Welcome Guest.


How to use wireshark to get a list of web applications

Asked by: Eric Turner 224 views IT January 26, 2019

How to use wireshark to get a list of web applications

2 Answers

  1. +4Votes  

    The capture tool Wireshark,  is used to obtain network data packets, including network protocol packages such as HTTP, TCP, and UDP.


    1. Network administrators use wireshark to check for network problems

    2. Software test engineers use Wireshark captures the package and analyzes the software it tests.

    3. Engineers engaged in socket programming will use wireshark to debug

    4. I heard that most engineers of Huawei and ZTE will use To wireshark.

    In general, things related to the network may use wireshark.

    wireshark starts to capture packets

    Start interface

    wireshark is a network packet that captures a certain network card on the machine. When you have multiple network cards on your machine, you need to select a network card.

    Click Caputre->Interfaces.. The following dialog box appears, select the correct network card. Then click the “Start” button to start capturing packets

    Wireshark window introduction

    WireShark is mainly divided into several interfaces

    1. Display Filter ),  for filtering

    2. Packet List Pane, showing the captured packet, source address and destination address, port number. The color is different, representing

    3. Packet Details Pane, showing the fields in the packet

    4. Dissector Pane(hexadecimal data)

    5. Miscellanous (address bar, miscellaneous)

    Wireshark display filtering

    When using wireshark, you will get a lot of redundant information in thousands Even tens of thousands of records make it difficult to find what you need. Made a dizzy turn.

    Filters help us quickly find the information we need in a lot of data.

    There are two kinds of filters. One is the display filter, which is the one on the main interface. It is used to find the required records in the captured records.

    One is capture filtering. Used to filter captured packets to avoid capturing too many records. Set in Capture -> Capture Filters

    Save Filter

    On the Filter bar, fill in the Filter expression and click the Save button to get a name. For example, “Filter 102”,

    has a button for “Filter 102” on the Filter bar.

    Rules for filtering expressions

    Expression rules

    1. Protocol filtering

    For example, TCP only displays the TCP protocol.

    2. IP Filtering

    For example, ip.src == shows the source address is,

    ip.dst== , the target address is

    3. Port filtering

    tcp.port ==80,  The port is 80

    tcp.srcport == 80,  Only the TCP port of the TCP protocol is displayed as 80.

    4. Http mode filtering

    http.request.method==”GET”,   Only the HTTP GET method is displayed.

    5. Logical operators are AND/OR

    Commonly used filter expressions

    Package list is displayed in the panel, number , timestamp, source address, destination address, protocol, length, and packet information. You can see that different protocols are displayed in different colors. Packet List Pane

    You can also modify these rules for displaying colors,  View -> Coloring Rules.

    Package Details (Packet Details Pane)

    This panel is our most important to view every field in the protocol.

    The information of each line is:

    Frame:   data frame overview of physical layer

    Ethernet II: data link layer Ethernet frame header information

    Internet Protocol Version 4: Internet layer IP packet header information

    Transmission Control Protocol:  Transport Layer T data segment header information Here is the TCP

    Hypertext Transfer Protocol:  application layer information, here is the HTTP protocol

    wireshark and the corresponding OSI seven-layer model

    Stephanie Edwards- January 27, 2019 |

  2. +6Votes  

    After capturing the package, you can determine

    Brown- January 27, 2019 |