As a software test engineer, you must often use various packet capture tools to aid testing in your work, such as the browser’s built-in packet capture tool-F12, which is convenient and fast;
For example, the very popular Fiddler tool is used for packet capture analysis in various scenarios of web and APP testing.
However, the packet capture tool I want to share with you today, called Wireshark, is a packet capture tool that focuses on network packet analysis and has its own characteristics and advantages compared to other packet capture software.
1. Download the installation package
Go to the official website of Wireshark and download the installation package of this tool:
https://www.wireshark.org/download.html
Two, installation
Choose to create a desktop shortcut.
Then, install next all the way, and finally restart the computer, you can install successfully!
Three, run the software
After the installation is complete, find the desktop shortcut of this file
Double-click to open the running software
Open it to see the interface as shown above. Let's get to know the basic interface of this software.
1. Wireshark is a tool based on interface capture.
If there are multiple network interfaces on the host computer, you can click the button labeled 1 to select the corresponding network interface to capture the corresponding message. 
The above is the list of all interfaces that appears when you click button 1. Generally, select your own Internet interface or the interface through which the traffic you care about passes, and then click the'start' button to start packet capture.
2. In addition to the above method to start packet capture, you can also start packet capture by pressing the 2 area + 3 button.
In area 2, you can also see all the network interfaces. You can also select the interface you need to grab, and then click button 3 to start grabbing packets.
#### Capture
After the above operations, the Wireshark tool has started to capture messages. At this time, use a browser to access the web page you are testing, and all interactive messages will be captured, as shown in the figure below.
First of all, let's get to know some common functions at the top of the page.
Area 1 indicates that the current tool is capturing packets while capturing packets; area 2 has two buttons, the red button indicates to stop capturing packets, click to stop capturing; the green button indicates to re-capture packets, After clicking, it will prompt whether to save:
Choose to save or not save the message according to your needs, and then the tool will clear the previous message and start capturing again; area 3 is to filter the messages that users care about, and there are certain filtering rules. Let's list some commonly used filtering methods.
1) Filter source IP and destination IP:
Enter the filter conditions in the Filter box of wireshark.
For example, to find a packet with a destination address of 120.24.89.47, ip.dst==120.24.89.47; to find a packet with a source address of 192.168.1.37, ip.src==192.168.1.37.
2) Port filtering:
For example, to filter port 80, enter it in Filter, tcp.port==80, this rule is to filter out both the source port and destination port of 80.
Use tcp.dstport==80 to filter only packets whose destination port is 80, and tcp.srcport==80 to filter only packets whose source port is 80.
3) Protocol filtering:
It's relatively simple, just enter the protocol name directly in the Filter box, such as filtering HTTP protocol, TCP protocol and so on. HTTP mode filtering.
For example, filter the get package, http.request.method=="GET", filter the post package, http.request.method=="POST".
4) The use of the connector and.
When filtering two conditions, use and connection, such as filtering ip is 192.168.1.37 and it is tcp protocol, ip.src==192.168.1.37 and tcp.
Four, message analysis
After grabbing and filtering out the corresponding messages, we can begin detailed message analysis.
Double-click one of the messages to open the detailed content of this message, as shown in the figure below:
The first layer Frame I: the physical layer in the TCP/IP protocol stack
The second layer of Ethernet II: The data link layer in the TCP/IP protocol stack, that is, the source and destination MAC addresses of the actual network card, is used for Layer 2 forwarding based on this part of the information;
The third layer Internet Protocol: The network layer in the TCP/IP protocol stack invented the IP protocol, so the message will carry the source and destination IP addresses at this layer.
The fourth layer Transmission Control Protocol: The transmission layer in the TCP/IP protocol stack defines the TCP protocol and UDP protocol, as well as the concept of ports. Therefore, in this layer of Ann blog, will bring the source and destination ports of the protocol.
Five, summary
The above is the basic usage of Wireshark, a packet capture tool. Later I will publish a series of articles to analyze in detail some of the more commonly used protocols in your work to help you locate and analyze the problems in the testing work!
Recommend a software testing learning exchange group: 785128166, there are shared videos, interview guidance, test materials, mind maps, and videos in the group. They are all dry goods, you can download and watch. Mainly share test foundation, interface test, performance test, automated test, TestOps architecture, Jmeter, LoadRunner, Fiddler, MySql, Linux, resume optimization, interview skills, and actual video data of large-scale test projects. Use every minute and every second of your time to learn to improve yourself, and don't use "no time" to conceal your mental laziness! Try hard while you are young, and give your future self an explanation!
Public number: Programmer Erhei, after paying attention, you can receive a large amount of learning materials for free.
Good things should be shared with friends