However, this checks for packets on both UDP port 80 and TCP port 80. For example, to capture only Hypertext Transfer Protocol (HTTP) packets, which are commonly sent on TCP port 80, you can use: The port keyword can be used to capture packets that are destined for certain applications, because some applications communicate on well-known TCP and UDP ports. With that said, there are a few nice features that are worth highlighting here. If you want to read something that more exhaustively covers Wireshark and its features, I recommend my other book, “Practical Packet Analysis”, or Laura Chappell’s book, “Wireshark Network Analysis.” Both of these books cover packet analysis and TCP/IP protocols from a very broad perspective. So many, as a matter of fact, that there is no way that we can cover them all in this chapter. Wireshark has a ton of features that are useful for analyzing packets. This is ideal for visually bouncing around to different packets and determining their properties quickly. Furthermore, when you click on a field in the packet details pane, it will highlight the bytes associated with that field in the packet bytes pane.
When you click on a packet in the packet list pane, it shows data related to that packet in the packet details and packet bytes panes. The important thing to note when interacting with these three panes is that the data that each one displays is linked to actions taken in the other panes. The bottom pane is the packet bytes pane, and details the individual bytes that comprise a packet, shown in hex and ASCII format, similar to tcpdump’s –X option. The middle pane is the packet details pane, and shows detailed information about the data fields contained within the packet that is selected in the packet list pane. The default columns include a packet number, a timestamp (defaulting to the time since the beginning of the capture), source and destination address, protocol, packet length, and an info column that contains protocol-specific information. The uppermost is the packet list pane, which shows each packet summarized into a single line, with individual fields separated as columns. Looking at the image above, you will notice that Wireshark is divided into three panes.
0 kommentar(er)
