1、使用網(wǎng)絡(luò)協(xié)議分析儀Wireshark

1、一、實(shí)驗(yàn)?zāi)康模海?）掌握安裝和配置網(wǎng)絡(luò)協(xié)議分析儀Wireshark的使用方法；（2）熟悉使用Wireshark工具分析網(wǎng)絡(luò)協(xié)議的基本方法，加深對(duì)網(wǎng)絡(luò)協(xié)議格式、協(xié)議層次和協(xié)議交互過(guò)程的理解。三、實(shí)驗(yàn)內(nèi)容和要求：（1）安裝和配置網(wǎng)絡(luò)協(xié)議分析儀；（2）使用并熟悉Wireshark分析儀的部分功能。四、實(shí)驗(yàn)環(huán)境：windows7下Wireshark64位五、操作方法與實(shí)驗(yàn)步驟（一）安裝和配置WelcometotheWireshark1.12.4(64-bit)SetupWizardTinswizardAillguideyouthroughtheinstalationofLestiprk.Sefbres

2、tartingtheinsWatiwvmakesire;Vresharkisnotrunning.CkkMexttocantrue,Nexta|CarceJ2Wire>hark1.12.4(64七it)SetupLiceraeAgreementAeasereviewtheicensetermsbeforeinstallingVWreshark1.12.4(64-bit).PressPageDowntoseetherestoftheagreement.4hstextconsistsofthreeparts:Darti:SomeremarksregardingthekensegivenrPa

3、rtII:TheactuallicensethatcoversWireshark.Partin:Otherapplicablelicenses.Whenrdoubt:PartII/IIItsthelegallybidingpart,PartIisjusttheretomakeiteasierorpeoplethatarenotfamiliarwiththeGPLv2?1:youacceptthetermsoftheagreement,dickIAgreetocontinue.YoumustacceptthetometallWrechark1.12.4(64-bit).、E-acxIAgreeC

4、anedThefioiowingcomponentsaravdube*brnsUlatonSeleccomponents:onstdl:WTShvkt¥PlugnsfExtensions>11TootsUsersGudeDesolptxxiSoacereourec:105-SMEWimhrk1.124(64bit)Setup1q1<Back|Next>|4Wireshark1.12.4(64-bit)SetupChooseInstallLocationChoosethefoMerinvJiichtorstalWreshark1.12.4(64-bit).Choose

5、adrectoryinwhkhtoinstallWireshark.BrsvseDesAnaOonFolderD:飲件安裝WresharkSpacerequired:105.5MBSpaceavailable:107.8GBWire$har<Installer(tm)Back|Next|:Cancel4(Wireshark1.12.4(64-bit)SetupInstallWinPcap?WinPzapisrequredtocapturelivenetworkdata.SboddWinPcapbeinstalled?CurrentlyinstalledWinPcapversionWnPc

6、apiscurrentlynotrivalledInstalJInstalWinPcap4.1.3(UseAdd爪emoveProgramsfirsttournstallanyundetectedoldWnPcapversions)WhatisWinPcap?Wresha-kInstaller(tm)<Back|Instal|Cancel<Wireshark1.12.4(64-bit)Setup?J二InstallingPleasewaitwhieWreshark1.12.4(64-bit)isbeinginstaled?4Extract:libwreshark.dll67%Out

7、putfolder:D:飲件安裝WresharkExtract:uninstall.exeExtract:wretap-1.12-0.dllExtract:ibAvireshark.di.67%WiresbarkInst剖er(tm)VBackNextCancelMixPcdp；.WinPcap4.1.3SetupInstallationoptionsPleasereviewthefolowrQopbonsbeforenstaftngWnPcap4.1.3JAutomaocallystarttheWrPcapdriveratbootbmeNufcc/tInsUIISystemv2.46<

8、BackInstalCaned<BadcFrwshCanedo爲(wèi)Wireshark1.12.4(64bit)SetupCompletingtheWireshark1.12.4(64-bil)SetupWizardWreshark1>12-4(64-bit)hasbeen“stalledonyorcomputer.CkkFnshtodosethswizard./3VWeshark1.12.4(64-bt)_ShowNews<BadcIfFnah（二）、使用Wireshark分析儀啟動(dòng)系統(tǒng)，點(diǎn)擊"Wireshark”圖標(biāo)進(jìn)入界面選擇網(wǎng)絡(luò)連接方式，因?yàn)槲矣玫氖荳iFi所有

9、選擇無(wú)線網(wǎng)絡(luò)連接方式t俅WIrnerfaceir進(jìn)入CaptureOptions選項(xiàng)，可以進(jìn)行很多操作，可以選擇接連的網(wǎng)絡(luò)，可以選擇過(guò)濾的條件，選擇俘獲分組的接口卡點(diǎn)擊start開(kāi)始俘獲分組，點(diǎn)擊工具欄中紅色正方形停止俘獲1921AcDaNdLf良Ifeflfbf'SID6T_d?Q暦T&lczssiar町0g7d37&2$bS1d瀘55efJ-d&a225Jb3&o(67AMOestanaliQnPratacolLmqlJinfoTimeSourceorcartwF部信息是這樣的，它是由十六進(jìn)制數(shù)和ASCII碼值表示的±FraAws6s121

10、bytes-onwire(9*5bits)pLZ1bAescaAtuAed(968bits)oninterfaceEtherinet11ASrc:08:10:77cI:29:SI(08:IQ:77:cI;29;:51)I±InternetProtocolVersion電I5r<z；11Z,?Q,S4,ig(HZrTO,1<?),Dst田XbD圧旳ramProtocoI,Src.Parti&DDD(SMO),MtPort:4000ffi4ICQ-IMsgrFfrwire,papuIarinCh"ina0sDst:Azurefaav_a7:72;(fc(24

11、:dh：s4:a7:72:0c)L9Z,16BrIrCIS'ZAI&S,!,36000JOCHMMIGDU?O00300040MSO*4孔匸0MwIf4ICr善1JhDtb3uDd?其實(shí)選擇中號(hào)幀雙擊我們也可以進(jìn)入觀察到它的信息T2o24S&aiQQDL92.1SB.L.3&1S2.1&8.1.LDNS7ZStandardqueryOx-BZIcAsina.cmg2.25144-5000DN5417StandardqueryreSpfIrISi<Fx821e匚NAME"刎巧蠡丄92.675E?2DOD紹.24£1S&.2

12、311A2.1&B.:1.IEUDPL-QrgSourceport!:34KH>Destinationport:BJODO-102.714&25?>036.24&UL84.2MHJDPLOOSourceportr昶如卩IDestinationpart:&000112p71C53J1JOOin.16SrI.3S113.76.243,1$3UDP123Sourc*吟SWOTPfstinstiQniport5169123.795Sa5I?O1曲：UfILII!LID,7SuII2-ZTCPISS40JC-80JtfICSeqAIAck?IWin<?2

13、S6Len-aIIi3.S1S5BWOC?ISKZ.ISSrIS36.Z4i8.rI8C,2iIUD?SCMPCt(MKt?3W0PestinitionipoAt;K>W14-3.EZS471DODIid?S-112.76TC1PB?K0-&4D3fiACKSbq>IAckAZWirtsJJLEDM乩"1百RET153.輕斗刊&00心5&248,1:86.231IfZ.I&B.IrKUDP62Sciurceiwtt8000Destination"port:iiOOO-E>?3IP地址，目的IP地址,我們可以看見(jiàn)在Wiresh

14、ark工具中我們可以看到幀的接受時(shí)間，源所使用的協(xié)議，幀的長(zhǎng)度以及幀的信息461.317691000112-901,84.10192.168.1-36OTCQ121QICQProtwoI1=!號(hào)FreAne&:121bytesonwire菲品bit%).121byt?csAtured9軸kdtsjwinterface0E-Ethern.ttII.Srcs0?;10i77；CI:29s51CO-BsIOsZysCIsZSESIi.DstsAzurewavj7:72:0iC(24;0a=64ia7s72;0c:)EInternetPretocaIVersion4”Src=1?2.39K?1

15、0(112如.Dsts192?1丘呂.1.3&(192?168.1+UserDatagramProtocoI95rcPort:EQDD(BOM)j.DstPort:4t>M(4000)LtOICQ-IMsoftware,popuT?inChinaWWKIPM4OC?5Oof0f<nz&7so誼曹KnA.1干0-17W7Lid-213?O:Cc7M75AM-6EDD2aDFrame代表物理層的數(shù)據(jù)流，EthernetII表示數(shù)據(jù)鏈路層的數(shù)據(jù)幀，InternetProtocoIVersion4表示IP數(shù)據(jù)包，UserDatagramProtocoI表示UDP數(shù)據(jù)包F面選

16、擇想要研究的對(duì)象也可以點(diǎn)擊開(kāi)查看，以EthernetII幀為例，點(diǎn)擊它的"+”標(biāo)志EthernetH,Src:(W?10?77?cI:29:5iIOst"Azurewav_a7:72:0GCJ4:a7:7.2:0c)EDestinationsAzurewav_a7;72:Qc(24:0a:64ia7s72;Oc)Address:Azurewav.a?:72:0c(Z4:0a:M:a?:7Z:0c)0.亠亠L(fēng)GbitGIobaIIyuniqueaddress(facoiydefauIt)0?=IGbAt:individuaIaddress(unicast)£SQUr

17、ce:O8:10:77:cI:29:51(OSsI0:77:cI:29:51)Add廠es和08:10I773E1；29S51(08:10:77:cIS29S51)0.n+<=LGbitsGIobaIIyuniqueaddress(fartorydefauIt)?0.?*?.?°?IGbit:IndividuaI!address(unicast)Type:IP(OXOBOO)*)InternetProtocoIVersion4勺Src:112aA0.64.10C112.84a10)tDst:192.168.1?(192u163.3-6)±UserDAtagrajmProtocoIpSrcPort;8000(BOOO)DstPort:4000C4Q00)+IOICQ-IMsoftwareApopuIarinChina我們可以看出該幀的源mac地址和目的mac地址分別為多少，對(duì)源地址和目的地址也有一定的描述，如果想要的到其他的具體信息，和Ethernet"樣點(diǎn)開(kāi)觀察就好了。如果我們想要清晰地看到自己想要看的信息，可以使用“Filters”功能，舉個(gè)例子我們以源IP地址為0為條件進(jìn)行過(guò)濾，就得到下面的界面了，這樣就清晰多了F