Wireshark capture notes

Others 2020-04-19 10:25:37 views: null

Wireshark overview

Wireshark is a network packet analysis tool. Its main role is to try to capture network packets and try to display as detailed a packet as possible. Wireshark's main applications are: detecting network problems, security risks, protocol implementation, and learning network protocols.

Wireshark official download address

Article Directory

Tcp message capture notes

Open wireshark, in the filter (filter bar), enter http filtering, after filtering, only display the http protocol packets.
Insert picture description here
Open the browser, enter: 117.29.161.242:2018 a server ip + port number in the search field, and press Enter to access the IP.
To get http filtered information, choose: 549 Get / extjs ... HTTP / 1.1 this record, right-click and then click "Follow TCP Stream",
Insert picture description here
this is to open the browser-related data packets, you can see from the figure that wireshark intercepted TCP three-way handshake packet,
Insert picture description here

Ping message to grab study notes

Open wireshark and enter "ip.dst == 14.215.177.38" in the filter (filter bar). After filtering, only 14.215.177.39 messages are displayed. This ip is the Baidu server ip.
Insert picture description here

ICMP packet learning

Through ping ip, click the ICMP request packet in the ICMP data packet captured by wireshark, you can see the ICMP request packet format, ICMP message type, ICMP message code, check, ICMP data part.
Insert picture description here
ICMP response message, you can see the message type and code. The ICMP message defines the format of the response message and the error report message.
Insert picture description here
ICMP common message types and codes
Insert picture description here

ARP packet capture study notes

The communication on the 192.168.8.0 network segment was disconnected. The laptop was connected to the switch, and the IP was changed to the IP of the 8 network segment: 192.168.8.177. Using wireshark to capture the packet display, after access, the entire network sent ARP broadcast packets, but the gateway did not respond.
ARP broadcast packets are sent by hosts on the entire network, and each port can receive the packets. Broadcast storms will cause network communication to be interrupted.
Insert picture description here
Check the port lights of the switch, and finally find that there is a port light flashing crazy. After unplugging, the network connection is normal.

Analysis of STP message study notes

Under normal circumstances, the host cannot receive stp packets until it is normal. It can receive stp packets, indicating that no edge port is configured on the network. Configuring edge ports can speed up stp convergence.
Insert picture description here

Precise positioning (under chance to try)

Extraordinary
Published 41 original articles · praised 65 · 20,000+ views
Private letter concerns

Guess you like

Origin blog.csdn.net/qq_39689711/article/details/102968511
Recommended
Ranking
A quick primer on numpy basics
Two sister tease python project
Java | Multiple keywords in the replacement content are returned to the front end in red style
C ++: references
The string leetcood 1018 is a binary prefix divisible by 5
Flutter 布局组件
Java combat spingboot-redis
PMP pre-exam sprint and wrong questions sorting
ActiveMq C# Message Features: Delayed and Timed Message Delivery
DSP28377S_ copy a program from the RAM to FLASH portion DETAILS
Daily
More
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)

Code World

© 2018 codetd.com