当前位置:网站首页>Wireshark network packet capture
Wireshark network packet capture
2022-07-04 19:57:00 【Daydayup】
Catalog
One 、 Preface
Study various network protocols and local and remote packet capturing analysis , Indispensable Wireshark
Or similar tools .
Here to 3 Do a simple packet capture in this scenario .
Two 、3 A bag capturing scene
2.1、 Packet capture local http
The first set Wireshark filter ip.dst == 124.223.54.92 and tcp.port == 8116
, Start capturing .
Then open the PC( Local IP:192.168.0.102) Browser , Visit a traditional Chinese medicine information website that you practice yourself :http://124.223.54.92:8116/, And search for “ Sheraton ”,
Some relevant results are found above , Check again Wireshark Captured content ,
You can only see the browser -> One way request from the server (No=64, Left arrow →
representative src->dst The client side 192.168.0.102-> Server side 124.223.54.92 Request ), The corresponding data cannot be captured .
If you want a response , Next, change the filter to ip.addr == 124.223.54.92 and tcp.port == 8116
(ip.addr representative src or dst Can be this ip), After applying the new filter, check the capture results as follows ,
No=108, Left arrow ←
representative source->dest The service side 124.223.54.92-> client 192.168.0.102 Response .
The previous search request is GET request , Then try again POST request http://124.223.54.92:8116/api/echo, This echo The interface request body returns whatever response it sends , as follows ,
curl --location --request POST 'http://124.223.54.92:8116/api/echo' \
--header 'Content-Type: text/plain' \
--data-raw '{ "name": "Jay" }'
Also go to Wireshark See the corresponding req and resp, And the clear text business response data can also be seen below ,
2.2、 Grab your cell phone http
stay PC Of Wireshark You can't directly capture mobile traffic on , Even though PC It's the same as the mobile phone WIFI. because Wireshark To capture packets, you need to select the network card for monitoring , Related to this network card , Or the traffic or network packets passing through the selected network card will be caught . So if you grab your mobile phone , Obviously, the network card of the mobile phone should be monitored , Or the network card of the server . So it can't be directly in PC Grab the bag on the mobile phone .
But there are 2 Methods ,
- firstly ,PC Open a sharing hotspot to connect your mobile phone
- second , stay PC Upper use
Charles
And other tools to open the network agent , And set the agent on the mobile phone
The second way is used here , First step , Download and install Charles
after , Set up Proxy->Proxy Settings->HTTP Proxy
Of Port=8888, as follows ,
The second step , Connect your cell phone to PC The same WIFI Next , Connected at WIFI Set the proxy host name to PC Of ip, The proxy port is Charles Set up 8888, as follows ,
After setting up the proxy , The flow of mobile phones goes PC Agent , It is no longer sent directly to the router .
The picture above shows the mobile phone ip yes 192.168.0.100, So in Wireshark catalog filter ip.addr == 192.168.0.100
, And start capturing .
Then open the mobile browser to access http://124.223.54.92:8116/, And search for ,
Back to Wireshark Check whether the information has been captured , as follows No=43, Captured the request ,
as follows No=153, Also captured the response ,
Again ,Charles
As itself and Wireshark Similar tools , At the same time, the request and response are also obtained , as follows ,
2.3、 Remote bag capture
Above 2.1 and 2.2 Examples of local and mobile packet capturing are given respectively , Capturing packets on mobile phones is also a scenario of remote capturing packets , But it still needs to be with PC Under the same LAN , So it can be considered that it is not completely remote .
There must be a completely remote scenario , Such as remote server 192.168.2.15 Upper a process , Need constant and remote server 192.168.2.22 Upper b The process goes on p2p Handshake communication , In this case, if verification is required 2 Is the handshake between processes encrypted or unencrypted , How to verify .
explain :a The process and b The process is used to shake hands p2p Ports are all 34000.
First step , stay 192.168.2.15 Upper use tcpdump
command , Will work with 192.168.2.22 Between tcp Packages are saved to cap file ,
tcpdump tcp port 34000 and host 192.168.2.22 -w ./target.cap
The second step , take cap Put files locally PC, And import Wireshark analysis , as follows , You can see the relationship between the two processes p2p The handshake agreement is TLSv1.2 Encrypted , The message content is also displayed as Application Data, Represents being encrypted .
边栏推荐
- node_ Exporter deployment
- How test engineers "attack the city" (Part I)
- 上线首月,这家露营地游客好评率高达99.9%!他是怎么做到的?
- 西门子HMI下载时提示缺少面板映像解决方案
- 需求开发思考
- @Data source connection pool exhaustion caused by transactional abuse
- Is it safe to open an account at Great Wall Securities? How to open an account when buying stocks
- HDU 6440 2018中国大学生程序设计网络选拔赛
- 1005 spell it right (20 points) (pat a)
- Crawler (6) - Web page data parsing (2) | the use of beautifulsoup4 in Crawlers
猜你喜欢
黑马程序员-软件测试--08阶段2-linux和数据库-23-30-进程端口相关,修改文件权限,端口号信息的获取,程序和进程相关操作,linux命令案例
node_ Exporter deployment
92.(cesium篇)cesium楼栋分层
Creation of JVM family objects
FPGA timing constraint sharing 01_ Brief description of the four steps
应用实践 | 蜀海供应链基于 Apache Doris 的数据中台建设
Crystal optoelectronics: ar-hud products of Chang'an dark blue sl03 are supplied by the company
English grammar_ Noun - use
Mysql database basic operation -ddl | dark horse programmer
Several methods of online database migration
随机推荐
92.(cesium篇)cesium楼栋分层
1008 Elevator(20 分)(PAT甲级)
C语言-入门-基础-语法-流程控制(七)
Basic use of kotlin
mysql中explain语句查询sql是否走索引,extra中的几种类型整理汇总
明明的随机数
"Only one trip", active recommendation and exploration of community installation and maintenance tasks
Is it safe to open an account at Great Wall Securities? How to open an account when buying stocks
Explicit random number
黑马程序员-软件测试--07阶段2-linux和数据库-09-24-linux命令学习步骤,通配符,绝对路径,相对路径,文件和目录常用命令,文件内容相关操作,查看日志文件,ping命令使用,
Pytorch学习(四)
BCG 使用之CBCGPProgressDlg进度条使用
Functional interface
Mysql database basic operation -ddl | dark horse programmer
【毕业季】绿蚁新醅酒,红泥小火炉。晚来天欲雪,能饮一杯无?
[QNX hypervisor 2.2 user manual]6.3.1 factory page and control page
Add namespace declaration
1011 World Cup betting (20 points) (pat a)
Explore the contour drawing function drawcontours() of OpenCV in detail with practical examples
矩阵翻转(数组模拟)