Wireshark experiment-getting started

Others 2020-04-12 00:13:07 views: null

Purpose

  1. WireShark installation and familiar interface
  2. Simple HTTP crawling and filtering, analysis and export of results

experiment process

Launch the browser

Start your favorite web browser and display the homepage you selected.

Start Wireshark

Start the Wireshark software. You will initially see a window similar to Figure 2. Wireshark has not started capturing packets.

Ready to capture

To start group capture, select the "Capture" drop-down menu and then select "Options." This will display the "Wireshark: Capture Interfaces" window.

Start packet capture

Once the packet capture starts, a window will appear showing the packet being captured. You can stop packet capture by selecting the capture drop-down menu and selecting stop. But don't stop packet capture now. We first capture some interesting groupings. For this, we need to generate some network traffic. Let's use a web browser, which will use the HTTP protocol to download content from the website.

Visit the specified page

When Wireshark is running, enter the URL: http://gaia.cs.umass.edu/wireshark-labs/INTRO-wireshark-file1.html and display the page in the browser. In order to display this page, your browser will link to the HTTP server via gaia.cs.umass.edu and exchange HTTP messages with the server to download this page. The Ethernet frames containing these HTTP messages (and all other frames passing through the Ethernet) will be captured by Wireshark.

Stop packet capture

After the browser displays the INTRO-wireshark-file1.html page (this is a simple congratulation message), click the Stop button in the Wireshark capture window to stop Wireshark packet capture. You now have real-time packet data of all protocols exchanged between computers and other network entities! HTTP messages exchanged with the web server of gaia.cs.umass.edu should appear in the list of captured packets. However, many other types of groupings are displayed here (for example, many different protocol types). Even if your only action is to download a web page, there are obviously many other protocols running on your computer, which are invisible to users. Through the content of the book, we will learn more about these agreements! Now, you will see with your own eyes that many things are about to happen!

filter

In the packet display filter window at the top of the main Wireshark window, type "http" (without quotation marks and lowercase-all protocol names in Wireshark are lowercase). Then select the application (to the right of where you enter "http"). This allows only HTTP messages to be displayed in the group list window.

Information extraction

Find the HTTP GET message sent from your computer to the gaia.cs.umass.edu HTTP server. (Look for the HTTP GET message in the Wireshark group list window, and the following gaia.cs.umass.edu URL displays "GET"). ##

When you select the HTTP GET message, then its Ethernet frame, IP datagram, TCP segment and HTTP message header will be displayed in the packet header window by clicking on the "+" and "-" on the left The grouping details window with the down arrow minimizes the information of frames, Ethernet, IP protocol and TCP protocol, and maximizes the information of HTTP protocol. (Note, especially the minimum amount of protocol information for all protocols except HTTP and the maximum amount of protocol information for HTTP in the packet header window).

exit the program

Exit Wireshark.

Congratulations! You have now completed the first experiment.

Problem Answer

The purpose of the first experiment is mainly to introduce you to Wireshark. The following questions will prove that you have been able to get Wireshark up and running, and have explored some of these features. Answer the following questions based on your Wireshark experiment:
1. List the 3 different protocols that appear in the protocol column of the unfiltered packet list window in step 7 above.

They are: OICQ, HTTP, TCP

  • There are other disturbances during the experiment, and after elimination, there should be only the above three.
  1. How long does it take to send an HTTP GET message to an HTTP OK reply? (By default, the value of the time column in the group list window is the time since Wireshark started capturing (in seconds). To display the time in date format, select Wireshark's View drop-down menu, and then select " Time Display Format ", and then select" Date and Time ".)
  2. What is the Internet address of gaia.cs.umass.edu (also known as wwwnet.cs.umass.edu)? What is the Internet address of your computer?

    gaia.cs.umass.edu IP: 128.119.245.12
    My IP: 192.168.0.103
  3. Print the two HTTP messages (GET and OK) mentioned in question 2. To do this, select "Print" from Wireshark's "File" menu, then select the "Select Group Only" and "By Current Display" buttons, and click OK.

References

"Top-down method of computer network"-[US] James F. Kurose [US] Keith W. Ross, Chen Ming translated
wireshark capture novice tutorial

Guess you like

Origin www.cnblogs.com/linfangnan/p/12674066.html
Recommended
Ranking
稀疏数组(狂神)
Windows11 system configuration Pycharm installation tutorial
[From the springboard machine ssh to the intranet target server] Configure vscode to achieve remote connection
Architecture python program
C language test code binary tree search
Questions about University website maintenance
echarts sized digital dashboards
Layui table click event
fantasy function
Windows turns on CPU virtualization + turns off Hyper-V
Daily
More
2024-07-31(0)
2024-07-30(0)
2024-07-29(0)
2024-07-28(0)
2024-07-27(0)
2024-07-26(0)
2024-07-25(0)
2024-07-24(0)
2024-07-23(0)
2024-07-22(0)

Code World

© 2018 codetd.com