本文已参与「新人创作礼」活动,一起开启掘金创作之路。
关于
「 Wireshark 」简单的说是一个开源免费的网络数据包分析工具。
特性
「 Wireshark 」has a rich feature set which includes the following:
- Deep inspection of hundreds of protocols, with more being added all the time
- Live capture and offline analysis
- Standard three-pane packet browser
- Multi-platform: Runs on Windows, Linux, macOS, Solaris, FreeBSD, NetBSD, and many others
- Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
- The most powerful display filters in the industry
- Rich VoIP analysis
- Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others
- Capture files compressed with gzip can be decompressed on the fly
- Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM,Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform)
- Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
- Coloring rules can be applied to the packet list for quick, intuitive analysis
- Output can be exported to XML, PostScript®, CSV, or plain text
资源
官网
使用手册
在线浏览版本
单页版 www.wireshark.org/docs/wsug_h…
分页版 www.wireshark.org/docs/wsug_h…
ZIP版本
单页版 www.wireshark.org/download/do…
分页版 www.wireshark.org/download/do…
PDF版本
www.wireshark.org/download/do…
CHM版本
www.wireshark.org/download/do…
命令行手册
www.wireshark.org/docs/man-pa…
主要包括各类命令行工具使用手册,包括 wireshark 、wireshark 捕获和显示过滤器、tshark、dumpcap、capinfos、rawshark、editcap、mergecap、text2pcap、reordercap 等。
显示过滤器参考
www.wireshark.org/docs/dfref/
N多协议及其字段介绍,可以深入想要看到的确切数据包信息。
学习书籍
一般常见推荐的中文书籍,包括以下几本:
Wireshark网络分析实战 第2版
item.jd.com/12471027.ht…
Wireshark数据包分析实战 第3版
item.jd.com/12457473.ht…
product.dangdang.com/25580341.ht…
Wireshark网络分析就这么简单
item.jd.com/11574376.ht…
product.dangdang.com/23597162.ht…
Wireshark网络分析的艺术
item.jd.com/11863992.ht…
product.dangdang.com/23895500.ht…
英文好的同学建议还是看官方使用手册,同时也推荐 Laura Chappell 的几本书,非常经典。包括:《Wireshark Workbook 1》、《Wireshark 101:Essential Skills for Network Analysis》、《Troubleshooting With Wireshark》。
