How to use wireshark to get a list of web applications
Asked by: Eric Turner224 viewsITJanuary 26, 2019
How to use wireshark to get a list of web applications
2 Answers
+4Votes
The capture tool Wireshark, is used to obtain network data packets, including network protocol packages such as HTTP, TCP, and UDP.
wireshark
1. Network administrators use wireshark to check for network problems
2. Software test engineers use Wireshark captures the package and analyzes the software it tests.
3. Engineers engaged in socket programming will use wireshark to debug
4. I heard that most engineers of Huawei and ZTE will use To wireshark.
In general, things related to the network may use wireshark.
wireshark starts to capture packets
Start interface
wireshark is a network packet that captures a certain network card on the machine. When you have multiple network cards on your machine, you need to select a network card.
Click Caputre->Interfaces.. The following dialog box appears, select the correct network card. Then click the “Start” button to start capturing packets
Wireshark window introduction
WireShark is mainly divided into several interfaces
1. Display Filter ), for filtering
2. Packet List Pane, showing the captured packet, source address and destination address, port number. The color is different, representing
3. Packet Details Pane, showing the fields in the packet
4. Dissector Pane(hexadecimal data)
5. Miscellanous (address bar, miscellaneous)
Wireshark display filtering
When using wireshark, you will get a lot of redundant information in thousands Even tens of thousands of records make it difficult to find what you need. Made a dizzy turn.
Filters help us quickly find the information we need in a lot of data.
There are two kinds of filters. One is the display filter, which is the one on the main interface. It is used to find the required records in the captured records.
One is capture filtering. Used to filter captured packets to avoid capturing too many records. Set in Capture -> Capture Filters
Save Filter
On the Filter bar, fill in the Filter expression and click the Save button to get a name. For example, “Filter 102”,
has a button for “Filter 102” on the Filter bar.
Rules for filtering expressions
Expression rules
1. Protocol filtering
For example, TCP only displays the TCP protocol.
2. IP Filtering
For example, ip.src ==192.168.1.102 shows the source address is 192.168.1.102,
ip.dst==192.168.1.102 , the target address is 192.168.1.102
3. Port filtering
tcp.port ==80, The port is 80
tcp.srcport == 80, Only the TCP port of the TCP protocol is displayed as 80.
4. Http mode filtering
http.request.method==”GET”, Only the HTTP GET method is displayed.
5. Logical operators are AND/OR
Commonly used filter expressions
Package list is displayed in the panel, number , timestamp, source address, destination address, protocol, length, and packet information. You can see that different protocols are displayed in different colors. Packet List Pane
You can also modify these rules for displaying colors, View -> Coloring Rules.
Package Details (Packet Details Pane)
This panel is our most important to view every field in the protocol.
The information of each line is:
Frame: data frame overview of physical layer
Ethernet II: data link layer Ethernet frame header information
Internet Protocol Version 4: Internet layer IP packet header information
Transmission Control Protocol: Transport Layer T data segment header information Here is the TCP
Hypertext Transfer Protocol: application layer information, here is the HTTP protocol
wireshark and the corresponding OSI seven-layer model
+4Votes
The capture tool Wireshark, is used to obtain network data packets, including network protocol packages such as HTTP, TCP, and UDP.
wireshark
1. Network administrators use wireshark to check for network problems
2. Software test engineers use Wireshark captures the package and analyzes the software it tests.
3. Engineers engaged in socket programming will use wireshark to debug
4. I heard that most engineers of Huawei and ZTE will use To wireshark.
In general, things related to the network may use wireshark.
wireshark starts to capture packets
Start interface
wireshark is a network packet that captures a certain network card on the machine. When you have multiple network cards on your machine, you need to select a network card.
Click Caputre->Interfaces.. The following dialog box appears, select the correct network card. Then click the “Start” button to start capturing packets
Wireshark window introduction
WireShark is mainly divided into several interfaces
1. Display Filter ), for filtering
2. Packet List Pane, showing the captured packet, source address and destination address, port number. The color is different, representing
3. Packet Details Pane, showing the fields in the packet
4. Dissector Pane(hexadecimal data)
5. Miscellanous (address bar, miscellaneous)
Wireshark display filtering
When using wireshark, you will get a lot of redundant information in thousands Even tens of thousands of records make it difficult to find what you need. Made a dizzy turn.
Filters help us quickly find the information we need in a lot of data.
There are two kinds of filters. One is the display filter, which is the one on the main interface. It is used to find the required records in the captured records.
One is capture filtering. Used to filter captured packets to avoid capturing too many records. Set in Capture -> Capture Filters
Save Filter
On the Filter bar, fill in the Filter expression and click the Save button to get a name. For example, “Filter 102”,
has a button for “Filter 102” on the Filter bar.
Rules for filtering expressions
Expression rules
1. Protocol filtering
For example, TCP only displays the TCP protocol.
2. IP Filtering
For example, ip.src ==192.168.1.102 shows the source address is 192.168.1.102,
ip.dst==192.168.1.102 , the target address is 192.168.1.102
3. Port filtering
tcp.port ==80, The port is 80
tcp.srcport == 80, Only the TCP port of the TCP protocol is displayed as 80.
4. Http mode filtering
http.request.method==”GET”, Only the HTTP GET method is displayed.
5. Logical operators are AND/OR
Commonly used filter expressions
Package list is displayed in the panel, number , timestamp, source address, destination address, protocol, length, and packet information. You can see that different protocols are displayed in different colors. Packet List Pane
You can also modify these rules for displaying colors, View -> Coloring Rules.
Package Details (Packet Details Pane)
This panel is our most important to view every field in the protocol.
The information of each line is:
Frame: data frame overview of physical layer
Ethernet II: data link layer Ethernet frame header information
Internet Protocol Version 4: Internet layer IP packet header information
Transmission Control Protocol: Transport Layer T data segment header information Here is the TCP
Hypertext Transfer Protocol: application layer information, here is the HTTP protocol
wireshark and the corresponding OSI seven-layer model
+6Votes
After capturing the package, you can determine