如果网络管理员触手可及相关信息,他们的表现会更好。有一些工具可以帮助网络管理员捕获和分析网络数据,以便他们弄清楚发生了什么。 Wireshark 网络分析器(Wireshark Network Analyzer)就是这样一个免费工具,这篇Wireshark的评论用简单的语言告诉你它提供的一切。
Wireshark基于WinPcap,因为它需要在您的计算机上安装后者。如果尚未安装,Wireshark会提示并为您安装。我使用过的某些其他工具(如URL Snooper)也使用WinPcap来嗅探通过网络传输的数据包。
什么是 WinPcap
WinPcap始终作为单独的程序安装。它是一种在不受任何协议干扰的情况下捕获网络数据包的工具。它包括内核级数据包过滤、网络统计引擎和驱动程序。在此驱动程序的帮助下,它绕过所有网络协议并访问低级网络层。
供您参考,网络场景中使用的TCP/IP或ISO OSI等模型,用于数据通信,具有不同的层集。我们通常在应用程序级别工作,它是TCP(TCP)和OSI两种协议的最顶层。这是一张图片,可以清楚地说明。它显示了OSI和TCP中的层。WinPcap在网络级别运行——绕过所有其他上层
为了访问低层,WinPcap绕过这些层和其他层,挖掘出在较低网络层移动的数据包。因此,它有助于向不同的程序提供有关传出和传入数据包的信息。然后,这些信息被不同的程序用来挖掘不同的信息。
WinPCap在(WinPCap)Add/Remove Programs或程序和功能(Programs and Features)中列为一个单独的程序。如果您删除WinPCap,依赖它的应用程序(如WireShark)将无法执行。
Wireshark 网络分析仪
Wireshark在网络管理员中非常有名,所以我决定检查一下,看看它提供了什么。如上所述,它会提示您将WinPcap添加到您的计算机并为您安装它。当您在安装Wireshark后打开程序时,您会看到一个包含不同选项的屏幕,分为三列。选项包括:
1. 接口列表:如果您有多个网络适配器,则必须选择要捕获的网络适配器。例如,当您单击它时,Wireshark会显示您计算机上的网络适配器列表——包括WiFi。您只需为Wireshark选择一个或多个这些网络适配器,即可确定通过这些适配器进出的数据包。我电脑上的对话框如下图所示。SpotFlux的虚拟网络适配器也显示在图像中。您的可能会因您拥有的网络适配器而异。
2. 第二个选项是开始抓包。当您单击它时,它将显示与您选择的网卡有关的数据。
3. 第一行第三项是设置捕获选项。在这里,您可以再次选择网卡、放置过滤器、命名以捕获文件等。
第二列有一个最近打开的捕获文件列表和一个样本捕获列表。
第三列与文档等有关。这是整个GUI的样子。要放大图像,请单击它。
捕获数据后,您可以将其保存为任何名称以供日后检查。如果您忘记保存并关闭程序,它会提示您保存数据,并为您提供不保存退出的选项。
Wireshark 网络分析仪(Wireshark Network Analyzer)的其他功能
引起我注意的其他功能之一是方便的工具栏,它具有启动、停止数据包捕获的选项。它还具有设置首选项和启动帮助的选项。其他选项包括在不保存文件的情况下重新开始数据包捕获、关闭捕获文件、重新加载捕获文件等。简而言之,它为您提供了执行不同选项的快捷方式,而无需使用菜单栏导航。
颜色编码是Wireshark 网络分析器(Wireshark Network Analyzer)的另一个好功能。您可以使用现成的颜色代码,也可以在工具栏的首选项中设置自定义颜色代码。颜色编码可帮助您识别数据包的类型。
工具栏正下方的栏包含设置过滤器的选项。我没有使用它,但对于不想每次都打开捕获选项对话框的管理员来说,访问过滤器很容易。您可以直接在过滤器栏上的文本框中输入内容,也可以单击表达式,然后使用可用选项创建表达式。设置过滤器就像您在Excel中处理数据时所做的一样,因此不会带来不便。
在捕获窗口中,当它显示不同的数据包时,您可以右键单击数据包以查看其详细信息。下部窗口显示与该特定数据包有关的详细信息。
简而言之,Wireshark拥有观察网络数据的所有设施,而不会出汗。它的图形用户界面使执行不同的任务变得容易。如果您是网络管理员并希望密切关注数据包,那么Wireshark适合您。
Wireshark 网络分析仪(Wireshark Network Analyzer)免费下载
您可以从其官方网站(official website)下载。
去这里查看更多免费网络监控工具(Free Network Monitoring Tools)。(Go here to check out some more Free Network Monitoring Tools.)
Wireshark Network Analyzer: Review, Tutorial, Free download
Network administrators can perform better if they have relevant information at thеir fingertips. There are certain tools that help network adminѕ to capture and analyze network data so that they could fіgure оut what is going on. Wireshark Network Analyzer is one such free tool and this review of Wireshark, in plain language, tells you what all it offers.
Wireshark is based on WinPcap as it requires the latter to be installed on your computer. If it is not already installed, Wireshark prompts and installs it for you. Certain other tools that I’ve used – like URL Snooper – too employ WinPcap to sniff on packets traveling through the network.
What is WinPcap
WinPcap is always installed as a separate program. It is a tool to capture network packets without the interference of any protocols. It includes kernel-level packet filtering, a network statistics engine, and a driver. With the help of this driver, it bypasses all network protocols and accesses the low-level network layers.
For your information, TCP/IP or ISO OSI, etc. models used in a network scenario, for data communication, have a different set of layers. We generally work at the application level and it is the topmost level in both protocols – TCP and OSI. Here is an image to make it clear. It shows layers in both OSI and TCP. WinPcap operates at network level — bypassing all other upper layers
To access the low-level layers, WinPcap bypasses these and other layers and digs out data packets moving in the lower network level. Thus, it helps in providing information to different programs about outgoing and incoming data packets. This information is then used by different programs to dig out different information.
WinPCap is listed as a separate program in Add/Remove Programs or Programs and Features. If you remove WinPCap, applications dependent on it – like WireShark – will fail to perform.
Wireshark Network Analyzer
Wireshark is quite famous among network admins so I decided to check it out and see what it offers. As said above, it will prompt you to add WinPcap to your computer and will install it for you. When you open the program after installing Wireshark, you get a screen with different options divided into three columns. The options include:
1. Interface List: If you have more than one network adaptor, you will have to select which one(s) you wish to capture. For example, when you click on it, Wireshark shows you a list of networks adaptors on your computers – including the WiFi. You just have to select one or more of these network adaptors for Wireshark to determine the packets coming in and going out via these adaptors. The dialog box on my computer was like the image below. The virtual network adaptor of SpotFlux is also shown in the image. Yours may vary based on the network adaptors you have.
2. The second option is to start packet capturing. When you click it, it will show data pertaining to the network card(s) you selected.
3. The third item in the first row is to set up capture options. Here, you can again select the network card(s), place filters, give a name to capture the file among other things.
The second column has a list of recently opened capture files and a sample capture list.
The third column is related to documentation etc. Here is how the entire GUI looks like. To enlarge the image, click on it.
Once you captured data, you can save it under any name for later examination. If you forget to save and close the program, it prompts you to save the data and also gives you the option to exit without saving.
Other features of Wireshark Network Analyzer
Among other features that caught my attention was the handy toolbar that has options to start, stop packet capturing. It also has options to set up preferences and to launch help. Other options are to restart packet capturing without saving the file, close the capture file, reload the capture file, etc. In short, it offers you shortcuts to perform different options without having to navigate using the menu bar.
Color coding is yet another good feature of Wireshark Network Analyzer. You can use the ready-to-use color codes or you can set up custom color codes in Preferences on the toolbar. Color-coding helps you identify the type of data packets.
The bar just below the toolbar contains options to set up filters. I did not use this but it is easy to access filters for admins who wouldn’t want to open up the capture options dialog each time. You can directly type into the text box on the filter bar or you can click on Expressions and then create an expression using the available options. Setting up filters is just like you do when you are handling data in Excel so it should not be inconvenient.
In the capture window, when it is showing different data packets, you can right-click on a data packet to see its details. The lower window shows details pertaining to that particular data packet.
In short, Wireshark has all the facilities to observe network data without sweating out. Its graphical user interface makes it easy to perform different tasks. If you are a network admin and wish to keep an eye on the data packets, Wireshark is for you.
Wireshark Network Analyzer free download
You can download it from its official website.
Go here to check out some more Free Network Monitoring Tools.
