How to do an introduction to Wireshark

Anyone who studies the Internet must be familiar with Wireshark, but I only knew how to use Wireshark before, and the technical level was very shallow. In the 2015 information security management and assessment national competition test questions, high requirements were placed on the use of Wireshark. In addition, there is a foreign network security tool ranking list (http://sectools.org/), which includes: 125 security tools, among which Wireshark ranks first on the list. All of this prompted the determination to systematically learn Wireshark and use it as the next blog topic after DVWA.

Wireshark is currently the most widely used open source packet capture software. Its predecessor was Ethereal, written by Gerald Combs and released under the GPL open source license in 1998. Remember the GNU project mentioned when you were learning Linux, right? GPL is the core protocol of GNU. All software that follows this protocol must be open source and free. This should be the main reason why Wireshark can develop rapidly and remain at the top of the Sectools rankings for a long time.

The core function of Wireshark is to capture network data packets and display the detailed information in the data packets as much as possible. The underlying layer requires Winpcap support. Its basic working principle is: when the network card on the computer receives a data frame, it will check whether the destination MAC of the data frame and the MAC address of the network card are the same. If they are different, the frame is discarded. If they are the same, the frame is received and handed over to the upper layer for processing. For broadcast frames or multicast frames, the network card will also receive them, but under normal circumstances, these frames will be discarded. When Wireshark is started on the computer, the network card will be set to promiscuous mode. At this time, as long as the data frame can reach the network card, regardless of whether the destination MAC of the frame is the same as the MAC address of the network card, the network card will receive all the frames and hand them over to Wireshark for processing.

Wireshark has a wide range of applications. If you are a network engineer, you can use Wireshark to locate and troubleshoot network faults; if you are a security engineer, you can use Wireshark to quickly locate the network *** and find out the source of the attack; if you are * ** or software engineers can analyze the underlying communication mechanism and so on through Wireshark.

The official website of Wireshark is https://www.wireshark.org/, you can download the corresponding version according to your needs.

#The installation process of Wireshark is very simple, just click the next button. Wireshark relies on Winpcap to work. If the computer has not installed WinPcap software, the installation program will ask to install Winpcap. Just click the next button.

After Wireshark is running, select the network card to be monitored in the Capture module, and then click Start to start capturing packets.

Click the Stop button in the toolbar to terminate the packet capture, and then you can choose to save the captured data packets so that they can be opened for analysis at any time in the future, or sent Help others analyze.

Starting from the latest version 2.0, Wireshark can perfectly support Chinese, making it more convenient to use.

The above is the detailed content of How to do an introduction to Wireshark. For more information, please follow other related articles on the PHP Chinese website!