1. What is wireshark?
Wireshark is a very popular network packet analysis software, referred to as "little shark", which is very powerful. Various network packets can be intercepted and detailed information of network packets can be displayed.
Wireshark is open source software and can be used with confidence. Can run on Windows and Mac OS. Correspondingly, the packet capture tool under linux is tcpdump. People who use wireshark must understand the network protocol, otherwise they will not understand wireshark.
2. Common application scenarios of Wireshark
- Network administrators use wireshark to check for network problems
- Software test engineers use wireshark to capture packets to analyze the software they test
- Engineers engaged in socket programming will use wireshark to debug
- Operation and maintenance personnel are used for daily work, emergency response, etc.
In short, wireshark may be used for network-related things.
3. The principle of Wireshark packet capture
Wireshark uses WinPCAP as an interface to directly exchange data packets with the network card.
The environment used by Wireshark is roughly divided into two types, one is the stand-alone environment where the computer is directly connected to the network, and the other is the network environment with more applications, that is, the situation of connecting to a switch.
In the case of "stand-alone", Wireshark directly captures the network traffic of the local network card;
in the case of "switch", Wireshark obtains the network traffic in the LAN through port mirroring, ARP spoofing, etc.
Port mirroring: Use the interface of the switch to forward the network traffic of the LAN to the network card of the designated computer.
ARP spoofing: The switch forwards data according to the MAC address and disguises the MAC addresses of other terminals to obtain the network traffic of the LAN.
4. Wireshark software installation
Software download path:
https://www.wireshark.org/Cracked
version Search online and download
