目 录

Preface 

1. Foreword 前言

2. Who should read this document? 谁适合读该文档?

3. Acknowledgements 致谢

4. About this document 关于本文档

5. Where to get the latest copy of this document? 哪里获取本文档最新副版

6. Providing feedback about this document 反馈

7. Typographic Conventions 版式约定

7.1. Admonitions 期望
7.2. Shell Prompt and Source Code Examples 源码案例

1. Introduction 简介

1.1. What is Wireshark? 什么是Wireshark

1.1.1. Some intended purposes 预期用途
1.1.2. Features  特性
1.1.3. Live capture from many different network media  不同网络介质在线抓取
1.1.4. Import files from many other capture programs  导入抓包文件
1.1.5. Export files for many other capture programs  导出抓包文件
1.1.6. Many protocol dissectors 协议剥离
1.1.7. Open Source Software  打开软件
1.1.8. What Wireshark is not

1.2. System Requirements  系统要求

1.2.1. Microsoft Windows
1.2.2. UNIX / Linux

1.3. Where to get Wireshark  如何获取Wireshark

1.4. A brief history of Wireshark  Wireshark简史

1.5. Development and maintenance of Wireshark  Wireshark开发与运维

1.6. Reporting problems and getting help  上报问题并获得帮助

1.6.1. Website
1.6.2. Wiki
1.6.3. Q&A Site
1.6.4. FAQ
1.6.5. Mailing Lists
1.6.6. Reporting Problems
1.6.7. Reporting Crashes on UNIX/Linux platforms
1.6.8. Reporting Crashes on Windows platforms

2. Building and Installing Wireshark  构建安装Wireshark

2.1. Introduction  简介

2.2. Obtaining the source and binary distributions  获取源码和二进制发行版

2.3. Installing Wireshark under Windows  Windows安装Wireshark

2.3.1. Installation Components  安装组件
2.3.2. Additional Tasks 额外任务
2.3.3. Install Location 安装位置
2.3.4. Installing Npcap 安装Npcap
2.3.5. Windows installer command line options  Windows安装命令行选项
2.3.6. Manual Npcap Installation 手动Npcap安装
2.3.7. Update Wireshark 升级Wireshark
2.3.8. Update Npcap 升级Npcap
2.3.9. Uninstall Wireshark 协助Wireshark
2.3.10. Uninstall Npcap 协助Npcap

2.4. Installing Wireshark under macOS  macOS安装Wireshark

2.5. Building Wireshark from source under UNIX  UNIX源码安装Wireshark

2.6. Installing the binaries under UNIX  UNIX二进制安装Wireshark

2.6.1. Installing from RPMs under Red Hat and alike   红帽环境下RPM安装
2.6.2. Installing from debs under Debian, Ubuntu and other Debian derivatives  Debian等环境deb安装
2.6.3. Installing from portage under Gentoo Linux  GentooLinux环境 portage安装
2.6.4. Installing from packages under FreeBSD  FreeBSD环境安装包安装

2.7. Troubleshooting during the build and install on Unix   Unix构建安装问题快照

2.8. Building from source under Windows Windows下源码安装

3. User Interface   用户界面

3.1. Introduction  简介

3.2. Start Wireshark  启动Wireshark

3.3. The Main window 主界面

3.3.1. Main Window Navigation  主界面导航

3.4. The Menu  菜单

3.5. The “File” menu   菜单-文件

3.6. The “Edit” Menu   菜单-编辑

3.7. The “View” Menu   菜单-视图

3.8. The “Go” Menu  菜单-跳转

3.9. The “Capture” menu  菜单-捕获

3.10. The “Analyze” Menu  菜单-分析

3.11. The “Statistics” Menu  菜单-统计

3.12. The “Telephony” Menu  菜单-电话

3.13. The “Tools” Menu  菜单-工具

3.14. The “Help” Menu  菜单-帮助

3.15. The “Main” Toolbar  工具栏-常规工具

3.16. The “Filter” Toolbar  工具栏-过滤

3.17. The “Packet List” Pane  面板-报文列表

3.18. The “Packet Details” Pane    面板-报文详情

3.19. The “Packet Bytes” Pane   面板-报文字节

3.20. The Statusbar  状态栏

4. Capturing Live Network Data  捕获在线网络数据

4.1. Introduction  简介

4.2. Prerequisites   前提条件

4.3. Start Capturing  开始捕获

4.4. The “Capture Interfaces” dialog box  捕获界面对话框

4.5. The “Capture Options” dialog box  捕获设置对话框

4.5.1. Capture frame  捕获
4.5.2. Capture File(s) frame  捕获文件
4.5.3. Stop Capture…​ frame  停止捕获
4.5.4. Display Options frame 显示设置
4.5.5. Name Resolution frame 域名解析
4.5.6. Buttons  按钮

4.6. The “Edit Interface Settings” dialog box  编辑界面设置对话框

4.7. The “Compile Results” dialog box  编译结果对话框

4.8. The “Add New Interfaces” dialog box  增加新接口对话框

4.8.1. Add or remove pipes 新增/删除?
4.8.2. Add or hide local interfaces 新增/隐藏本地接口
4.8.3. Add or hide remote interfaces  新增/隐藏远方接口

4.9. The “Remote Capture Interfaces” dialog box  远程捕获接口对话框

4.9.1. Remote Capture Interfaces  远程捕获接口
4.9.2. Remote Capture Settings  远程捕获设置

4.10. The “Interface Details” dialog box  接口详情对话框

4.11. Capture files and file modes  捕获文件及文件模式

4.12. Link-layer header type  链接层头类型

4.13. Filtering while capturing  抓包时过滤

4.13.1. Automatic Remote Traffic Filtering 自动化远程过滤

4.14. While a Capture is running …​   抓包过程中

4.14.1. Stop the running capture  停止抓包
4.14.2. Restart a running capture  重新抓包

5. File Input, Output, and Printing 文件输入、输出、打印

5.1. Introduction  简介

5.2. Open capture files   打开抓包文件

5.2.1. The “Open Capture File” dialog box
5.2.2. Input File Formats

5.3. Saving captured packets  保存抓包

5.3.1. The “Save Capture File As” dialog box
5.3.2. Output File Formats

5.4. Merging capture files  合并抓包

5.4.1. The “Merge with Capture File” dialog box

5.5. Import hex dump 导入 hex dump

5.5.1. The “Import from Hex Dump” dialog box

5.6. File Sets  文件设置

5.6.1. The “List Files” dialog box

5.7. Exporting data  导出数据

5.7.1. The “Export as Plain Text File” dialog box
5.7.2. The “Export as PostScript File” dialog box
5.7.3. The “Export as CSV (Comma Separated Values) File” dialog box
5.7.4. The “Export as C Arrays (packet bytes) file” dialog box
5.7.5. The “Export as PSML File” dialog box
5.7.6. The “Export as PDML File” dialog box
5.7.7. The “Export selected packet bytes” dialog box
5.7.8. The “Export Objects” dialog box

5.8. Printing packets 打印包

5.8.1. The “Print” dialog box  打印对话框

5.9. The “Packet Range” frame   包范围?

5.10. The Packet Format frame   包模式?

6. Working With Captured Packets 抓包文件用途

6.1. Viewing Packets You Have Captured  查看抓包文件

6.2. Pop-up Menus  弹出式菜单

6.2.1. Pop-up Menu Of The “Packet List” Column Header  报文列表列标题弹出菜单
6.2.2. Pop-up Menu Of The “Packet List” Pane  报文列表面包弹出菜单
6.2.3. Pop-up Menu Of The “Packet Details” Pane  报文详情面板弹出菜单
6.2.4. Pop-up Menu Of The “Packet Bytes” Pane  报文字节面板弹出菜单

6.3. Filtering Packets While Viewing  显示过滤报文

6.4. Building Display Filter Expressions 创建显示过滤表达式

6.4.1. Display Filter Fields  显示过滤区
6.4.2. Comparing Values  对比值
6.4.3. Combining Expressions 组合表达式
6.4.4. Slice Operator 切片运算符
6.4.5. Membership Operator  隶属运算符
6.4.6. Functions 函数
6.4.7. A Common Mistake 常见错误
6.4.8. Sometimes Fields Change Names 字段改名

6.5. The “Filter Expression” Dialog Box  过滤表达式对话框

6.6. Defining And Saving Filters 定义及保存过滤器

6.7. Defining And Saving Filter Macros 定义及保存过滤常量

6.8. Finding Packets 查找包

6.8.1. The “Find Packet” Toolbar  查找包工具栏

6.9. Go To A Specific Packet 跳转到指定报文

6.9.1. The “Go Back” Command
6.9.2. The “Go Forward” Command
6.9.3. The “Go to Packet” Toolbar
6.9.4. The “Go to Corresponding Packet” Command
6.9.5. The “Go to First Packet” Command
6.9.6. The “Go to Last Packet” Command

6.10. Marking Packets 标记报文

6.11. Ignoring Packets 忽略报文

6.12. Time Display Formats And Time References 显示样式及时间参考

6.12.1. Packet Time Referencing  报文时间参考

7. Advanced Topics  高级应用

7.1. Introduction

7.2. Following Protocol Streams

7.3. Show Packet Bytes

7.4. Expert Information

7.4.1. Expert Info Entries
7.4.2. “Expert Info” dialog
7.4.3. “Colorized” Protocol Details Tree
7.4.4. “Expert” Packet List Column (optional)

7.5. TCP Analysis

7.6. Time Stamps

7.6.1. Wireshark internals
7.6.2. Capture file formats
7.6.3. Accuracy

7.7. Time Zones

7.7.1. Set your computer’s time correctly!
7.7.2. Wireshark and Time Zones

7.8. Packet Reassembly

7.8.1. What is it?
7.8.2. How Wireshark handles it
7.8.3. TCP Reassembly

7.9. Name Resolution

7.9.1. Name Resolution drawbacks
7.9.2. Ethernet name resolution (MAC layer)
7.9.3. IP name resolution (network layer)
7.9.4. TCP/UDP port name resolution (transport layer)
7.9.5. VLAN ID resolution
7.9.6. SS7 point code resolution

7.10. Checksums

7.10.1. Wireshark checksum validation
7.10.2. Checksum offloading

8. Statistics 统计

8.1. Introduction

8.2. The “Capture File Properties” Window

8.3. Resolved Addresses

8.4. The “Protocol Hierarchy” Window

8.5. Conversations

8.5.1. The “Conversations” Window

8.6. Endpoints

8.6.1. The “Endpoints” Window

8.7. Packet Lengths

8.8. The “I/O Graph” Window

8.9. Service Response Time

8.9.1. The “Service Response Time DCE-RPC” Window

8.10. DHCP (BOOTP) Statistics

8.11. ONC-RPC Programs

8.12. 29West

8.13. ANCP

8.14. BACnet

8.15. Collectd

8.16. DNS

8.17. Flow Graph

8.18. HART-IP

8.19. HPFEEDS

8.20. HTTP Statistics

8.20.1. HTTP Packet Counter
8.20.2. HTTP Requests
8.20.3. HTTP Load Distribution
8.20.4. HTTP Request Sequences

8.21. HTTP2

8.22. Sametime

8.23. TCP Stream Graphs

8.24. UDP Multicast Graphs

8.25. F5

8.26. IPv4 Statistics

8.27. IPv6 Statistics

9. Telephony

9.1. Introduction

9.2. VoIP Calls

9.3. ANSI

9.4. GSM

9.5. IAX2 Stream Analysis

9.6. ISUP Messages

9.7. LTE

9.7.1. LTE MAC Traffic Statistics
9.7.2. LTE RLC Graph
9.7.3. LTE RLC Traffic Statistics

9.8. MTP3

9.9. Osmux

9.10. RTP Analysis

9.11. RTSP

9.12. SCTP

9.13. SMPP Operations

9.14. UCP Messages

9.15. H.225

9.16. SIP Flows

9.17. SIP Statistics

9.18. WAP-WSP Packet Counter

10. Wireless

10.1. Introduction

10.2. Bluetooth ATT Server Attributes

10.3. Bluetooth Devices

10.4. Bluetooth HCI Summary

10.5. WLAN Traffic

11. Customizing Wireshark

11.1. Introduction

11.2. Start Wireshark from the command line

11.3. Packet colorization

11.4. Control Protocol dissection

11.4.1. The “Enabled Protocols” dialog box
11.4.2. User Specified Decodes
11.4.3. Show User Specified Decodes

11.5. Preferences

11.5.1. Interface Options

11.6. Configuration Profiles

11.7. User Table

11.8. Display Filter Macros

11.9. ESS Category Attributes

11.10. MaxMind Database Paths

11.11. IKEv2 decryption table

11.12. Object Identifiers

11.13. PRES Users Context List

11.14. SCCP users Table

11.15. SMI (MIB and PIB) Modules

11.16. SMI (MIB and PIB) Paths

11.17. SNMP Enterprise Specific Trap Types

11.18. SNMP users Table

11.19. Tektronix K12xx/15 RF5 protocols Table

11.20. User DLTs protocol table

12. MATE

12.1. Introduction

12.2. Getting Started

12.3. MATE Manual

12.3.1. Introduction
12.3.2. Attribute Value Pairs
12.3.3. AVP lists
12.3.4. MATE Analysis
12.3.5. About MATE

12.4. MATE’s configuration tutorial

12.4.1. A Gop for DNS requests
12.4.2. A Gop for HTTP requests
12.4.3. Getting DNS and HTTP together into a Gog
12.4.4. Separating requests from multiple users
12.5. MATE configuration examples
12.5.1. TCP session
12.5.2. a Gog for a complete FTP session
12.5.3. using RADIUS to filter SMTP traffic of a specific user
12.5.4. H323 Calls
12.5.5. MMS
12.6. MATE’s configuration library
12.6.1. General use protocols
12.6.2. VoIP/Telephony
12.7. MATE’s reference manual
12.7.1. Attribute Value Pairs
12.7.2. Attribute/Value Pair List (AVPL)
12.8. Configuration AVPLs
12.8.1. Pdsu’s configuration actions
A. Wireshark Messages

Wireshark 用户指南(3.1.0)的更多相关文章

  1. 【Flume NG用户指南】(1)设置

    作者:周邦涛(Timen) Email:zhoubangtao@gmail.com 转载请注明出处:  http://blog.csdn.net/zhoubangtao/article/details ...

  2. 【翻译】Flume 1.8.0 User Guide(用户指南) Processors

    翻译自官网flume1.8用户指南,原文地址:Flume 1.8.0 User Guide 篇幅限制,分为以下5篇: [翻译]Flume 1.8.0 User Guide(用户指南) [翻译]Flum ...

  3. 【翻译】Flume 1.8.0 User Guide(用户指南) Channel

    翻译自官网flume1.8用户指南,原文地址:Flume 1.8.0 User Guide 篇幅限制,分为以下5篇: [翻译]Flume 1.8.0 User Guide(用户指南) [翻译]Flum ...

  4. 【翻译】Flume 1.8.0 User Guide(用户指南) Sink

    翻译自官网flume1.8用户指南,原文地址:Flume 1.8.0 User Guide 篇幅限制,分为以下5篇: [翻译]Flume 1.8.0 User Guide(用户指南) [翻译]Flum ...

  5. 【翻译】Flume 1.8.0 User Guide(用户指南) source

    翻译自官网flume1.8用户指南,原文地址:Flume 1.8.0 User Guide 篇幅限制,分为以下5篇: [翻译]Flume 1.8.0 User Guide(用户指南) [翻译]Flum ...

  6. 【翻译】Flume 1.8.0 User Guide(用户指南)

    翻译自官网flume1.8用户指南,原文地址:Flume 1.8.0 User Guide 篇幅限制,分为以下5篇: [翻译]Flume 1.8.0 User Guide(用户指南) [翻译]Flum ...

  7. Gradle2.0用户指南翻译——第一章. 介绍

    翻译项目请关注Github上的地址:https://github.com/msdx/gradledoc本文翻译所在分支:https://github.com/msdx/gradledoc/tree/2 ...

  8. scons用户指南翻译(附gcc/g++参数详解)

    scons用户指南 翻译 http://blog.csdn.net/andyelvis/article/category/948141 官网文档 http://www.scons.org/docume ...

  9. 阿里云 EDAS-HSF 用户指南

    阿里云 EDAS-HSF 用户指南 针对 EDAS v2.3.0©Alibaba EDAS 项目组2015/8/19 1 前言本文档旨在描述阿里云 EDAS 产品中应用服务化模块的基本概念,以及如何使 ...

随机推荐

  1. java读取文件的几种方式性能比较

    //普通输入流读取文件内容 public static long checksumInputStream(Path filename) { try(InputStream in= Files.newI ...

  2. Fatal error:Call to undefined function mysqli_connect() in .php line 报错

    这样的问题,多半是PHP配置问题. 修改php配置文件 1.在php(版本:php-7.2.7-Win32-VC15-x64)文件夹中一开始不会看到php.ini,而是php.ini-developm ...

  3. BPM FlowPortal 开发环境及发布环境的配置

    开启开发模式 开发时应设置防缓存和调试信息输出. 开发后发布 开发完成后正式使用时,除了对以上各项做相反设置外,还需设置web.config中的JSVersion,使每个用户都能自动下载最新版的js文 ...

  4. java,单文件和多文件上传代码范例

    上传一个单文件,用request.getFile得到文件(下面的功能是上传到阿里云) @RequestMapping(value = {"/content"}, method = ...

  5. Date与String的相互转换

    构造函数 日期:new Date();//获取当前日期,精确到毫秒. 日期:new Date(long date);//即1970 年 1 月 1 日 00:00:00 GMT(Greenwich M ...

  6. centos 7.6 配置VNC

    一.安装 1.  以root用户运行以下命令来安装vncserver; yum install tigervnc-server 2.  同样运行以下命令来安装vncviewer; yum instal ...

  7. Win10 hosts文件无法保存

    Win10无法修改编辑保存hosts文件怎么办?Win10系统默认是没有权限去编辑保存系统里的文件,这也是权限不够才导致修改编辑hosts后无法保存的原因,解决的办法就是把自己的帐户权限给提高就行了. ...

  8. DEVC++如何调试代码

    DEVC++小技巧 学习C语言的同学大多都会使用DEVC++这个软件,但是在使用的时候会发现是不可以调试的,因为我们的软件默认是将调试关闭了的.下面是调试的具体方法. 点击窗口的工具按钮 点击编辑按钮 ...

  9. el-input maxlength 不限制长度

    背景: 小鱼最近使用 input输入框时想限制输入的长度, type = "number" 时,限制的长度无效,代码如下 <el-input v-model="fo ...

  10. java中创建对象的方式

    Java中有5种创建对象的方式,下面给出它们的例子还有它们的字节码 使用new关键字 } → 调用了构造函数 使用Class类的newInstance方法 } → 调用了构造函数 使用Construc ...