[226] instructions for Wireshark parameters

The subject part （ See official account for the original ：python treasure ）

 python treasure

https://mp.weixin.qq.com/mp/profile_ext?action=home&__biz=MzU5NjIyOTE4OQ==&scene=123#wechat_redirect

Wheat seedling DB treasure

https://www.xmmup.com/

One 、OSI Seven layer model

application layer ： An interface between network services and end users .

The agreement has ：HTTP FTP TFTP SMTP SNMP DNS TELNET HTTPS POP3 DHCP

The presentation layer ： Presentation of data 、 Security 、 Compress .（ The application layer has been incorporated into the five layer model ）

The format is ,JPEG、ASCll、EBCDIC、 Encryption format, etc

The session layer ： establish 、 management 、 Terminate the conversation .（ The application layer has been incorporated into the five layer model ）

Corresponding host process , Refers to the ongoing session between the local host and the remote host

Transport layer ： Define the protocol port number of data transmission , And flow control and error checking .

The agreement has ：TCP UDP, Once the packet leaves the network card, it will enter the network transmission layer

The network layer ： Logical address addressing , Realize path selection between different networks .

The agreement has ：ICMP IGMP IP（IPV4 IPV6）

Data link layer

Establish logical connections 、 Address the hardware 、 Error checking and other functions .（ The protocol is defined by the underlying network ）

Combining bits into bytes and then into frames , use MAC Address access media , To discover but not correct .

The physical layer ： establish 、 maintain 、 Disconnect the physical connection .（ The protocol is defined by the underlying network ）

Two 、 Rules of packet capturing filter expression

1. Two layer screening 
eth.addr==ff:ff:ff:ff:ff:ff      Filter layer 2 
eth.dst==xxxx           Filter   Source MAC The address is xxxx
eth.src==xxxx           Filter   The goal is MAC The address is xxxx


2. Three layer screening 
ip.addr==x.x.x.x   Filter three layers 
ip.dst==x.x.x.x  Filter source IP The address is x.x.x.x
ip.src==x.x.x.x  Purpose of filtration IP The address is x.x.x.x


3. Port filtering 
tcp.port ==80           The port of the source host or destination host is displayed as 80 A list of packets for 
tcp.srcport==80        Display only TCP The source host port of the protocol is 80 A list of packets for 
tcp.dstport==80        Display only TCP The destination host port of the protocol is 80 A list of packets for 


4. Logical operators  and/or/not
 And    &&  and   
 or     ||    or
 Not     ！  not

 example ：
1. Grab the host address as 220.181.38.148,TCP The destination port is 80 Data packets of 


ip.addr==220.181.38.148 && tcp.dstport==80


2. Grab the host for 220.181.38.148 perhaps 220.181.38.149


ip.addr==220.181.38.148||ip.addr==220.181.38.149

3、 ... and 、wireshark The term

• • SYN ： Sign a , Indicates a request to establish a connection

  • Seq = 0 ： The initial connection value is 0, The relative sequence number of the packet is from 0 Start , Indicates that no data has been sent yet

  • Ack =0： The initial connection value is 0, Number of packages received , Indicates that no data is currently received

  • FIN Indicates that the connection is closed

  • PSH Express DATA The data transfer

  • RST Indicates connection reset .

  • Frame:   Overview of data frames in physical layer

  • Ethernet II: Data link layer Ethernet frame header information

  •  Internet Protocol Version 4: The Internet layer IP Baotou department information

  •  Transmission Control Protocol:   Transport layer T Data segment header information for , Here is TCP

  •  Hypertext Transfer Protocol:   Application layer information , Here is HTTP agreement

Reference resources ：

https://blog.csdn.net/Aaron_1999/article/details/104077610

https://blog.csdn.net/m0_37824357/article/details/124498592

Answer section

One 、wireshark  Start interface

Two 、 adopt Menu bar The capture option selects the network card to listen

3、 ... and 、 After selecting the network card to monitor , The interface is as follows , You can grab all the packets through this network card

Four 、 Filter the packets you need to analyze ip.addr == ip Address

5、 ... and 、 First look at a few packets , Be familiar with it. wireshark The agreement

6、 ... and 、 Look at the transport layer of a packet （ A row is a bag ）

7、 ... and 、 Look at the network layer of a packet （ A row is a bag ）

Reference resources ：

https://blog.csdn.net/qq_44275213/article/details/118873256

https://blog.csdn.net/m0_37824357/article/details/124498592

About Me： Wheat grains

●  The author of this article ： Wheat grains , Focus on python、 Data analysis 、 data mining 、 Machine learning related technologies , Also pay attention to the use of Technology

● Author's blog address ：https://blog.csdn.net/u010986753

●  The title of this series comes from the author's study notes , Partially collated from the network , If there is any infringement or improper place, please understand

●  copyright , Welcome to share this article , Reprint please keep the source

●  Personal micro signal ：pythonbao Contact me and add wechat Group

●  personal QQ：87605025

● QQ Communication group py_data ：483766429

●  official account ：python treasure or DB treasure

●  Provide OCP、OCM And the most practical skills training with high availability

●  If there is anything wrong with the answer to the question , I also hope that you can criticize and correct , Common progress

If you find the article helpful , Click on my avatar below , Appreciate me ！

With your support , The wheat grain will be better and better ！