Was captured, the packet’s source and destination addresses, the protocol type,Īnd protocol-specific information contained in the packet. Packet number contained in any protocol’s header), the time at which the packet The packet-listing window displays a one-line summary for each packetĬaptured, including the packet number (assigned by Wireshark this is not a The packet-header and packet-contents windows)
The packet display filter field, into which a protocol name or other information can be entered in order to filter the information displayed in the packet-listing window (and hence The Capture menu allows you to begin packet capture. The File menu allows you to save captured packet data or open a file containing previously captured packet data, and exit the Wireshark application. Of interest to us now are the File and Capture menus. The command menus are standard pulldown menus. In Figure 1, the assumed physical media is an Ethernet, and so all upper-layer protocols are eventually encapsulated within an Ethernet frame.Ĭapturing all link-layer frames thus gives you all messages sent/received from/by all protocols and applications executing in your computer. Or IP all are eventually encapsulated in link-layer frames that are transmitted over physical media such as an Ethernet cable. Recall from the discussion from lecture 1 that messages exchanged by higher layer protocols such as HTTP, FTP, TCP, UDP, DNS, The packet capture library receives a copy of every link-layer frame that is sent from or received by your computer. The packet sniffer, shown within the dashed rectangle in Figure 1 is an addition to the usual software in your computer, and consists of two parts. At the right of Figure 1 are the protocols (in this case, Internet protocols)Īnd applications (such as a web browser or ftp client) that normally run on your computer. Figure 1 shows the structure of a packet sniffer.
0 kommentar(er)
