa2bde7b04fa8b1257334a8296a94.png]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/21/5bb486f59436400798412c61da179f58.png
[784f809fa12544f4a9d8213c7d4eabbf.png]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/21/56fb3a05fcb64773b830c87f680b47de.png
[e3da13d6bd694fdbb09a9e8c56f36be7.png]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/21/4f35e1ef40a740ef958d6e8021ccc006.png
[3521c54518a3469c847c35b56105f4c7.png]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/21/6291a4548b1f4375acdf7df2a4d51a5c.png
[5f0d171288624dfa8671216edee50ee2.png]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/21/c7f1a0462431460b9613d2975dd77dd8.png
[bd9e856d2c0d426b8c6e565c30a9182c.png]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/21/ec10425fd3d54659876d5ee34b76d38d.png
[1fd686e5d27f430db4c0cae197376df4.png]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/21/59b1a9f518e44ac18f5cd69d528861f3.png
[c2a5091af0c04b87b2cc54930fe13b0c.png]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/21/b9a31baf93c44085a41674d724ca66f0.png
[0a5779e4f83841d687232893cde838d6.png]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/21/c6b19b7ab42b4ac3ab9f082ac99e37ba.png
[8e3ccddaa332431f94c7c2e9d46620de.png]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/21/aa5f65def9b74cba826cc3cab2b9d1bd.png
[e7c8a45c46a645a1a5c6d693c42c50e0.png]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/21/8b0f6fa39000475192b0ef3f56a11db5.png