Mashandisiro eWireshark paWindows: Yakazara, Inoshanda, uye Yakakwira-kusvika-Date Guide

Wakambozvibvunza here? Chii chiri kunyatsoitika panetiweki yako paunobhurawuza, uchitamba online, kana kugadzirisa zvakabatana zvishandiso? Kana iwe uchingoda kuziva nezve zvakavanzika zviri kutenderera paWiFi yako, kana iwe uchingoda chishandiso chehunyanzvi kuti Ongorora network traffic uye ona matambudziko nekubatanidza kwako, zvirokwazvo zita ra Wireshark yakatobata pfungwa dzako.

Zvakanaka, mune ino chinyorwa iwe uchaona pasina kutsauka zvese zvese nezve Wireshark: Chii, chii chinoshandiswa muWindows, maitiro ekuisa, uye matipi akanakisa usati watanga kutora data. Ngatisvike pazviri.

Chii chinonzi Wireshark? Kuputsa titan yekuongorora network

Wireshark ndiyo inonyanya kufarirwa uye inozivikanwa network protocol analyzer pasi rese.. Iyi yemahara, yakavhurika sosi uye ine simba chishandiso chinokutendera iwe tora uye ongorora ese network traffic iyo inopfuura nemukombuta yako, ingave Windows, Linux, macOS muchina, kana kunyange masisitimu akaita seFreeBSD neSolaris. NeWireshark, iwe unogona kuona, munguva chaiyo kana mushure mekurekodha, chaizvo iwo mapaketi ari kupinda uye achisiya komputa yako, kwaanobva, kwaanosvika, mapuroteni, uye kunyange kuapwanya kuti uwane ruzivo rwega rega rega zvinoenderana neiyo OSI modhi.

Kusiyana nevazhinji analyzer, Wireshark inomira kunze kune yayo intuitive graphical interface, asi zvakare inopa ine simba console vhezheni inonzi TShark kune avo vanosarudza mutsara wekuraira kana kuda kuita otomatiki mabasa. Iko kuchinjika kweWireshark Ndizvo zvekuti zvinokutendera kuti uongorore chinongedzo paunenge uchitsvaga, kuita nyanzvi dzekuchengetedza ongororo, kugadzirisa mabhodhoro etiweki, kana kudzidza kubva pakatanga nezve mashandiro anoita mapuroteni eInternet, zvese kubva kuPC yako!

Dhawunirodha uye isa Wireshark paWindows

Kuisa Wireshark paWindows inzira iri nyore., asi zvinokurudzirwa kuti uzviite nhanho nhanho kuti usasiye chero magumo akasununguka, kunyanya nezvemvumo uye mamwe madhiraivha ekutorwa.

• Descarga oficial: Kupinda iyo yepamutemo Wireshark webhusaiti uye sarudza Windows vhezheni (32 kana 64 bits zvinoenderana nehurongwa hwako).
• Ejecuta el instalador: Tinya kaviri faira rakadhawunirodha uye tevera wizard. Gamuchira sarudzo dzakasarudzika kana uine chero mibvunzo.
• Zvinokosha vatyairi: Panguva yekuisa, mugadziri achakubvunza kuisa Npcap. Ichi chikamu chakakosha, sezvo ichibvumira kadhi rako retiweki kutora mapaketi mu "unzenza" mode. Bvuma kuiswa kwayo.
• Pedzisa uye tangazve: Kana maitirwo apera, tangazve komputa yako kuti uve nechokwadi chekuti zvinhu zvese zvagadzirira.

Ready! Iwe unogona ikozvino kutanga kushandisa Wireshark kubva kuWindows Start menyu. Ndapota cherechedza kuti chirongwa ichi chinogara chichivandudzwa, saka ipfungwa yakanaka kutarisa shanduro itsva nguva nenguva.

Iyo Wireshark Inoshanda: Packet Capture uye Display

Paunovhura Wireshark, Chinhu chekutanga chauchaona rondedzero yeese network network inowanikwa pane yako system.: Wired network makadhi, WiFi, uye kunyange chaiwo adapta kana ukashandisa chaiwo muchina seVMware kana VirtualBox. Imwe neimwe yeiyi interface inomiririra yekupinda kana yekubuda yeruzivo rwedhijitari.

Kutanga kutora data, Iwe unongofanirwa kudzvanya kaviri pane yaunoda interface. Desde ese momento, Wireshark icharatidza munguva chaiyo mapaketi ese anotenderera nekadhi iroro, uchizvironga nemakoramu akadai senhamba yepakiti, nguva yekutora, kwaibva, kwainosvika, protocol, saizi, uye mamwe mashoko.

Paunenge uchida kumisa kubata, tinya iyo red Stop button. Unogona kuchengetedza zvakatorwa zvako mu .pcap fomati yekuzoongorora gare gare, kugovera, kana kutozvitumira kunze mune akasiyana mafomati (CSV, zvinyorwa, zvakadzvanywa, nezvimwewo). Kuchinjika uku ndiko kunoita Wireshark chishandiso chakakosha kune ese ari maviri ekuongorora nzvimbo uye yakazara maodhita..

Kutanga: Mazano Usati Watora Screenshot muWindows

Kuve nechokwadi chekuti yako yekutanga Wireshark kubatwa kunobatsira uye kusazopedzisira yazadzwa neruzha rusina basa kana data inovhiringa, pane akati wandei akakosha mazano ekutevera:

• Cierra programas innecesarios: Usati watanga kutora, buda zvikumbiro zvinogadzira kumashure traffic (zvidzoreso, chats, email vatengi, mitambo, nezvimwewo). Nenzira iyi iwe unodzivirira kusanganisa isina basa traffic.
• Dzora firewall: Mafirewall anogona kuvhara kana kugadzirisa traffic. Funga kuimisa kwenguva pfupi kana uri kutsvaga kutorwa kwakazara.
• Bata izvo zvinoenderana cheteKana iwe uchida kuongorora imwe app, mira kwechipiri kana maviri mushure mekutanga kutora kuti utange iyo app, uye ita zvimwe chete kana uchiivhara usati wamisa kurekodha.
• Ziva yako inoshanda interface: Ita shuwa kuti wasarudza chaiyo network kadhi, kunyanya kana uine akawanda maadapter kana ari pavirtual network.

Nekutevera iyi nhungamiro, zviratidziro zvako zvichave zvakachena uye zvakanyanya kubatsira kune chero kumwe kuongorora..

Mafirita muWireshark: Maitiro ekutarisa pane izvo chaizvo

Chimwe chezvinhu zvine simba zveWireshark mafirita. Kune mhando mbiri dzinokosha:

• Bata mafirita: Iwo anoiswa asati atanga kutora, achikubvumidza kuti utore chete traffic inokufarira kubva pakutanga.
• Filtros de visualización: Izvi zvinoshanda kune rondedzero yemapaketi akatotorwa, achikubvumidza kuti uratidze chete ayo anosangana nemaitiro ako.

Pakati peanonyanya kufarirwa mafirita ndeaya:

• By protocol: Masefa chete HTTP, TCP, DNS, nezvimwe.
• Ne IP kero: Semuenzaniso, ratidza mapaketi chete kubva kana kune chaiyo IP uchishandisa ip.src == 192.168.1.1 o ip.dst == 8.8.8.8.
• Por puerto: Inomisa mibairo kune chaiyo chiteshi (tcp.port == 80).
• By text string: Inotsvaga mapakeji ane kiyi kiyi mukati mezvazviri.
• Ne MAC kero, kureba kwepakiti kana IP renji.

Pamusoro pezvo, mafirita anogona kusanganiswa nemashandisi ane musoro (uye, or, not) kutsvaga chaizvo, sekuti tcp.port == 80 uye ip.src == 192.168.1.1.

Chii chaunogona kutora uye kuongorora neWireshark paWindows?

Wireshark es inokwanisa kududzira zvinopfuura mazana mana nemakumi masere ezvirevo zvakasiyana, kubva kune yekutanga seTCP, UDP, IP, kuenda kune-yakananga mapuroteni, IoT, VoIP, uye mamwe akawanda. Izvi zvinoreva kuti unogona kuongorora marudzi ese etiweki traffic, kubva nyore DNS mibvunzo kune encrypted SSH zvikamu, HTTPS kubatana, FTP kutamiswa, kana SIP traffic kubva paInternet runhare.

Kunze kweizvozvo, Wireshark inotsigira akajairwa mafomati ekutora akadai tcpdump (libpcap), pcapng uye mamwe., uye inobvumidza iwe kumanikidza uye decompress skrini panhunzi uchishandisa GZIP kuchengetedza nzvimbo. Yetraffic yakavharidzirwa (TLS/SSL, IPsec, WPA2, nezvimwewo), kana iwe uine makiyi akakodzera, unogona kutobvisa data uye kuona zvirimo zvepakutanga.

Detailed traffic capture: mamwe mazano

Usati watanga chero yakakosha kutora, tevera iyi protocol kuti uwedzere kukosha kweruzivo rwakaunganidzwa.:

• Sarudza iyo chaiyo interface: Kazhinji adapta yako inoshanda ichave iyo yekubatanidza yauri kushandisa. Kana iwe uine chero kusahadzika, tarisa kuti ndeipi yakabatana kubva kune Windows network marongero.
• Prepara la escena: Vhura chete zvirongwa kana maapplication anoburitsa traffic yaunoda kuongorora.
• Siyanisa chiitikoKana iwe uchitsvaga kuongorora traffic yeapp, tevera kutevedzana uku: vhura iyo app mushure mekutanga kutora, ita chiito chaunoda kuongorora, uye vhara iyo app usati wamisa kurekodha.
• Guarda la captura: Rega kurekodha, enda kuFaira > Sevha uye sarudza .pcap kana fomati yaunoda.

Así conseguirás yakachena uye nyore kuongorora mafaira, pasina chero junk traffic yakasanganiswa mukati.

Mienzaniso yemifananidzo: kuongororwa kwetraffic neWireshark

Ngatitii une makomputa maviri panetiweki yako uye imwe yacho inomira kupinda paInternet. Unogona kushandisa Wireshark kutora traffic kubva muchina iwoyo. uye ona kana pane zvikanganiso kugadzirisa DNS kero, kana mapaketi asiri kusvika kune router, kana kana firewall ichivharira kutaurirana.

Chimwe chiitiko chakajairika: tarisa kana webhusaiti isina kunyatso encrypt yako login. Kana iwe ukapinda muwebhusaiti isina HTTPS uye woisa HTTP sefa yakasanganiswa neako zita rekushandisa, unogona kutoona password yako ichifamba zvakajeka pamusoro petiweki, chiratidzo chehupenyu chaihwo chenjodzi yekusachengeteka mawebhusaiti.

Wireshark uye Chengetedzo: Njodzi, Kurwiswa, uye Matanho ekudzivirira

Simba reWireshark ndirowo njodzi huru: Mumaoko asiri iwo, inogona kufambisa magwaro ekubata, espionage, kana kuratidza ruzivo rwakadzama.. Heano mamwe ekutyisidzira uye kurudziro:

• Credential stuffing (credential brute force attack): Kana iwe ukabata SSH, Telnet, kana imwe sevhisi traffic, unogona kuona otomatiki kupinda mukati. Teerera kuzvikamu zvenguva refu (zvinowanzo budirira), masaizi epakiti, uye nhamba yekuedza kuona maitiro anofungidzirwa.
• Ngozi yetraffic yekunze: Sefa yese SSH traffic isiri kuuya kubva kune yako yemukati network: kana iwe ukaona zvinongedzo kubva kunze, svinura!
• Plaintext passwords: Kana webhusaiti ikatumira mazita ekushandisa asina kuvharirwa uye mapassword, unozozviona pascreenshot. Usambo shandisa Wireshark kuwana iyi data pane ekunze network. Yeuka kuti kuita kudaro pasina mvumo hazvisi pamutemo.
• Kubvumirana uye mutemo: Inongoongorora traffic kubva kune yako pachako network kana nemvumo yakajeka. Mutemo wakajeka zvikuru panyaya iyi, uye kushandisa zvisizvo kunogona kuva nemigumisiro yakakomba.
• Transparencia y ética: Kana ukashanda munzvimbo yekambani, zivisa vashandisi nezve ongororo uye chinangwa chayo. Kuremekedza zvakavanzika kwakakosha sekuchengetedzeka kwehunyanzvi.

Wireshark Alternatives: Dzimwe Sarudzo dzeNetwork Analysis

Wireshark ndiyo inonongedza ratidziro, asi kune mamwe maturusi anogona kutsigira kana, mune chaiwo mamiriro, kutsiva kushandiswa kwayo:

• Tcpdump: Yakanakira Unix/Linux nharaunda, inoshanda pamutsetse wekuraira. Iyo ikareruka, inokurumidza uye inochinjika yekukurumidza kutora kana otomatiki mabasa.
• Cloudshark: Webhu chikuva chekuisa, kuongorora, uye kugovera mapaketi ekutora kubva kubrowser. Inobatsira kwazvo kune nharaunda dzekubatana.
• SmartSniff: Yakatarisana neWindows, iri nyore kushandisa yekutora nzvimbo uye kuona nhaurirano pakati pevatengi nemaseva.
• ColaSoft Capsa: Graphical network analyzer inomira kunze kwekureruka kwechimiro chayo uye yakasarudzika sarudzo dzekutarisa pachiteshi, kutumira kunze, uye compact kuona.

Kusarudza yakanakisa sarudzo zvinoenderana nezvaunoda chaizvo.: kumhanya, graphical interface, kubatana kwepamhepo, kana kuenderana nechaiyo hardware.

Yepamberi Settings: Promiscuous Mode, Monitor, uye Zita Resolution

Promiscuous mode inobvumira iyo network kadhi kubata kwete chete mapakeji akarongerwa iye, asi traffic yese inotenderera kuburikidza netiweki iyo yakabatana nayo. Izvo zvakakosha pakuongorora makambani network, akagovaniswa hubs, kana pentesting mamiriro.

PaWindows, enda ku Bata > Sarudzo, sarudza iyo interface uye tarisa iyo promiscuous mode bhokisi. Ramba uchifunga kuti paWi-Fi network, kunze kweiyo chaiyo hardware, iwe unongoona traffic kubva kune yako kifaa.

Pane rimwe divi, Kugadziriswa kwezita kunoshandura kero dzeIP kuita mazita anoverengeka (semuenzaniso, 8.8.8.8 mugoogle-public-dns-a.google.com). Unogona kugonesa kana kudzima sarudzo iyi kubva kuHora> Zvaunofarira> Zita Resolution. Inobatsira zvakanyanya kuona zvishandiso panguva yekutarisisa, kunyangwe ichigona kudzikamisa maitiro kana paine kero dzakawanda dziri kugadziriswa.