Wireshark網(wǎng)絡(luò)分析實戰(zhàn)筆記(三)基本信息統(tǒng)計工具的用法

Wireshark基本信息統(tǒng)計工具的用法CaptureFileProperties：獲取網(wǎng)絡(luò)中數(shù)據(jù)包的總體信息使用方法：Statistics菜單欄下CaptureFileProperties選項Wireshark-CaptureFileProperties-wireshark_pcapng_DA8CBS2D-2SED-41EE-92,37-5003110BCFB_2-01604051:BatailsFileff：=0Tie:C:\UeerE\TIAITSI~l\AppDati\Lmal\Temp\wjireiliark_pcapng^EAtiCE92D~￡9「Length：85kBFornit:Wireshiirk/...一pcapngEncapzi￡Latiun：EthernetIimeFirstii：=n?k^t:2016-04-0E13:58:E9Lastpacke4:!201G-04-0E14:02:07El：=Lpsed：00:03:08CaptureH：=lt_liw：=lte:UrJrrLuwrL0站64—1>11Wind.ows10_.tniiId10586A-pplics.tion:[1impcap(,Wiremhark)2.0.2(v2.0.2HJ~gal6e22efrommastei―2.0,)InterfacesInterDxqpped卩紅口kutwCn口tg*￡4Ltux1(J唸□中n已\HPF_{BA8CB92D-29EB-41BE-9237-5n03110B6CFB]SceJIe==LEijj_ernerLtCaptijj-edF ts肌4Timesp：=ul.is13S.JS34ppsCaptiji-eFi1已comnientsRefraeIl

ProtocolHierarchy：獲取網(wǎng)絡(luò)中數(shù)據(jù)包所歸屬的協(xié)議層次使用方法：Statistics菜單欄下ProtocolHierarchy選項jfWireshark:■ProtocolHierarchyStatistics■wire&h3rk_pc.apng_DAaCE92D-29ED-41BE-9237-5{>03110E6匚ProtocolP&rcentPacketsPackets.Pe-rcentBytes.vFrame-100.0510&.0vEthernet100.0159100.0InternetProtocolVe-rsion4100.0巧9100.0vUserDatagramProtocol30.8-4920.awTe-r&doIPv6-overUDPtunneling苗41,8vInternetProtocolVersion&2.541.8InternetControlMessageProtocoly625垃1.SDomainNam&System28.34519.07fransmissionControlProtocol69衛(wèi)lift79.2yT30陽40,8MslforinedRacket2.540.SSecureSocketsLayer| 5,7914,5MalformedPacket1.30.42HypertextTransferProtocol7.51221衛(wèi)Line-base-dtextdata￡.543.7」avaGcriptObjectNotation1.323.1HTMLFormURLEncoded1,327,2Data&.&14| 2.7&diwplmrjJi-iSr.文章來源：申博官網(wǎng)

Conversation：獲取設(shè)備間的對話信息使用方法：StaFlowGraph:數(shù)據(jù)流圖，查看TCP流tistics菜單欄下Conversation選項MWireehark'Conversation:-wireshark_pcapng_DA8CE裝D-四ED-胡班-92站-孔時肓俯&匚F艮20蔚04&九92討,Ethern已t ? 1IFv4? 12 IFv6?2TCF-17UBF-13;AAddressAPortAAddressBPortBRacketsByt&aRacketsA—?BBytesA—；■BRackets.E-10,-E00235,172151&9123,53,182,251http21092価7^1517￡123.5S.182.￡51http2114154W.1tK>.235.17^1513115http2025339U17Z1513&101.^01.173.115http20￡533914111O.1O&.235.17Z15017xll3166316610,100,235252.199,6xll1600010.100.2S5.172151733httpE1141541&.1&0.235.17^1517054https316821081O.1O&.235221.29,253https3163210810.100235172J5022snt404-rri.Hotmail,comhttp235,17Z151785nt404-m,hotnnail,comhttps13771310409510.10&.^35.17Z151754http316821&872151764http31692108W.1O&.235.17^15174&6.n0.33.74http316821&810.100,235.17Z151751http24S54813705410,100,￡35,17^15017223,252.199,6x11160G01O.1OO.235.17215017xll154154□U：=utiereEclutiokJLim11t0diEpiayfilterEndpoint：與（數(shù)據(jù)包的發(fā)送或接收）端點有關(guān)的統(tǒng)計信息使用方法：Statistics菜單欄下Endpoint選項

CloseXVvireehark'Endpoints■wireshack_pcapng_DA8CB^2D-2QED-41BE-9237-5OO3110B6CFE_ZC16CMO6O91...CloseTCP-23 Ithernet?￡'IFv4?13IFv6-3UJF-15嚴AddreasPortPlacketsBytesPacketsA—*■BBytesAtBRscketsE3-ABytesE—ALatitudeL10,100235,172151692ioa21090010.100.￡35.17^1517?￡114541&010.1&0.235.17215131202533g141111112210.1&t>.235.17^15135Z&25339141111和連1O.1O&.235.17?15017&34t>4220212010,100235,17215172S1141541&010.100.^35.17?15170316921081&07215171316&2irn1&0W.TD&.Z35.17^150221541540010.100^35.17^151781H7719104-09583&Z410,100,23521091閒7?1517531&821081&01O.1O&.225.17J151743i&a21091&0W.1t>0.￡35.17^151792485481370S4117464&19443197773S3624114U9&&,110,3374SO950431505314W1.ZO0.9&.31&0243543111464137084101201.173.115ao40506S竺224418陰22111.^?Z.50.4a802114160154111.221.2Q.2534433lea1603109111,^21.￡^2544433t&a1602103123.5^.182.25180422216031&2213252.19&.&6004&34&21204220JLimit七odiejilayfilter1I：=litiereEclut1ori與HTTP協(xié)議有關(guān)的信息統(tǒng)計工具PacketCounter：了解http數(shù)據(jù)包的總數(shù)，以及其中請求和響應(yīng)數(shù)據(jù)包分別為多少使用方法：Statistics菜單欄下HTTP選項中的PacketCounter

JtWiE-e&hark■PackedCounter■wireEhark_pcapng_pAaCB92D-29tD-41BE-^37-5003110B5CFE_2016040&091.... 7Topic/ItemCountAverageMinvalMaxvalRate(ms]Pe-rcentBurstrateBurststartvTotalHTTPRackets1Z0.0002100%0.0Z00 2.500QfherHTTPPackets0O.CWOO0.00%--7HTTPRe-sponsePackets60.00015&.0096ft.OUJO 2,500???:broken00.00000.00^--弓xx;ServerEit口f00.00000,00%--4kx:ClientError00.00000.00%■■3kk:Redirection0O.O&OO0.00%--72xx:Sue匚巴5550.000110D.CK}%aoioo-2.5-00200OK60.0001100.0&%2.5-00Ikk:Informational00.00000,00%--vHTTPRe-questRackeK5O.O&OI50?.OO^0.0^002.512POGT20.&&0023.32%57.109GET40.00016&.G7%0.0100-2方12Displs_yt'iIter: En七曰-=±<11Epl：±yfilterCopy S=±veRequests：請求訪問的web站點分布情況，以及所訪問web站點的具體資源（指向資源的url）使用方法：Statistics菜單欄下HTTP選項中的Requests<WiE-e&hark■Requests■wiresh3rk_pcapng_DA8匚凹2[>-知￡口-砂匪-毘3了￡00刖1剛&匚甩_2。技04師0口1歹_3。血丘匚ountAverageMinualMaxv5匚ountAverageMinualMaxv52yHTTPRequestsbyHTTPHostvwrite,/postedit?gettsg=1/portedit?edit-17s7-im-n口tif/KsdrLnet/s□cfcet.i0/1/jchr-polling/&r4PQc3Z151QdUtVzgzG?t=1459905162707/s□cket.io/1/xhr-poIling/8-r4PQc3Z151QdUtVzgzG?t=1459&051026&0-7s3-im-notify,/socket,io/l/yhr-polling/Gu4sAG1NwNYbfFhOzgzE?t=14599051&0091/sock&t」o/1/jthr-polling/Gu4sAG1NwNYbfFhOzgzE2t=1452905100062Displa.y￡iIter:Enterad1splay￡11七erLoadDistrbution：了解數(shù)據(jù)包在各站點的分布情況使用方法：Statistics菜單欄下HTTP選項中的LoadDistribution文章來源：申博官網(wǎng)

jgWire&haFk■LoadDis-tribution■wire￡har￡c_pcapng_DA&匚必毘口-2匪口-*1EE-%并-劉D引10E比屈衛(wèi)01604曲曲,Topic/ItemCourtAverageMinvq\MaxvalRate[ms]P&rce-ntBurstratevHTTPResponsesbySarverAddress60.0001wtmo.owo71O1.M1.173.11540.000166.&7%0.0100OK40,0001100,00%0.0100己7101.ZOO.96.3120.000033.33%0.01005；OK20,0000100,00%0.01oc5；vHTTPRequestsbyServer60.0001100%0.01002.7HTTPE?&questsbyServerAddress60.0001WO.00%0.&1&02,w101.201.173J1540.00016S.&7%o.owoNsV-im-notify,20.000050.009&0.01W5.s3-im-notify,csdn.r&t20,000050.00^0.01MNp101200.96.3120.000033.33%0.0100亍20.0000100.00^0.01005；7HTTPRe-questsbyHTTPHost60.0001100.00%0.01002.wwrite-,blog,csd20.000033.33%0.01005：W1.200.96,312o,<mo100,00%0.0wo5；vs7-iiri-no-tify.c5dn.ne-t2O.OODO33.33%0.01005.W1520.0000MOM%O.OWO5.720.000033.33%0.01&0Z.1520.0000100.00%0.01M)2Displayt'iIter：En七曰-=±<11Epl：±yfilter'"匚opyFlowGraph：數(shù)據(jù)流圖，查看TCP流使用方法：Statistics菜單欄下FlowGraph選項

09:11:42.^9198909:11:42.70118809:11;龍；70176509.11:52.70825109:12:02：.70832809:12:02.715347O9;1E;1￡,71532009:12:12.72170909:IS：22.72170909:12>22.?314fi2陽：12；3￡:fSI66703:12:32.73822609:12:42.70432909:12:42.712E14O9'lE：4Ei09:11:42.^9198909:11:42.70118809:11;龍；70176509.11:52.70825109:12:02：.70832809:12:02.715347O9;1E;1￡,71532009:12:12.72170909:IS：22.72170909:12>22.?314fi2陽：12；3￡:fSI66703:12:32.73822609:12:42.70432909:12:42.712E14O9'lE：4Ei713396O9:1Z：5Z.T2061409:l￡;52.72703709:13:02.728301Show.Digpla.yedpackets▼09:11：4Z.^849580913:02.733661&EQ1.i■気-1g1kEl■217S-E^L2173■雜nSSQ斗汨血臥■2175：eq21T品k■4C0?Ack■217217品k■4K-SSQ片汨品k■217S=€Q217品k■4E05■217S-E^L217Ac-k■4K-SSQ斗汨血臥■21721FAtk■itcg217Ae-k■4￡=S-eq,■422Seq4BB畑■今均仙918Atk■ag■Qi?S-cq,51$Ac-k?422&BQ4昭Ac-k-319生成與IP屬性有關(guān)的統(tǒng)計信息AllAddresses：生成與IP地址有關(guān)的統(tǒng)計信息使用方法：Statistics菜單欄下IPv4Statistics選項中的AllAddresses

MWiE-eshark'AllAddresses■wireshark_pcapng_DA8CE92D-29ED-4-!BE-&237-5(>03llOB6CFE_2O1&O40eD9113Topic/Item匚ountAverageMinvalMaxvalR.ate(ms)Pe-rcentBurstrateSur&t&tartvAllAddres-ses1590.0013100%0.110057.101ffD2：：22O.frOOO1.26%0.&10031.485fe80;;卅f;倍巳斗0.00000,010031,485fe80:iBOOOif!62c7:6-f282O.OOM)1.26%0.010031.69955.1W.33.74&0.00015,66%O.O&OO56,10255.55.&&.11^150.000211.95%0.0300^e.5^059.64.8&.111400.000525.16^0.050031.46060.00013.77%0.030019.0411150.00013.14%0.020057.134123,55.18225142.52%0,02000J89111.2^.29.^5430.00001.89%0.030028.1125330.00001.99%0.03&02S.112111.2O2.6<}.4^2fl.OOOO1.26%0.0^0020.92&15400.0tK)525.IS%0.03002.500101,200.96.31240.000315,09^0,070057,10110.WO.Z35.1721550.00139743濾0.110057.101Displs_yt'iIter:En七=±<11Epl：±yfilterCopy S=±veDestinationsandPorts:生成與指定IP目的地址和TCP/UDP端口號有關(guān)的統(tǒng)計信息使用方法：Statistics菜單欄下IPv4Statistics選項中的DestinationsandPorts

jtWire&hark■DestinationsandPorts.■wireshark_pcapng_DA8CBS2D-29ED-41BE-9237-5003110B&CFB_2016D.VTopic/ItemCountAverageMinvalMaxvalRate-P&rce-ntBurstraleSurst&tartvDe&tinationsandPorts-1590.0018100%0.110057.101ffD2：：220.00000.010031.485fem；;卅f;倍巳20,00000.01003^,699460.00013.77%0.03&055.940-65.55r&&,11&110,00010.030025,645511200.00020.040041.450-40.00002.52%0.02&019.041>211.a2J12.11140.00002,52%0.01&057.134l23,5-a.1S2.25l30.00001.&9%0.01000.000111,221.29.25420,00000.020028,112111.2^1.^.^5