Wireshark: Yakazara mushandisi gwara, mapakeji uye zvishandiso

Wireshark ndeyemahara (GPL v2), inochengetwa neWireshark Foundation, uye muchinjiko-chikuva.
Inosanganisira GUI, TShark, uye zvinoshandiswa senge dumpcap, editcap, mergecap, uye text2pcap.
Iyo libwireshark, libwiretap, uye libwsutil maraibhurari anotsigira dissection uye akawanda mafomati.
Chengetedza kubatwa kuburikidza ne dumpcap, ane simba mafirita, uye yakakura otomatiki sarudzo.

Kana iwe ukashanda mumambure, chengetedzo, kana kusimudzira uye uchida kunzwisisa zviri kuitika pamatambo ako neWi-Fi, uchishanda Wireshark Chinhu chakakosha. Izvi open source package analyzer nemakumi emakore ekushanduka-shanduka kunobvumira kubata, kupatsanura uye kudzidza traffic padanho repacket nekuvhiya chaiko.

Muchinyorwa chino tinochiongorora zvakadzama: kubva kune rezinesi rayo uye rutsigiro kune mapakeji ayo muGNU/Linux, zvinosanganisira console utilities, anotsigirwa mafomati, kuunganidza zvinodiwa, mvumo yekutora uye nhoroondo yakazara yechokwadi uye inoshanda ongororo.

Chii chinonzi Wireshark uye chii chiri kushandiswa nhasi?

Muchidimbu, Wireshark is a protocol analyzer uye traffic yekutora mudziyo iyo inokutendera iwe kuti uise chinongedzo mune unzenza kana yekutarisa maitiro (kana sisitimu ichiitsigira) uye tarisa mafuremu aisazotumirwa kuMac yako, ongorora nhaurirano, gadzira patsva mafambiro, mapaketi eruvara zvinoenderana nemitemo, uye shandisa mafirita anonyatsoratidza. Uyezve, inosanganisira TShark (terminal version) uye seti yezvishandiso zvemabasa senge kurongazve, kupatsanura, kubatanidza, uye kushandura skrini.

Kunyangwe kushandiswa kwayo kuchiyeuchidza tcpdump, inopa yazvino graphical interface yakavakirwa paQt ine kusefa, kuronga, nekutsemura kwakadzika kwezviuru zveprotocol. Kana iwe uri pakuchinja, yeuka kuti unzenza hauvimbise kuti uchaona traffic yese: kune yakazara mamiriro iwe unozoda port mirroring kana network tap, izvo zvinyorwa zvavo zvakare zvinotaurwa seyakanakisa maitiro.

shark yesimbi

Rezinesi, hwaro uye modhi yekusimudzira

Wireshark inogoverwa pasi GNU GPL v2 uye munzvimbo zhinji, se “GPL v2 kana kuti gare gare”. Zvimwe zvinoshandiswa mune kodhi kodhi zvinopihwa rezinesi pasi pemarezinesi akasiyana asi anowirirana, senge pidl chishandiso chine GPLv3+, iyo isingakanganise mhedzisiro yebhanari yeanalyzer. Iko hakuna waranti yekutaura kana inorehwa; shandisa panjodzi yako, semazuva ese nesoftware yemahara.

La Wireshark Foundation Inoronga budiriro nekugovera. Inovimba nemipiro kubva kuvanhu uye masangano ane basa rakavakirwa paWireshark. Chirongwa ichi chine zviuru zvevanyori vakanyoreswa uye vane nhoroondo vakaita saGerald Combs, Gilbert Ramirez, naGuy Harris pakati pevatsigiri vayo vane mukurumbira.

Wireshark inomhanya paLinux, Windows, macOS, uye mamwe maUnix-senge masisitimu (BSD, Solaris, nezvimwewo). Mapakeji epamutemo anoburitswa eWindows uye macOS, uye paGNU/Linux inowanzosanganisirwa seyakajairwa kana yekuwedzera-pasuru mukugovera seDebian, Ubuntu, Fedora, CentOS, RHEL, Arch, Gentoo, openSUSE, FreeBSD, DragonFly BSD, NetBSD, uye OpenBSD. Inowanikwawo pane yechitatu-bato masisitimu akadai Homebrew, MacPorts, pkgsrc kana OpenCSW.

Kuunganidza kubva kodhi, iwe uchada Python 3; AsciiDoctor yezvinyorwa; uye zvishandiso zvakaita sePerl neGNU flex (classic lex haishande). Configuration uchishandisa CMake inobvumidza iwe kugonesa kana kudzima chaiyo rutsigiro, semuenzaniso, kumanikidza maraibhurari ane -DENABLE_ZLIB=KUBVA, -DENABLE_LZ4=OFF or -DENABLE_ZSTD=ZVA, kana libsmi rutsigiro ne -DENABLE_SMI=OFF kana ukasada kurodha maMIB.

Mapakeji uye maraibhurari muDebian-based system

MuDebian/Ubuntu uye nharaunda dzinobva, iyo Wireshark ecosystem yakakamurwa kuita akawanda mapakejiPazasi pane kupatsanurwa kune maficha, fungidziro saizi, uye zvinoenderana. Aya mapakeji anotendera iwe kuti usarudze kubva kune yakazara GUI kuenda kumaraibhurari uye maturusi ekuvandudza ekubatanidza dissections mumashandisirwo ako.

shark yesimbi

Graphical application yekutora uye kuongorora traffic ine Qt interface. Huyero hwesaizi: 10.59 MB. Nzvimbo: sudo apt install wireshark

Kutsamira kwakakosha

libc6, libgcc-s1, libstdc++6
libgcrypt20, libglib2.0-0t64
libpcap0.8t64
Qt 6 (musimboti, gui, majeti, multimedia, svg, printsupport uye QPA plugins)
libwireshark18, libwiretap15, libwsutil16
libnl-3-200, libnl-genl-3-200, libnl-route-3-200
libminizip1t64, libspeexdsp1, wireshark-yakajairika

Pakati pesarudzo dzayo dzekutanga iwe unowana ma paramita ekusarudza iyo interface (-i), tora mafirita (-f), snapshot muganho, modhi yekutarisa, yekubatanidza mhando rondedzero, ratidza mafirita (-Y), "Decode As" uye zvaunofarira, pamwe nemafomati ekubuda kwefaira uye kutora mhinduro. Iyo application inobvumirawo configuration profiling uye nhamba advanced features from the interface.

Exclusive content - Click Here Kodhi yeError 207 inorevei uye ingagadziriswa sei?

tshark

Console vhezheni yekuraira-mutsara kutora uye kuongorora. Hukuru hunofungidzirwa: 429 KB. Nzvimbo: sudo apt install tshark

Kutsamira kwakakosha

libc6, libglib2.0-0t64
libnl-3-200, libnl-nzira-3-200
libpcap0.8t64
libwireshark18, libwiretap15, libwsutil16
wireshark-yakajairika

Inokubvumira kuti usarudze mainterfaces, shandisa kutora uye kuratidza mafirita, tsanangura mamiriro ekumisa (nguva, saizi, nhamba yemapakiti), shandisa denderedzwa buffers, print details, hex uye JSON dumps, uye ekisipoti TLS zvinhu nemakiyi. Iyo inogona zvakare kupenda zvinobuda mune inoenderana terminal. gadzirisa matanda nemadomasi nematanho ehudzame. Yambiro inorairwa kana iwe ukagonesa BPF JIT padanho re kernel, sezvo inogona kunge iine chengetedzo.

wireshark-yakajairika

Mafaira akajairwa ewireshark uye tshark (semuenzaniso, maduramazwi, zvigadziriso, uye mitsara yekushandisa). Huyero hwesaizi: 1.62 MB. Nzvimbo: sudo apt install wireshark-common

Kutsamira kwakakosha

debconf (kana debconf-2.0), libc6
libcap2 uye libcap2-bin
libgcrypt20, libglib2.0-0t64
libpcap0.8t64, libpcre2-8-0
libnl-3-200, libnl-genl-3-200, libnl-route-3-200
libspeexdsp1, libssh-4, libsystemd0
libmaxmiddb0
libwireshark18, libwiretap15, libwsutil16
zlib1g

Iyi pasuru inosanganisira zvinoshandiswa senge capinfos (bata ruzivo rwefaira: mhando, encapsulation, nguva, mareti, saizi, hashes uye makomendi), captype (ona marudzi emafaira), dumpcap (chishandiso chisingaremi chekubata chinoshandisa pcapng/pcap ine autostop uye denderedzwa buffers), editcap (gadzirisa / patsanura / shandura zvinotorwa, gadzirisa nguva, bvisa zvakapetwa, wedzera makomendi kana zvakavanzika), mergecap (batanidza kana kubatanidza akawanda ekutora), mmdbresolve (gadzirisa IP geolocation neMMDB databases), randpkt (yakawanda-protocol synthetic packet jenareta), rawshark (crude dissection ine munda wakabuda), reordercap (rodha zvakare nechitambi chenguva), sharkd (daemon ine API yekugadzirisa kutora) uye text2pcap (shandura hexdumps kana zvinyorwa zvakarongwa kuti zvive zvinobatwa zvakanaka).

libwireshark18 uye libwireshark-data

Central packet dissection raibhurari. Inopa iyo protocol analyzer inoshandiswa neWireshark/TShark. Saizi yeraibhurari inokwana: 126.13 MB. Nzvimbo: sudo apt install libwireshark18 y sudo apt install libwireshark-data

Madhipatimendi anozivikanwa

libc6, libglib2.0-0t64
libgcrypt20, libgnutls30t64
liblue5.4-0
libpcre2-8-0
libxml2-16
zlib1g, libzstd1, liblz4-1, libsnappy1v5
libnghttp2-14, libnghttp3-9
libbrotli1
libopus0, libsbc1, libsspansp2t64, libbcg729-0
libcares2
libk5crypto3, libkrb5-3
libopencore-amrnb0
libwiretap15, libwsutil16
libwireshark-data

Inosanganisira tsigiro yenhamba hombe yemaprotocol uye sarudzo senge kugonesa kana kudzima chaiwo dissections, heuristics, uye "Decode As" kubva kune interface kana mutsara wekuraira; nekuda kweizvi, unogona kugadzirisa iyo dissection yetraffic chaiyo yezvakatipoteredza.

libwiretap15 uye libwiretap-dev

Wiretap iraibhurari yekuverenga nekunyora akawanda ekutora mafaira mafomati. Masimba ayo ndiwo akasiyana mafomati ayo anotsigira; miganhu yayo ndeiyi: Haisefa kana kuita kubatwa kwakananga.. Nzvimbo: sudo apt install libwiretap15 y sudo apt install libwiretap-dev

Mafomati anotsigirwa (sarudzo)

libpcap
Sniffer/Windows Sniffer Pro uye NetXRay
LANalyzer
Network Monitor
snoop
AIX iptrace
RADCOM WAN/LAN
Lucent/Ascend
HP-UX nettl
Toshiba ISDN router
ISDN4BSD i4btrace
Cisco Chengetedza IDS iplogging
Logs pppd (pppdump)
VMS TCPTRACE
DBS Etherwatch (zvinyorwa)
Catapult DCT2000 (.out)

libwiretap15 dependencies

libc6, libglib2.0-0t64
liblz4-1, libzstd1, zlib1g
libwsutil16

Iyo -dev musiyano inopa iyo static raibhurari uye C misoro yekubatanidza kuverenga / kunyora mashandiro mumidziyo yako. Izvi zvinokutendera iwe kugadzira zvishandiso zvinoshandura data. pcap, pcapng uye zvimwe midziyo sechikamu chemapaipi edu pachedu.

libwsutil16 uye libwsutil-dev

Seti yezvishandiso zvakagovaniswa neWireshark nemamwe maraibhurari ane hukama: anobatsira mabasa ekugadzirisa tambo, kubhafa, encryption, nezvimwe. sudo apt install libwsutil16 y sudo apt install libwsutil-dev

libwsutil16 dependencies

libc6
libgcrypt20
libglib2.0-0t64
libgnutls30t64
libpcre2-8-0
zlib1g

Iyo -dev package inosanganisira misoro uye static raibhurari kuitira kuti zvekunze zvikumbiro zvibatanidze zvakajairika zvinoshandiswa pasina kuvandudza mavhiri. Ndiyo nheyo ye akawanda akagovaniswa mabasa vanoshandisa Wireshark uye TShark.

wireshark-dev

Zvishandiso uye mafaera ekugadzira nyowani "dissectors". Inopa zvinyorwa senge idl2wrs, pamwe nekutsamira pakunyora uye kuyedzwa. Hukuru hunofungidzirwa: 621 KB. Nzvimbo: sudo apt install wireshark-dev

Madhipatimendi

esnacc
libc6
libglib2.0-0t64
libpcap0.8-dev
libwireshark-dev
libwiretap-dev
libwsutil16
omniidl
python3 uye python3-ply

Exclusive content - Click Here Mhando dzeMavhairasi eKombuta

Inosanganisira zvinoshandiswa zvakadai se asn2deb (inogadzira Debian mapakeji eBER yekutarisa kubva kuASN.1) uye idl2deb (mapeji eCORBA). Uye, pamusoro pezvose, idl2wrsIchi chishandiso chinoshandura CORBA IDL kuita skeleton yeC plugin yekubvisa GIOP/IIOP traffic. Uku kufambiswa kwebasa kunovimba nePython zvinyorwa (wireshark_be.py uye wireshark_gen.py) uye inotsigira heuristic dissection nekukasira. Chishandiso chinotsvaga mamodule ayo mukati PYTHONPATH/saiti-packages kana mune yazvino dhairekitori, uye inogamuchira faira redirection kugadzira iyo kodhi.

wireshark-doc

Zvinyorwa zvemushandisi, gwara rekuvandudza uye Lua referensi. Huyero hwesaizi: 13.40 MB. Nzvimbo: sudo apt install wireshark-doc

Inokurudzirwa kana iwe uchizonyura mukati extensions, scripting uye APIsZvinyorwa zvepamhepo pawebhusaiti yepamutemo zvinogadziridzwa neshanduro yega yega yakagadzikana.

shark yesimbi

Kubata uye kuchengetedza mvumo

Mune akawanda masisitimu, kubata zvakananga kunoda maropafadzo akakwirira. Nechikonzero ichi, Wireshark uye TShark nhume inotora kune yechitatu-bato sevhisi. dumpcapIyo bhinari yakagadzirirwa kumhanya neropafadzo (set-UID kana kugona) kuderedza nzvimbo yekurwisa. Kumhanyisa iyo GUI yese semudzi haisi tsika yakanaka; zviri nani kubata ne dumpcap kana tcpdump uye kuongorora pasina ropafadzo kuderedza njodzi.

Nhoroondo yepurojekiti iyi inosanganisira zviitiko zvekuchengetedza mumadissectors mumakore apfuura, uye mamwe mapuratifomu akaita seOpenBSD akarega basa rekare reEthereal nekuda kwechikonzero ichocho. Nemuenzaniso wezvino, kuzviparadzanisa kubva pakubatwa uye kugara uchigadziridza kunovandudza mamiriro ezvinhu, asi zvinogara zvichikurudzirwa tevera zvinyorwa zvekuchengetedza Uye, kana iwe ukaona chiitiko chekufungidzira, ziva sei vhara zvinofungidzirwa network zvinongedzo uye dzivirira kuvhura zvisingavimbike zvidzitiro pasina ongororo yekutanga.

Mafaira mafomati, kudzvanya, uye akakosha mafonti

Wireshark inoverenga uye inonyora pcap uye pcapng, pamwe nemafomati kubva kune mamwe ma analyzer akadai snoop, Network General Sniffer, Microsoft Network Monitor, uye akawanda akanyorwa neWiretap pamusoro. Inogona kuvhura mafaera akamanikidzwa kana akaunganidzwa nemaraibhurari epcapng. GZIP, LZ4 uye ZSTDKunyanya, GZIP neLZ4 ine zvidhinha zvakazvimirira zvinobvumira kusvetuka nekukurumidza, kunatsiridza GUI kuita mukubata kukuru.

Zvinyorwa zveprojekiti zvakaita seAIX iptrace (uko HUP kune daemon inovhara zvakachena), tsigiro yeLucent/Ascend traces, Toshiba ISDN kana CoSine L2, uye inoratidza matorero ezvinyorwa kufaira (semuenzaniso, ne telnet <equipo> | tee salida.txt kana kushandisa chishandiso chinyorwa) kuipinza gare gare netext2pcap. Nzira idzi dzinokubvisa "zvakajairika" zvinotorwa paunoshandisa midziyo isingaenderani zvakananga pamusoro pepcap.

shark yesimbi

Suite zvishandiso uye sarudzo zvikamu

Pamusoro peWireshark neTShark, kugovera kunosanganisira zvishandiso zvakawanda zvinovhara mabasa chaiwoPasina kukopa mameseji erubatsiro, heino pfupiso yakarongwa nemapoka kuti uzive zvinoitwa neimwe neimwe uye kuti ndedzipi sarudzo dzauchawana:

dumpcap: "yakachena uye yakapusa" pcap / pcapng kubatwa, kusarudzwa kwechimiro, BPF mafirita, buffer size, kutenderera nenguva / saizi / mafaera, kusikwa kwemhete mabheji, kutora mazwi uye zvinobuda mufomati. muchina unoverengwaInonyevera pamusoro pekuita JIT yeBPF nekuda kwenjodzi dzinogona kuitika.
capinfosInoratidza mhando yefaira, encapsulation, interfaces, uye metadata; nhamba yemapakiti, saizi yefaira, kureba kwese, snapshot muganho, nguva (yekutanga / yekupedzisira), avhareji mitengo (bps/Bps/pps), avhareji saizi yepakiti, hashes, uye makomendi. Iyo inobvumira kune tabular kana yakadzama kuburitsa uye muchina-anoverengeka mafomati.
captype: inotaridza rudzi rwekutora faira kune imwe kana akawanda ekupinda nerubatsiro uye shanduro sarudzo.
editcapInosarudza / inodzima mapaketi emapaketi, snaps / chops, inogadzirisa timestamps (kusanganisira kurongeka kwakasimba), inobvisa zvakapetwa nemahwindo anogadzirika, inowedzera makomendi pane furemu, inopatsanura zvinobuda nenhamba kana nguva, inoshandura mudziyo uye encapsulation, inoshanda ne decryption zvakavanzika, uye compresses zvinobuda. Ndicho chese-chinangwa chishandiso che "kuchenesa" kutora.
mergecap: inosanganisa akawanda kubatwa mune imwe, kungave nemutsara concatenation kana timestamp-based kusanganisa, inodzora snaplen, inotsanangura yakabuda mhando, IDB yekubatanidza maitiro uye yekupedzisira compression.
reordercap: inorongedza faira netimestamp inogadzira yakachena kubuda uye, kana yakatorongwa kare, inogona kudzivirira kunyora mhedzisiro kuchengetedza I/O.
text2pcap: inoshandura hexdumps kana zvinyorwa zvine regex kuti zvive zvechokwadi kutora; inoziva zvigadziriso mumadhatabhesi akasiyana siyana, matimestamps ane strptime mafomati (kusanganisira fractional precision), inoona yakasungirirwa ASCII kana zvichibvira, uye inogona kugadzirira "dummy" misoro (Ethernet, IPv4/IPv6, UDP/TCP/SCTP, EXPORTED_PDU) ne zviteshi, kero, uye mavara akaratidza.
rawshark: “mbishi” muverengi anotarisisa mumunda; inobvumidza iwe kuseta encapsulation kana dissection protocol, kudzima zvigadziriso zvezita, kuseta kuverenga / kuratidza mafirita uye sarudza iyo munda inobuda fomati, inobatsira pombi nemamwe maturusi.
randpktInogadzira mafaera nemapaketi asina kurongeka emhando dzakadai seARP, BGP, DNS, Ethernet, IPv4/IPv6, ICMP, TCP/UDP, SCTP, Syslog, USB-Linux, nezvimwewo, ichitsanangura account, saizi yepamusoro, uye mudziyo. Ideal for miedzo uye demos.
mmdbresolve: Query MaxMind dhatabhesi (MMDB) kuratidza geolocation yeIPv4/IPv6 kero, ichitsanangura imwe kana akawanda faira redatabase.
sharkd: daemon inofumura API (modhi "goridhe") kana classic socket (modhi "classic"); inotsigira maprofile ekugadzirisa uye inodzorwa kubva kune vatengi kune server-side dissection uye kutsvaga, inobatsira mune otomatiki uye masevhisi.

Exclusive content - Click Here Cómo Imprimo Pantalla en Mac

Architecture, maitiro uye zvisingakwanisi

Wireshark inovimba ne libpcap/Npcap yekubatwa, uye pane ecosystem yemaraibhurari (libwireshark, libwiretap, libwsutil) inoparadzanisa dissection, mafomati, uye zvinoshandiswa. Iyo inobvumira kuona kufona kweVoIP, kutamba odhiyo mumakodhi anotsigirwa, mbishi USB traffic kubatwa, uye kusefa paWi-Fi network (kana ichipfuura inotariswa Ethernet). plugins yemaprotocol matsva yakanyorwa muC kana kuti Lua. Iyo inogona zvakare kugamuchira yakavharirwa kure kure traffic (semuenzaniso, TZSP) yechokwadi-nguva yekuongorora kubva kune mumwe muchina.

Haisi IDS, uye haiburitsi chenjedzo; basa rayo nderokungoita: inoongorora, inoyera, uye inoratidza. Kunyange zvakadaro, maturusi ebetsero anopa nhamba uye mafambiro ebasa, uye zvekudzidzisa zviri nyore kuwanikwa (kusanganisira maapplication ekudzidzisa akanangana ne2025 anodzidzisa mafirita, kufemba, basic OS zvigunwe zvekudhindisa zvigunwe, chaiyo-nguva kuongorora, otomatiki, encrypted traffic, uye kubatanidzwa neDevOps maitiro). Ichi chikamu chedzidzo chinozadzisa basa guru re kuongororwa uye kugadzirisa matambudziko.

Kuenderana uye ecosystem

Kuvaka uye kuyedza mapuratifomu anosanganisira Linux (Ubuntu), Windows uye macOSIyo purojekiti zvakare inotaura kuenderana kwakafara nekuwedzera Unix-senge masisitimu uye kugovera kuburikidza nevechitatu-bato mamaneja. Mune zvimwe zviitiko, shanduro dzekare dzeOS dzinoda matavi apfuura (semuenzaniso, Windows XP ine vhezheni 1.10 kana yapfuura). Kazhinji, iwe unogona kuisa kubva kune zviri pamutemo repositori kana mabhinari munzvimbo zhinji pasina nyaya hombe.

Ivo vanobatana netiweki simulators (ns, OPNET Modeler), uye yechitatu-bato maturusi (semuenzaniso, Aircrack ye802.11) inogona kushandiswa kugadzira inotorwa iyo Wireshark inovhura pasina kuoma. Panzvimbo ya mitemo yakasimba uye tsikaRangarira kungotora chete pamanetiweki uye mune mamiriro aunopihwa mvumo.

Zita, mawebhusaiti epamutemo, uye kudzora data

Webhusaiti yepamutemo ndeye wireshark.orgine kurodha mune yayo / kurodha subdirectory uye online zvinyorwa zvevashandisi nevagadziri. Kune mapeji ane kutonga kwechiremera (semuenzaniso, GND) uye rondedzero yezvinongedzo kune kodhi repository, bug tracker, uye purojekiti blog, inobatsira kufambirana nenhau uye nyaya dzekutaura.

Usati watanga kutora, simbisa mvumo uye kugona kwehurongwa hwako, sarudza kana iwe uchizoshandisa dumpcap/tcpdump kurasa kudhisiki uye kuongorora pasina rombo, uye gadzirira kutora uye kuratidza mafirita anoenderana nechinangwa chako. Nemaitiro akanaka, Wireshark inorerutsa iyo yakaoma uye inokupa iwe chaiyo ruzivo. Kuonekwa kwaunoda kuongorora, kudzidza, kana kuongorora network chero saizi.

Chii chekuita mumaawa makumi maviri nemana ekutanga mushure mekubira

Nyaya yakafanana:

Zvekuita mumaawa makumi maviri nemana ekutanga mushure mekubira: nhare, PC uye online account

Daniel Terrasa

Mharidzo inyanzvi mune tekinoroji uye internet nyaya ine anopfuura makore gumi echiitiko mune akasiyana dhijitari media. Ndakashanda semupepeti uye mugadziri wezvemukati we e-commerce, kutaurirana, online kushambadzira uye kushambadzira makambani. Ndanyorawo pane zvehupfumi, mari uye mamwe masekete mawebhusaiti. Basa rangu ndirowo shungu dzangu. Zvino, kuburikidza nezvinyorwa zvangu mu Tecnobits, Ndinoedza kuongorora nhau dzose nemikana mitsva iyo nyika yetekinoroji inotipa zuva rega rega kuvandudza hupenyu hwedu.