
Wireshark 数据包分析实战(笔记)
一、数据包分析基础.........................................................................................................................5
1、数据包分析...........................................................................................................................5
2、目标....................................................................................................................................... 5
3、软件....................................................................................................................................... 5
4、协议....................................................................................................................................... 5
5、数据封装...............................................................................................................................5
6、网络硬件...............................................................................................................................6
7、流量分类...............................................................................................................................6
(1)广播流量...................................................................................................................6
(2)多播流量...................................................................................................................6
(3)单播流量...................................................................................................................6
二、监听网络线路.............................................................................................................................6
1、关键决策...............................................................................................................................6
2、混杂模式...............................................................................................................................7
3、集线器嗅探方式...................................................................................................................7
4、交换机嗅探方式...................................................................................................................7
(1)端口镜像...................................................................................................................7
(2)集线器输出.......................................................................................................................8
(3)网络分流器...............................................................................................................8
(4)ARP 欺骗..................................................................................................................9
5、路由器嗅探方式.................................................................................................................13
三、Wireshark 基础用法................................................................................................................. 14
1、查找:Ctrl+F...................................................................................................................... 14
2、标记:Ctrl+M 或 右键菜单.............................................................................................14
3、时间显示格式.....................................................................................................................15
4、相对时间:Ctrl+T..............................................................................................................15
5、捕获选项:Ctrl+K............................................................................................................. 16
6、名字解析.............................................................................................................................17
(1)类型.........................................................................................................................17
(2)弊端.........................................................................................................................17
7、协议解析.............................................................................................................................17
8、过滤器.................................................................................................................................18
(1)过滤器 BPF 语法....................................................................................................18
(2)显示过滤器.............................................................................................................19
(3)比较操作符.............................................................................................................19
(4)逻辑操作符.............................................................................................................19
(5)过滤器举例.............................................................................................................20
四、流量分析和图形化功能...........................................................................................................20
1、网络端点.............................................................................................................................20
2、网络会话.............................................................................................................................21
数据包捕获文件下载地址:http://netsec.ccert.edu.cn/hacking/book/