1.Wireshark介绍
Wireshark 是一个开源的网络协议分析工具,它能够捕获和分析网络数据包,提供深入的网络故障排除、网络性能优化和安全审计等功能。它支持跨多个操作系统,包括 Windows、macOS 和 Linux。
2.Wireshark主要使用方法
- 捕获数据包:
打开 Wireshark,选择要捕获数据包的网络接口。您可以选择物理网卡或虚拟接口。
点击“开始”按钮开始捕获数据包。
Wireshark 将开始监听选定的接口,并显示捕获到的数据包。
- 分析数据包:
捕获到的数据包将以列表形式显示在 Wireshark 界面上。您可以查看每个数据包的详细信息,如源地址、目标地址、协议类型等。
Wireshark 还提供了过滤器功能,使您可以根据特定的协议、源/目标地址、端口等条件来筛选和查找感兴趣的数据包。
可以查看每个数据包的原始数据以及解析后的协议信息,以深入了解网络通信过程。
- 分析工具和功能:
Wireshark 提供了一系列强大的分析工具,如统计信息、流量图表、协议层次结构图等,以帮助您分析和诊断网络问题。
您可以使用统计功能来获取有关数据包数量、协议使用情况、流量分布等方面的信息。
Wireshark 还支持导出数据包以供进一步分析或与他人共享。
3.CentOS 图形化Wireshark快速安装
- 安装Wireshark
如果直接安装wireshark,则不包含图形化界面,可以在命令行执行tshark来使用。如需图形化界面,选择包含gnome的版本安装。
sudo yum update
sudo yum search wireshark
sudo yum install wireshark-gnome.x86_64- 启动Wireshark
sudo wireshark &- 安装过程
[xxx ~]# sudo yum update
[xxx ~]# sudo yum search wireshark
Loaded plugins: fastestmirror, langpacks, nvidia
Loading mirror speeds from cached hostfile
============================ N/S matched: wireshark ============================
wireshark-devel.i686 : Development headers and libraries for wireshark
wireshark-devel.x86_64 : Development headers and libraries for wireshark
wireshark-gnome.x86_64 : Gnome desktop integration for wireshark
wireshark.i686 : Network traffic analyzer
wireshark.x86_64 : Network traffic analyzer
Name and summary matches only, use "search all" for everything.
[xxx ~]# yum remove wireshark
Loaded plugins: fastestmirror, langpacks, nvidia
Resolving Dependencies
--> Running transaction check
---> Package wireshark.x86_64 0:1.10.14-25.el7 will be erased
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Removing:
wireshark x86_64 1.10.14-25.el7 @base 67 M
Transaction Summary
================================================================================
Remove 1 Package
Installed size: 67 M
Is this ok [y/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Erasing : wireshark-1.10.14-25.el7.x86_64 1/1
Verifying : wireshark-1.10.14-25.el7.x86_64 1/1
Removed:
wireshark.x86_64 0:1.10.14-25.el7
Complete!
[xxx ~]# sudo yum install wireshark-gnome.x86_64
Loaded plugins: fastestmirror, langpacks, nvidia
Loading mirror speeds from cached hostfile
* base: centos.mirror.far.fi
* centos-sclo-rh: centos.mirror.far.fi
* centos-sclo-sclo: centos.mirror.far.fi
* epel: epel.mirror.serveriai.lt
* extras: centos.mirror.far.fi
* updates: centos.mirror.far.fi
Resolving Dependencies
--> Running transaction check
---> Package wireshark-gnome.x86_64 0:1.10.14-25.el7 will be installed
--> Processing Dependency: wireshark = 1.10.14-25.el7 for package: wireshark-gnome-1.10.14-25.el7.x86_64
--> Processing Dependency: libwsutil.so.3()(64bit) for package: wireshark-gnome-1.10.14-25.el7.x86_64
--> Processing Dependency: libwiretap.so.3()(64bit) for package: wireshark-gnome-1.10.14-25.el7.x86_64
--> Processing Dependency: libwireshark.so.3()(64bit) for package: wireshark-gnome-1.10.14-25.el7.x86_64
--> Running transaction check
---> Package wireshark.x86_64 0:1.10.14-25.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
wireshark-gnome x86_64 1.10.14-25.el7 base 912 k
Installing for dependencies:
wireshark x86_64 1.10.14-25.el7 base 13 M
Transaction Summary
================================================================================
Install 1 Package (+1 Dependent package)
Total download size: 13 M
Installed size: 69 M
Is this ok [y/d/N]: y
Downloading packages:
(1/2): wireshark-gnome-1.10.14-25.el7.x86_64.rpm | 912 kB 00:01
(2/2): wireshark-1.10.14-25.el7.x86_64.rpm | 13 MB 00:03
--------------------------------------------------------------------------------
Total 4.4 MB/s | 13 MB 00:03
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : wireshark-1.10.14-25.el7.x86_64 1/2
Installing : wireshark-gnome-1.10.14-25.el7.x86_64 2/2
Verifying : wireshark-gnome-1.10.14-25.el7.x86_64 1/2
Verifying : wireshark-1.10.14-25.el7.x86_64 2/2
Installed:
wireshark-gnome.x86_64 0:1.10.14-25.el7
Dependency Installed:
wireshark.x86_64 0:1.10.14-25.el7
Complete!
[xxx ~]# sudo wireshark &
- 使用截图
