I-Wireshark iyisicelo samahhala esikuvumela ukuba ubambe kwaye ubukele idatha ehambahamba phambili nakwi-intanethi yakho, unike amandla okubamba phantsi kwaye ufunde iziqulatho zepakethe nganye - ezicutshulweyo ukuhlangabezana neemfuno zakho ezithile. Ngokuqhelekileyo kusetyenziswa ukujongana neengxaki zeenethiwekhi kunye nokuphuhlisa nokuhlola isofthiwe. Umhlaziyi-projekthi womgaqo-projekthi ovulekileyo uyamkelwa ngokubanzi njengemigangatho yoshishino, ukufumana isabelo esilungileyo semibhaso kwiminyaka.
Ekuqaleni eyaziwa ngokuba yi-Ethereal, iWireshark ibonisa umsebenzisi-friendly interface ongabonisa idatha ukusuka kumakhulu eenkqubo ezihlukeneyo kuzo zonke iintlobo ezinkulu zenethiwekhi. Ezi phakethi zedatha zingabonwa ngexesha langempela okanye zihlaziywe ngaphandle kwe-intanethi, kunye neefomathi ezininzi zokubamba / ukulandelela iifayile ezixhaswa ziquka i- CAP kunye ne- ERF . Izixhobo zokudibanisa ukudibanisa kukuvumela ukuba ukhangele iipakethi ezimiselweyo kwiiprogram ezininzi ezidumile ezifana neWEP kunye neWPA / WPA2 .
01 ngo 07
Ukulanda nokufaka iWireshark
IWireshark inokulayishwa ngaphandle kweendleko kwiwebsite yeWireshark Foundation kwiinkqubo zombini ze-MacOS kunye ne-Windows. Ngaphandle kokuba ungumsebenzisi ophambili, kucetyiswa ukuba ulayishe kuphela ukukhululwa okusisigxina. Ngethuba lokulungisa inkqubo (Windows kuphela) kufuneka ukhethe ukufaka kwakhona iWinPcap xa ikhuthazwa, njengoko ibandakanya ilayibrari efunekayo ekubanjweni kwedatha.
Isicelo sifumaneka kwiLuxal kunye nezinye iiplatifomu ezifana ne- Red Hat , iSolaris, ne-FreeBSD. Iibinari ezifunekayo ukuze ezi nkqubo zifumaneke kwizantsi lephepha lokukhupha kwiCandelo lePakethi yePakethi yeThathu.
Unokukhuphela ikhowudi yomthombo weWireshark kule khasi.
02 we-07
Indlela yokuThatha iPakethe yeDatha
Xa uqala uqalise iWireshark isikrini esifanelekileyo esifana nesibonakaliswe ngasentla kufuneka sibonakale, siqulethe uluhlu lwekhonxibelelwano lwenethiwekhi olukhoyo kwisixhobo sakho sangoku. Kulo mzekelo, uya kuqaphela ukuba iintlobo zoxhulumaniso ezilandelayo ziboniswa: Inethiwekhi ye-Bluetooth Network Connection , Ethernet , i- VirtualBox Yomncedisi-kuphela , i- Wi-Fi . Ukuboniswa ngakwesokudla nganye yi-EKG-style line yegrafu emele ukuhamba kwendlela ehambayo kuyo.
Ukuqala ukuthabatha amapakethi, qala ukhethe enye okanye ngaphezulu kwezi nqanki ngokuchofoza ukhetho lwakho kwaye usebenzisa ii Shift okanye Ctrl ukhiye ukuba ungathanda ukurekhoda idatha kwiintanethi ezininzi ngexesha elinye. Xa udidi lokuxhunywa lukhethwa kwiinjongo zokubamba, imvelaphi yayo iya kuthunjulwa kwi-blue okanye igrey. Cofa kwiCopture kwimenyu ephezulu, ehlala phezulu kwi-Wireshark. Xa imenyu ehlayo ibonakala, khetha ukhetho lokuqala.
Unokuqalisa kwakhona ukupakisha iipakethi ngenye yeziqhotho ezilandelayo.
- Ikhibhodi: Cinezela i- Ctrl + E
- Imouse: Ukuqala ukufaka iipakethi kwiinkonzo ezithile, nqakraza kabini igama layo
- Ibar yomthamo: Cofa kwiqhosha le-shark eligqityiweyo, elikude kwicala lasekhohlo lasebar Warshark
Inkqubo yokuthabatha ubomi iya kuqala, ngeenkcukacha zepakethe eziboniswe kwiWeshark window njengoko zibhaliswe. Yenza enye yezenzo ezingezantsi ukuyeka ukuthatha.
- Ikhibhodi: Cinezela i- Ctrl + E
- Ibar yomncedisi: Cofa kwiqhosha elibomvu lokumisa, elikufuphi ngasemva kwefayili yetshobo yebar yeWireshark
03 we-07
Ukujonga nokuhlaziya iPakethe yeZiqulatho
Ngoku ukuba urekhode idatha yechungechunge ixesha lokuba ukhangele iipakethi ezifakiwe. Njengoko kuboniswe kwi-skrini ngasentla, i-interface yolwazi efunyenweyo iqulethe amacandelo amathathu aphezulu: Iipakethe zoluhlu lwepakethi, iipakethe zenkcukacha zepakethe kunye nepakethe yeeteti.
Uluhlu lwePakethe
Iphayibhile yoluhlu lwepakethe, ephezulu phezulu kwefestile, ibonisa zonke iipakethi ezifunyenwe kwifayile yokuthabatha. Iipakethe ngalinye linomqolo walo kunye nenani elihambelanayo elinikezelwe kulo, kunye kunye nale nqaku lwedatha.
- Ixesha: Ixesha lesitampu xa ipakethi ibanjwe iboniswe kule kholomu, kunye nefomathi engagqibekanga ibe yinani lemizuzwana (okanye imizuzwana embalwa) ukususela kule fayile yefayile yokubamba yaqala kuqala. Ukuguqula le fomathi kwizinto ezinokuba luncedo ngakumbi, njengexesha langempela lemini, khetha ikhefu ye-Display Display format ukusuka kwiWireshark's View menu - ephezulu kwintsebenziswano ebalulekileyo.
- Umthombo: Le kholam iqulethe (i-IP okanye enye) apho ipakethi ivela khona.
- Indawo: Indawo yekholam iqulethe idilesi ekuthunyelwa kuyo.
- Iprotocol: Igama lomgaqo-protocol (okt, iTCP) lingafumaneka kule kholomu.
- Ubude: Ubude bepakethe, kwi-bytes, buboniswa kule kholomu.
- Ulwazi: Iinkcukacha ezongezelelweyo malunga nepakethe zichazwe apha. Okukule kholomu kuyahluka kakhulu kuxhomekeke kwizinto ezipakethe.
Xa iphakhethi ikhethwe kwipowuni ephezulu, unokwazi ukubona enye okanye amanqaku amaninzi avela kwikholam yokuqala. Iibhokisi ezivulekileyo kunye / okanye ezivaliweyo, kunye nomgca ongqambileyo, ungabonisa ukuba okanye akukho iphakhethi okanye iqela leepakethi liyinxalenye yengxoxo ephindayo-nangoko kwinethiwekhi. Umgca ogqityiweyo ogqithisiweyo uthetha ukuba ipakethe ayinxalenye yendibano leyo.
Iinkcukacha zePakethe
Inkcazo yeenkcukacha, efunyenwe phakathi, iveza iiprotokholi kunye nemigqaliselo yenkqubo yepakethi ekhethiweyo kwifomathi edibeneyo. Ukongezelela ukwandisa ukhetho ngalunye, ungasebenzisa nezihlungi zeWireshark ngamnye ngokubhekisele kwienkcukacha ezithile kunye nokulandela imifudlana yedatha esekelwe kwindlela yokulandelelana ngokusebenzisa imenyu yenkcazelo yemeko - ifumaneka ngokuchofoza ngokuchanekileyo kwimouse yakho kwinto efunwayo kule phara.
Iipakethe Bytes
Kwiphepha lepaket ye-bytes, ebonisa idatha eluhlaza yepakethe ekhethiweyo kwimbono ye-hexadecimal. Ukulahlwa kwenkunkuma kuqukethe ii-bytes ezili-16 ze-hexadecimal kunye ne-ASCII ye-16 kunye ne-offset data.
Ukukhetha isahlulo esithile sale datha ngokuzenzekelayo kugxininisa icandelo elihambelanayo kwipakethe yeenkcukacha zepakethi kunye nangaphandle koko. Naliphi na i-bytes ezingenakuphrinta kunoko limelelwe ngethuba.
Unokukhetha ukubonisa le datha ngetekisi encinane ngokuchasene ne-hexadecimal ngokuchofoza ngokuchanekileyo naphi na kwifowuni kwaye ukhetha inketho efanelekileyo kwimenyu yomongo.
04 we-07
Ukusebenzisa iiWireshark Filters
Enye yeyona nto ibalulekileyo ebeka kwiWireshark yinkcazelo yayo yokucoca, ngakumbi xa ujongana neefayile ezibalulekileyo ngobukhulu. Ukuthatha iifayile kungasetwa phambi kweqiniso, ufundise iWireshark ukuba irekhode kuphela loo mapaketi ehlangabezana neenqobo zakho ezichaziweyo.
Iifayile nazo zingafakwa kwifayile yokubamba ifakelwe ukuba iipakethi ezithile ziboniswe. Ezi zibizwa ngokuba zizihlungi zokubonisa.
I-Wireshark inikeza inombolo enkulu yezihlungi ezikhethiweyo ngokuzenzekelayo, kukuvumela ukuba unciphise inani leepakethi ezibonakalayo kunye neenkcukacha ezimbalwa okanye ukuchofoza kwe mouse. Ukusebenzisa enye yezihlungi ezikhoyo, faka igama layo kwiSicelo sefayile yokungena kwifayile yokubonisa (esezantsi ngaphantsi kwe-barbar yetshixo yeWireshark) okanye kwiNgenisa kwinqanaba lokungena kwisihlungi (ephakathi kwesikrini sokwamkela).
Kukho iindlela ezininzi zokuphumeza oku. Ukuba sele ulazi igama lecebo lakho lokucoca, mane ulifake kwindawo efanelekileyo. Umzekelo, ukuba ufuna kuphela ukubonisa iipakethi zeTCP uthayipha tcp . Uhlobo lwe-Wireshark oluzenzekelayo luza kubonisa amagama aphakanyisiwe njengoko uqala ukuthayipha, ukwenza kube lula ukufumana i-moniker echanekileyo kwisihlunu ofunayo.
Enye indlela yokukhetha isihlungi kucofa kwi icon-likelike icon efakwe kwicala lasekhohlo kwintsimi yokungena. Oku kuza kubonisa imenyu equle ezinye zezihlungi ezisetyenziswa ngokuqhelekileyo kunye nekhetho lokuLawula amaFayile okanye ukuLawula iifayile zokubonisa . Ukuba ukhetha ukulawula okanye uthayiphe i-interface izakuvela ukuvumela ukuba ungeze, ususe okanye uhlele izihlungi.
Ungakwazi ukufikelela kwizihlungi zangaphambili ezisetyenziswe ngokukhetha utolo oluphantsi, olusezantsi kwicala lokungena, elibonisa uluhlu lokuhlaselwa kwembali.
Emva kokuseta, uthabathe iifayile kuzakusetyenziswa ngokukhawuleza xa uqala ukurekhoda iitrato zenethiwekhi. Ukufaka isihlungi sokubonisa, nangona kunjalo, uzakufuna uklikha kwiqhosha lokunqamla elisekunene elifunyenwe kwicala elide lasekunene kwenkalo yokungena.
05 we-07
Imibala Yemibala
Nangona i-Wireshark ithatha kwaye ibonisa izihlungi zikuvumela ukuba unciphise iipakethi ezirekhodwayo okanye eziboniswe kwisikrini, ukusebenza kwayo kwekolorization kuthatha izinto ezinyathelo ngokuqhubekayo ngokwenza kube lula ukuhlukanisa phakathi kweefayile zeepakethe ezahlukeneyo ngokusekelwe kwi-hue yazo. Isici esilungileyo senza ukuba ufumane ngokukhawuleza iipakethi ezithile ngaphakathi kokusekwa okugcinwe ngumgca wemibala yabo yomqolo kwiphakethe yohlu lwepakethe.
IWireshark iza kunye nemithetho engama-20 engapheliyo imibala ekwakhiwe kuyo; nganye leyo ingalungiswa, ikhutshaziwe okanye isusiwe ukuba unqwenela. Ungongeza kwakhona iifayile ezisekelwe emthunzini omtsha ngokusebenzisa umyalezo wombala wombala, ulungelelaniso kwimenyu yokujonga . Ukongezelela ekuchazeni igama kunye neefayile zokucoca kwimiqathango nganye, ucelwa ukuba udibanise umbala wombala kunye nombala wombhalo.
I-packet colorization inokukhishwa kunye kunye nokukhetha uludwe lwePakethe ye-Colorize , kwakhona kufumaneka kwimenyu yokujonga .
06 we-07
Izibalo
Ukongeza kwenkcazelo enenkcazo malunga nedatha yenethiwekhi yakho eboniswe kwiwindow eyintloko yeWireshark, ezinye iimetriki ezisebenzayo ziyafumaneka ngeMenyu yokuhlahlela yeStatistics efunyenwe phezulu kwesikrini. Ezi ziquka ubungakanani kunye nolwazi lwexesha malunga nefayili yokuthabatha ngokwalo, kunye neentlobo zamatshathi kunye neegrafu ezivela kwisihloko ezivela kwiintetho zokuphazamiseka kwengxoxo ukulayisha ukuhanjiswa kwezicelo ze-HTTP.
Bonisa izihlungi zingasetyenziswa kwiinkalo ezininzi zala manani ngokubambisana kwazo, kwaye iziphumo zingathunyelwa kwiifom zeefayile eziqhelekileyo eziquka i- CSV , i- XML kunye ne-TXT.
07 we-07
Izinto eziPhambili
Nangona siphephe i-Wireshark eyona nto isebenza ngayo kweli nqaku, kukho iqoqo leempawu ezongezelelweyo ezifumanekayo kule sixhobo esinamandla ezigcinwe kubasebenzisi abaphambili. Oku kubandakanya ukukwazi ukubhala iprotocol yakho ye-protocol kwi-program yeLua yolwimi.
Ukufumana ulwazi oluninzi malunga nale miba ephambili, bhekisa kwi-Wireshark yesikhokelo somsebenzisi esisemthethweni.