Wireshark网络分析实战笔记(三)基本信息统计工具的用法

Wireshark基本信息统计工具的用法CaptureFileProperties：获取网络中数据包的总体信息使用方法：Statistics菜单栏下CaptureFileProperties选项Wireshark-CaptureFileProperties-wireshark_pcapng_DA8CBS2D-2SED-41EE-92,37-5003110BCFB_2-01604051:BatailsFileff：=0Tie:C:\UeerE\TIAITSI~l\AppDati\Lmal\Temp\wjireiliark_pcapng^EAtiCE92D~£9「Length：85kBFornit:Wireshiirk/...一pcapngEncapzi£Latiun：EthernetIimeFirstii：=n?k^t:2016-04-0E13:58:E9Lastpacke4:!201G-04-0E14:02:07El：=Lpsed：00:03:08CaptureH：=lt_liw：=lte:UrJrrLuwrL0站64—1>11Wind.ows10_.tniiId10586A-pplics.tion:[1impcap(,Wiremhark)2.0.2(v2.0.2HJ~gal6e22efrommastei―2.0,)InterfacesInterDxqpped卩红口kutwCn口tg*£4Ltux1(J唸□中n已\HPF_{BA8CB92D-29EB-41BE-9237-5n03110B6CFB]SceJIe==LEijj_ernerLtCaptijj-edF ts肌4Timesp：=ul.is13S.JS34ppsCaptiji-eFi1已comnientsRefraeIl

ProtocolHierarchy：获取网络中数据包所归属的协议层次使用方法：Statistics菜单栏下ProtocolHierarchy选项jfWireshark:■ProtocolHierarchyStatistics■wire&h3rk_pc.apng_DAaCE92D-29ED-41BE-9237-5{>03110E6匚ProtocolP&rcentPacketsPackets.Pe-rcentBytes.vFrame-100.0510&.0vEthernet100.0159100.0InternetProtocolVe-rsion4100.0巧9100.0vUserDatagramProtocol30.8-4920.awTe-r&doIPv6-overUDPtunneling苗41,8vInternetProtocolVersion&2.541.8InternetControlMessageProtocoly625垃1.SDomainNam&System28.34519.07fransmissionControlProtocol69卫lift79.2yT30阳40,8MslforinedRacket2.540.SSecureSocketsLayer| 5,7914,5MalformedPacket1.30.42HypertextTransferProtocol7.51221卫Line-base-dtextdata£.543.7」avaGcriptObjectNotation1.323.1HTMLFormURLEncoded1,327,2Data&.&14| 2.7&diwplmrjJi-iSr.文章来源：申博官网

Conversation：获取设备间的对话信息使用方法：StaFlowGraph:数据流图，查看TCP流tistics菜单栏下Conversation选项MWireehark'Conversation:-wireshark_pcapng_DA8CE裝D-四ED-胡班-92站-孔时肓俯&匚F艮20蔚04&九92討,Ethern已t ・ 1IFv4・ 12 IFv6・2TCF-17UBF-13;AAddressAPortAAddressBPortBRacketsByt&aRacketsA—►BBytesA—；■BRackets.E-10,-E00235,172151&9123,53,182,251http21092価7^1517£123.5S.182.£51http2114154W.1tK>.235.17^1513115http2025339U17Z1513&101.^01.173.115http20£533914111O.1O&.235.17Z15017xll3166316610,100,235252.199,6xll1600010.100.2S5.172151733httpE1141541&.1&0.235.17^1517054https316821081O.1O&.235221.29,253https3163210810.100235172J5022snt404-rri.Hotmail,comhttp235,17Z151785nt404-m,hotnnail,comhttps13771310409510.10&.^35.17Z151754http316821&872151764http31692108W.1O&.235.17^15174&6.n0.33.74http316821&810.100,235.17Z151751http24S54813705410,100,£35,17^15017223,252.199,6x11160G01O.1OO.235.17215017xll154154□U：=utiereEclutiokJLim11t0diEpiayfilterEndpoint：与（数据包的发送或接收）端点有关的统计信息使用方法：Statistics菜单栏下Endpoint选项

CloseXVvireehark'Endpoints■wireshack_pcapng_DA8CB^2D-2QED-41BE-9237-5OO3110B6CFE_ZC16CMO6O91...CloseTCP-23 Ithernet•£'IFv4•13IFv6-3UJF-15严AddreasPortPlacketsBytesPacketsA—*■BBytesAtBRscketsE3-ABytesE—ALatitudeL10,100235,172151692ioa21090010.100.£35.17^1517?£114541&010.1&0.235.17215131202533g141111112210.1&t>.235.17^15135Z&25339141111和連1O.1O&.235.17?15017&34t>4220212010,100235,17215172S1141541&010.100.^35.17?15170316921081&07215171316&2irn1&0W.TD&.Z35.17^150221541540010.100^35.17^151781H7719104-09583&Z410,100,23521091閒7?1517531&821081&01O.1O&.225.17J151743i&a21091&0W.1t>0.£35.17^151792485481370S4117464&19443197773S3624114U9&&,110,3374SO950431505314W1.ZO0.9&.31&0243543111464137084101201.173.115ao40506S竺224418阴22111.^»Z.50.4a802114160154111.221.2Q.2534433lea1603109111,^21.£^2544433t&a1602103123.5^.182.25180422216031&2213252.19&.&6004&34&21204220JLimit七odiejilayfilter1I：=litiereEclut1ori与HTTP协议有关的信息统计工具PacketCounter：了解http数据包的总数，以及其中请求和响应数据包分别为多少使用方法：Statistics菜单栏下HTTP选项中的PacketCounter

JtWiE-e&hark■PackedCounter■wireEhark_pcapng_pAaCB92D-29tD-41BE-^37-5003110B5CFE_2016040&091.... 7Topic/ItemCountAverageMinvalMaxvalRate(ms]Pe-rcentBurstrateBurststartvTotalHTTPRackets1Z0.0002100%0.0Z00 2.500QfherHTTPPackets0O.CWOO0.00%--7HTTPRe-sponsePackets60.00015&.0096ft.OUJO 2,500???:broken00.00000.00^--弓xx;ServerEit口f00.00000,00%--4kx:ClientError00.00000.00%■■3kk:Redirection0O.O&OO0.00%--72xx:Sue匚巴5550.000110D.CK}%aoioo-2.5-00200OK60.0001100.0&%2.5-00Ikk:Informational00.00000,00%--vHTTPRe-questRackeK5O.O&OI50«.OO^0.0^002.512POGT20.&&0023.32%57.109GET40.00016&.G7%0.0100-2方12Displs_yt'iIter: En七曰-=±<11Epl：±yfilterCopy S=±veRequests：请求访问的web站点分布情况，以及所访问web站点的具体资源（指向资源的url）使用方法：Statistics菜单栏下HTTP选项中的Requests<WiE-e&hark■Requests■wiresh3rk_pcapng_DA8匚凹2[>-知£口-砂匪-毘3了£00刖1刚&匚甩_2。技04师0口1歹_3。血丘匚ountAverageMinualMaxv5匚ountAverageMinualMaxv52yHTTPRequestsbyHTTPHostvwrite,/postedit?gettsg=1/portedit?edit-17s7-im-n口tif/KsdrLnet/s□cfcet.i0/1/jchr-polling/&r4PQc3Z151QdUtVzgzG?t=1459905162707/s□cket.io/1/xhr-poIling/8-r4PQc3Z151QdUtVzgzG?t=1459&051026&0-7s3-im-notify,/socket,io/l/yhr-polling/Gu4sAG1NwNYbfFhOzgzE?t=14599051&0091/sock&t」o/1/jthr-polling/Gu4sAG1NwNYbfFhOzgzE2t=1452905100062Displa.y£iIter:Enterad1splay£11七erLoadDistrbution：了解数据包在各站点的分布情况使用方法：Statistics菜单栏下HTTP选项中的LoadDistribution文章来源：申博官网

jgWire&haFk■LoadDis-tribution■wire£har£c_pcapng_DA&匚必毘口-2匪口-*1EE-%并-刘D引10E比屈卫01604曲曲,Topic/ItemCourtAverageMinvq\MaxvalRate[ms]P&rce-ntBurstratevHTTPResponsesbySarverAddress60.0001wtmo.owo71O1.M1.173.11540.000166.&7%0.0100OK40,0001100,00%0.0100己7101.ZOO.96.3120.000033.33%0.01005；OK20,0000100,00%0.01oc5；vHTTPRequestsbyServer60.0001100%0.01002.7HTTPE?&questsbyServerAddress60.0001WO.00%0.&1&02,w101.201.173J1540.00016S.&7%o.owoNsV-im-notify,20.000050.009&0.01W5.s3-im-notify,csdn.r&t20,000050.00^0.01MNp101200.96.3120.000033.33%0.0100亍20.0000100.00^0.01005；7HTTPRe-questsbyHTTPHost60.0001100.00%0.01002.wwrite-,blog,csd20.000033.33%0.01005：W1.200.96,312o,<mo100,00%0.0wo5；vs7-iiri-no-tify.c5dn.ne-t2O.OODO33.33%0.01005.W1520.0000MOM%O.OWO5.720.000033.33%0.01&0Z.1520.0000100.00%0.01M)2Displayt'iIter：En七曰-=±<11Epl：±yfilter'"匚opyFlowGraph：数据流图，查看TCP流使用方法：Statistics菜单栏下FlowGraph选项

09:11:42.^9198909:11:42.70118809:11;龙；70176509.11:52.70825109:12:02：.70832809:12:02.715347O9;1E;1£,71532009:12:12.72170909:IS：22.72170909:12>22.?314fi2阳：12；3£:fSI66703:12:32.73822609:12:42.70432909:12:42.712E14O9'lE：4Ei09:11:42.^9198909:11:42.70118809:11;龙；70176509.11:52.70825109:12:02：.70832809:12:02.715347O9;1E;1£,71532009:12:12.72170909:IS：22.72170909:12>22.?314fi2阳：12；3£:fSI66703:12:32.73822609:12:42.70432909:12:42.712E14O9'lE：4Ei713396O9:1Z：5Z.T2061409:l£;52.72703709:13:02.728301Show.Digpla.yedpackets▼09:11：4Z.^849580913:02.733661&EQ1.i■気-1g1kEl■217S-E^L2173■雜nSSQ斗汨血臥■2175：eq21T品k■4C0®Ack■217217品k■4K-SSQ片汨品k■217S=€Q217品k■4E05■217S-E^L217Ac-k■4K-SSQ斗汨血臥■21721FAtk■itcg217Ae-k■4£=S-eq,■422Seq4BB畑■今均仙918Atk■ag■Qi?S-cq,51$Ac-k・422&BQ4昭Ac-k-319生成与IP属性有关的统计信息AllAddresses：生成与IP地址有关的统计信息使用方法：Statistics菜单栏下IPv4Statistics选项中的AllAddresses

MWiE-eshark'AllAddresses■wireshark_pcapng_DA8CE92D-29ED-4-!BE-&237-5(>03llOB6CFE_2O1&O40eD9113Topic/Item匚ountAverageMinvalMaxvalR.ate(ms)Pe-rcentBurstrateSur&t&tartvAllAddres-ses1590.0013100%0.110057.101ffD2：：22O.frOOO1.26%0.&10031.485fe80;;卅f;倍巳斗0.00000,010031,485fe80:iBOOOif!62c7:6-f282O.OOM)1.26%0.010031.69955.1W.33.74&0.00015,66%O.O&OO56,10255.55.&&.11^150.000211.95%0.0300^e.5^059.64.8&.111400.000525.16^0.050031.46060.00013.77%0.030019.0411150.00013.14%0.020057.134123,55.18225142.52%0,02000J89111.2^.29.^5430.00001.89%0.030028.1125330.00001.99%0.03&02S.112111.2O2.6<}.4^2fl.OOOO1.26%0.0^0020.92&15400.0tK)525.IS%0.03002.500101,200.96.31240.000315,09^0,070057,10110.WO.Z35.1721550.00139743滤0.110057.101Displs_yt'iIter:En七=±<11Epl：±yfilterCopy S=±veDestinationsandPorts:生成与指定IP目的地址和TCP/UDP端口号有关的统计信息使用方法：Statistics菜单栏下IPv4Statistics选项中的DestinationsandPorts

jtWire&hark■DestinationsandPorts.■wireshark_pcapng_DA8CBS2D-29ED-41BE-9237-5003110B&CFB_2016D.VTopic/ItemCountAverageMinvalMaxvalRate-P&rce-ntBurstraleSurst&tartvDe&tinationsandPorts-1590.0018100%0.110057.101ffD2：：220.00000.010031.485fem；;卅f;倍巳20,00000.01003^,699460.00013.77%0.03&055.940-65.55r&&,11&110,00010.030025,645511200.00020.040041.450-40.00002.52%0.02&019.041>211.a2J12.11140.00002,52%0.01&057.134l23,5-a.1S2.25l30.00001.&9%0.01000.000111,221.29.25420,00000.020028,112111.2^1.^.^5