Wireshark

Wireshark The official Mac version is a network analysis tool suitable for use on the Mac platform. The latest version of Wireshark can support real-time capture, VoIP analysis, offline analysis and other functions. And Wireshark will not modify the content of network packets, it will only reflect the currently circulating packet information. Wireshark itself does not send packets to the network. Friends who like WiresharkMAC come to Huajun Software Park to download and experience it!

Things to note:

Friends who use Mac to install or download application software often encounter the following three error situations. The editor here provides you with solutions to help you solve the Mac error problem:

1. "...the software is damaged and cannot be opened. You should move it to the Trash"

2. "The xxx software cannot be opened becauseApple can't check if it contains malware"

3. "Cannot open xxxsoftware because it comes from an unidentified developer"

Don’t panic if you encounter the above three situations, follow the editor’s instructions and solve them easily.

1. Turn on any source in the computer settings.Open any source.

2. Opening any source will solve the problem of most software error reports. If it does not work, it means that you need to bypass application signature authentication by executing command line code. Execute command bypassiosnotarizationGatekeeper.

3. If the above operations still cannot solve the problem, then you need toclosureSIPSystem integrity protectionOnly then can.

Basic introduction to Wireshark

The function of network packet analysis software can be imagined as the work of "an electrician using an electric meter to measure current, voltage, and resistance" - Just port the scene to the network and replace the wires with network cables. In the past, network packet analysis software was very expensive or specialized for commercial applications. The emergence of Ethereal changed everything. Under the protection of the GNUGPL general license, users can obtain software and its source code for free, and have the right to modify and customize its source code. Ethereal is one of the most extensive network packet analysis software in the world.

Network administrators use Wireshark to detect network problems, network security engineers use Wireshark to check information security-related issues, developers use Wireshark to debug new communication protocols, and ordinary users use Wireshark to learn knowledge about network protocols. Of course, there are Some people will also use it with "ulterior motives" to find some sensitive information...

​​ ​ Wireshark is not an intrusion detection software (Intrusion Detection Software,IDS). For abnormal traffic behavior on the network, Wireshark will not generate warnings or any prompts. However, careful analysis of packets captured by Wireshark can help users gain a clearer understanding of network behavior. Wireshark will not modify the content of network packets, it will only reflect the currently circulating packet information. Wireshark itself does not send packets to the network.

Wireshark function introduction

                                                                                              In-depth inspection of the creation time of hundreds of protocols

Real-time capture and offline analysis

Standard three-pane view includes browser compatibility

Multi-platform support: runs on Windows, Linux, Mac OS X, Solaris, Free eBSD, NetBSD and other platforms

The captured network data can be viewed through a graphical user interface, or through the TTY mode tshark utility

The most powerful display filter in the industry

Rich VoIP analytics

Read/write many different capture file formats

Use gzip compression to compress and encrypt real-time captured data

You can get Wireshark data in real time

​​ Encrypted files support for many protocols including IPSec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP and WPA/WPA2

Can be applied to packet lists for quick, intuitive analysis

Output can be exported to XML, PostScript, CSV or plain text files

Wireshark FAQ

      Q: How does Wireshark export data?

Answer: 1. Open wireshark->Capture->Interface->Select your network card (checked)->Start

​​ 2. OK to start capturing packets. There is stop on the toolbar. Click to stop capturing packets.

​​ 3. Filtering, you can see a question I answered before. Or look it up online. For example tcp && tcp.len >

​​ 4. There are options under Fire->Save, choose filtered, all, or selected.

5. Enter the file name.

      Question: How to clear historical filter records in Wireshark?

Answer: crtl+shift+Dor editing -> ignore all displayed groups

Wireshark update log

      1. Optimized some functions

      2. Solved many unbearable bugs