Wireshark introduction and packet capturing principle and process

WireShark Introduction to the principle and process of packet capture

1. WireShark brief introduction

Wireshark Is a network packet analysis software , You can capture and analyze packets , It can run on the current mainstream operating system ：Windows,Linux,macOS. The function of network packet analysis software is to extract network packets , And show the most For detailed network packet information .Wireshark Use WinPCAP As an interface , Data message exchange with network card directly . For safety reasons ,wireshark Only packets can be viewed , You cannot modify the data in the packet , Can't send packets .

2. WireShark Application

Used by network administrators Wireshark To detect network problems , Network security engineers use Wireshark To check information security related problem , Developers use Wireshark To debug the new communication protocol , Ordinary users use Wireshark To learn about network protocols Relevant knowledge . Of course , Some people will “ Harbour evil intent designs ” Use it to find some sensitive information .

3. WireShark Quick packet analysis techniques

（1） determine Wireshark The physical location of . If you don't have a correct position , start-up Wireshark It will take a long time Capture some data irrelevant to yourself .
（2） Select capture interface . Generally, you choose to connect to Internet Network interface , Only in this way can we capture network related data . otherwise , The other data captured will not help you .
（3） Use capture filters . By setting the capture filter , It can avoid generating too large capture data . So users are analyzing data when , It will not be disturbed by other data . and , It can also save users a lot of time .
（4） Use display filters . Capture filters are usually used to filter the data , It's often complicated . In order to filter packets More detailed , Use the display filter to filter .
（5） Use shading rules . The data filtered by the display filter is usually used , Are useful packets . If you want to be more prominent Show a session , You can highlight using shading rules .
（6） Building charts . If users want to see more clearly the changes of data in a network , Using chart form can be very square Easily show the data distribution .
（7） Reorganizing data . When transferring large pictures or files , The information needs to be distributed in multiple packets . You need to use Reorganize the data to capture the complete data .Wireshark Recombination function of , You can reorganize the information of different packets in a session , or It is to reorganize a complete picture or file .