内部公开杭州迪普科技有限公司wireshark抓包应用指导说明书1/36内部文件,请勿扩散拟制雷振华日期2015.4.10评审人日期签发日期内部公开2/36内部文件,请勿扩散内部公开修订记录日期修订版本描述作者2015.4.10V1.0初稿完成雷振华3/36内部文件,请勿扩散内部公开目录1WIRESHARK介绍............................................................................................................................................52功能介绍........................................................................................................................................................53图形界面抓报文.............................................................................................................................................53.1选择网卡抓报文..............................................................................................................................................53.2显示报文抓取时间..........................................................................................................................................73.3WIRESHARK界面布局.....................................................................................................................................83.4报文过滤条件.................................................................................................................................................93.4.1常用过滤条件.......................................................................................................................................103.4.2WIRESHARKEXPRESSION.......................................................................................................................113.4.3高级过滤条件.......................................................................................................................................113.4.4WIRESHARKCAPTUREFILTER................................................................................................................144命令行抓报文..............................................................................................................................................154.1选择网卡.......................................................................................................................................................154.2命令行过滤条件............................................................................................................................................174.3常用过滤条件...............................................................................................................................................175批量转换报文格式.......................................................................................................................................184/36内部文件,请勿扩散内部公开1Wireshark介绍Wireshark是开源网络包分析工具,支持Windows/Linux/Unix环境。网络包分析工具的主要作用是尝试捕获网络包,并尝试显示包的尽可能详细的情况。可以从网站下载最新版本的Wireshark(http://www.wireshark.org/download.html。Wireshark通常在4-8周内发布一次新版本2功能介绍Wireshark支持图形和命令行两种抓报文方式3图形界面抓报文3.1选择网卡抓报文第一步打开wireshark抓包软件,点击“Capture-->Interfaces”,如图3-15/36内部文件,请勿扩散内部公开6/36内部文件,请勿扩散内部公开图3-1选择网卡第二步选择抓包的网卡,点击”Strart“开始抓包,这样将抓取流经此网卡的所有报文,并临时...