I-Wireshark Advanced: Umhlahlandlela Ophelele Wokuthwebula Nokuhlaziya

Informatec Digital » Izinsiza » I-Wireshark Advanced: Umhlahlandlela Ophelele Wokuthwebula Nokuhlaziya

Uma usuvele ujwayelene neWireshark futhi ufuna ukuyithatha igxathu eliya phambili, lesi sihloko singesakho. Sizobona ukuthi singazuza kanjani ngokugcwele kuyo, kusukela ku- kusukela ekuthathweni okuyisisekelo kuya ekuhlaziyweni kwethrafikhi okuthuthukisiwe, okuhlanganisa izihlungi, imibala, izinqubo kanye nokusetshenziswa okungokoqobo ku ukuhlaziywa kokuphepha kwe-inthanethiukusebenza kanye nokuxazulula izinkinga.

Kuwo wonke lo mbhalo, uzothola imiqondo eminingi echazwe ngokuthula nangeSpanishi esilula, sansuku zonke. Le miqondo ivame ukutholakala kumathuluzi ochwepheshe, izifundo, izincwadi, kanye namalabhorethri afana ne-TryHackMe, kodwa isetshenziswa ezimweni ezisebenzayo. Umgomo uwukuthi, ngesikhathi uqeda ukufunda, uzokwazi Hambisa kalula ku-interface ye-Wireshark, bese uthwebula okukuthandayo. futhi uqonde ukuthi kwenzekani kunethiwekhi yakho.

Iyini iWireshark futhi kungani ibaluleke kangaka?

I-Wireshark, ngokuyisisekelo, i-analyzer yephrothokholi yenethiwekhi (i-packet sniffer enhle yakudala) ekuvumela ukuthi ubone, ngalinye ngalinye, amaphakethe angena futhi aphume kuma-interface akho enethiwekhi, kungakhathaliseki ukuthi amanethiwekhi omphakathi e-Wi-FiI-Ethernet noma ezinye. Iphakethe ngalinye liyabanjwa, lihlukaniswe, futhi liboniswe ngesikhathi sangempela, nayo yonke imininingwane yalo.

Sikhuluma ngohlelo umthombo ovulekile futhi ovulekileKusatshalaliswa ngaphansi kwe-GNU General Public License v2. Lokhu kusho ukuthi azikho izinguqulo ezinqunyiwe noma "izinhlelo zedemo": lokho okulandayo inguqulo ephelele, enazo zonke izici, futhi noma yimuphi unjiniyela angabuyekeza ikhodi yakhe ukuqinisekisa ukuthi ayenzi lutho olungavamile.

Le phrojekthi iphethwe yi- I-Wireshark FoundationI-Wireshark yinhlangano engenzi nzuzo eqondisa ukuthuthukiswa, ukubhalwa kwamadokhumenti, kanye nokusatshalaliswa kwesofthiwe. Izinkampani eziningi nochwepheshe abathembele ku-Wireshark ngomsebenzi wabo banikela ngeminikelo, okugcina ithuluzi liphila futhi livumele ukuthi liqhubeke nokuguquka.

I-Wireshark iyatholakala ku- Ukusatshalaliswa kweWindows, macOS, kanye neLinux njengo-UbuntuIngalandwa kuwebhusayithi yayo esemthethweni, i-wireshark.org. Uma isifakiwe, uzobona isikhombimsebenzisi, ekuqaleni, esingase sibonakale sinzima: amakhulu emigqa eshintsha ngesivinini esikhulu, amakholomu anamakheli e-IP, amaphrothokholi, ubude, izitembu zesikhathi… kodwa konke lokho kuyigolide elicwengekile lokuxilonga amaphutha, ukuthola ukuhlaselwa, noma ukuqonda ukuthi amadivayisi akho enzani.

Isixhumi esibonakalayo seWireshark: amaphaneli, izintandokazi, kanye nokuqalisa

Uma uvula i-Wireshark, isikrini sihlelwe ngamaphaneli amaningana ayinhloko: uhlu lwamaphakheji, imininingwane yephakheji ekhethiwe kanye nombono ongahluziwe (ama-hexadecimal kanye nama-ASCII bytes). Ukuqonda la maphaneli kuyisisekelo sokusebenza kahle.

Iphaneli ephezulu ibonisa wonke amaphakethe athwetshuliwe; umugqa ngamunye uhambelana nephakethe futhi uhlanganisa ulwazi olufana nenombolo yepakethe, isikhathi, ikheli le-IP lomthombo, ikheli le-IP yendawo, iphrothokholi, kanye nesifinyezo esifushane. Ephanelini eliphakathi ungabona ukubola okunezingqimba kwephakheji (isixhumanisi, inethiwekhi, ezokuthutha, uhlelo lokusebenza), futhi phansi, amabhayithi ngefomethi ye-hexadecimal kanye nokumelwa kwawo kombhalo.

Kusukela kumenyu yezilungiselelo ungavula Izintandokazi ze-Wireshark futhi ulungise izinto ezifana nefomethi yesikhathi, indlela amaphaneli aboniswa ngayo, ulimi lwamasimu, noma ngisho nokufihla izakhi ezithile. Isibonelo, ungashintsha ukwakheka kwephaneli noma ukhubaze ukuboniswa kwama-HEX bytes uma ukhetha ukugxila kuphela ekuhlaziyweni okunengqondo.

Ukuzulazula ngaphakathi kwesithombe-skrini nakho kubalulekile: ungaya ngqo enombolweni ethile yepakethe, weqe uye kowokuqala noma wokugcina ohlwini, bese udlula ezingxoxweni usebenzisa izinqamuleli zekhibhodi. Ngaphezu kwalokho, kungenzeka maka amaphakheji ozowabuyisela kuwo kamuvaLokhu kuwusizo kakhulu uma ulandela ukugeleza okude futhi udinga ukukhumbula amaphuzu athile ayisihluthulelo.

Ukuthwebula ithrafikhi: izixhumi, imikhawulo, kanye nezinhlobo zamaphakethe

Ngaphambi kokuhlaziya, kufanele uthwebule. I-Wireshark ikuvumela ukuthi ukhethe ukuthi yiziphi ozozithwebula. isikhombimsebenzisi senethiwekhi Uyafuna ukuzwaIkhadi le-Ethernet, i-WiFi, izixhumi ezibonakalayo, imigudu, njll. Akuzona zonke izixhumi ezisekela izinga elifanayo lemininingwane, kodwa ngokuvamile uzokwazi ukubona ithrafikhi ewela idivayisi yakho ngisho, ngezindlela ezithile, ithrafikhi ejikeleza kunethiwekhi yakho yendawo.

Ukuze uzijwayeze, kuvamile kakhulu ukusebenza ngezithombe ezilinganiselwe. Ungaqala, isibonelo, izithombe ezilinganiselwe ku- 1.000 amaphakethenoma uyilungiselele ukuthi ime ngokuzenzakalelayo ngemva kwemizuzwana emi-5. Lokhu kuyasiza ekugwemeni amafayela amakhulu nokugxila emafasiteleni athile esikhashana omsebenzi.

I-Wireshark iphinde isekele izihlungi zokubamba, ngakho-ke amaphakethe athile kuphela aqoshwa kusukela ekuqaleni. Ukusetshenziswa okuvamile ukubamba kuphela Ithrafikhi ye-UDP noma ithrafikhi ye-TCPIsibonelo, ungaqala ukubamba okuthatha amaphakethe e-UDP kuphela uma unentshisekelo emidlalweni eku-inthanethi noma kumasevisi okusakaza, noma ukhawulele ukubamba ku-TCP uma ufuna ukufunda amaseshini e-HTTP, TLS, FTP, njll.

Uma usunakho okudingayo, ungagcina umphumela kufayela elinesandiso i-.pcap noma i-.pcapng, isibonelo njenge “isibonelo_tcp.pcap”bese uvala i-Wireshark. Ngemuva kwalokho ungavula kabusha uhlelo, ulayishe ifayela, bese ulihlaziya ngesikhathi sakho, ngaphandle kokuthi ithrafikhi iqhubeke nokuhamba ngesikhathi sangempela futhi ngaphandle kwengozi yokulahlekelwa yilutho.

Ukusebenza ngesikhathi: amamaki, umehluko, kanye nokuhlaziywa kwesikhathi

Inkambu yesitembu sesikhathi ingenye yezinamandla kakhulu ku-Wireshark. Ohlwini lwamaphakethe, ungabona ukuthi iphakethe ngalinye lithathwe nini, kodwa futhi ungalinganisa Sekudlule isikhathi esingakanani phakathi kokuqala kokuthwebula kanye nephakethe elithile?noma phakathi kwamaphakethe amabili athile. Isibonelo, ungabheka isikhathi esithathayo ukufinyelela iphakethe lama-300 ukuze ubone ukuthi ukuxhumana kushintsha kanjani.

Umsebenzi owodwa owusizo kakhulu ukusetha iphakheji njenge ireferensi yesikhathi esingenaluthoLokhu kukuvumela ukuthi uchaze kabusha isikhathi "0" kunoma yisiphi isikhathi sokuthwebula, ukuze zonke ezinye izikhathi zilinganiswe ngokuhambisana nalelo phuzu. Lokhu kuhle uma ufuna ukutadisha ukushintshana okuthile kunokutadisha sonke isikhathi.

Ngokuhlanganisa izitembu zesikhathi nezihlungi kanye nokulandelela ukugeleza (landela ukusakazwa kwe-TCP, landela ukusakazwa kwe-UDP), ungabona ngokunembile ukubambezeleka, ukubambezeleka, ukudlulisa, kanye nokudlulisela kabusha ezenzeka kunethiwekhi. Lokhu kuwusizo kakhulu ekuxilongeni izinkinga zokulibaziseka, izithiyo, noma ukulahleka kwephakethe.

Ukuhlaziywa okunezingqimba: kusukela ku-MAC kuya kuhlelo lokusebenza

Enye yamandla amakhulu eWireshark ukuthi ikuvumela ukuthi ubone iphakethe ngalinye lihlukaniswe ngezendlalelo zemodeli ye-OSI noma ye-TCP/IP. Kusukela phansi, ungabona iyiphi indlela engokoqobo noma uhlobo lwesixhumanisi olusetshenziswayo (isibonelo i-Ethernet) kanye nohlobo lwesixhumi esisekelayo.

Kusendlalelo sesi-2 (isixhumanisi sedatha) ungahlola ukuthi yikuphi iphrothokholi iyasetshenziswaLokhu ngokuvamile kuba yi-Ethernet II kumanethiwekhi anamuhla. Yilapho insimu ethi "EtherType" iba khona ebalulekile, njengoba ingabonisa amanani afana ne-0x0800 (okubonisa i-IPv4) noma ezinye izihlonzi ezingavamile. Ungasesha amaphakethe anenani elithile, njenge-0x0800 noma i-0xEBF2, usebenzisa izihlungi noma usesho ngaphakathi kokuthwebula.

Uma ukhuphukela ku-layer 3, uzothola iphrothokholi yenethiwekhi, ngokuvamile I-IPv4 noma i-IPv6Lapha ungabona amakheli e-IP omthombo kanye nendawo oya kuyo, futhi ungandisa umuthi wensimu ukuze ubuke eminye imininingwane efana ne-TTL, ukuqhekeka, izinketho, njll. Khomba i-IP yomthombo kanye ne-IP yendawo oya kuyo Kungomunye wemisebenzi eyisisekelo kakhulu, kodwa futhi evame kakhulu lapho kuphenywa izinkinga.

Ku-layer 4, iWireshark iyakutshela ukuthi ubhekene yini ne- I-TCP, i-UDP, noma ezinye izindlela zokuthuthaYilapho ungabona khona amachweba omthombo kanye nendawo oya kuyo, amafulegi e-TCP (SYN, ACK, FIN, RST), izinombolo zokulandelana kanye nokuvuma, kanye nemininingwane ebalulekile yokuqonda ukuthi uxhumano luzinzile yini, ukuthi kukhona yini ukudluliselwa kabusha, ukuthi amaphakethe ayalahleka yini, noma ukuthi luvaliwe ngokuzumayo.

Ekugcineni, kusendlalelo sohlelo lokusebenza, iWireshark izama ukuhumusha okuqukethwe ngokuya ngephrothokholi etholakele: I-HTTP, i-HTTPS (TLS/SSL), i-DNS, i-DHCP, i-FTP, i-RTP, i-SIP kanye nabanye abaningi. Uma ithrafikhi ingabethelwe, kungenzeka ngisho nokubona okuqukethwe kumbhalo ocacile, okuhlanganisa izihloko ze-HTTP, imiyalo ye-FTP, ngisho neziqinisekiso uma zithunyelwa ngokungaphephile.

Ukusesha, ukuhlunga, kanye nezinhlamvu zombhalo ngaphakathi kwamaphakheji

Ukusebenza ngezithombe ezinkulu kudinga ukusetshenziswa kwezihlungi ezinamandla kanye namakhono okusesha. Phezulu kweWireshark, unebha yamathuluzi. bonisa izihlungi, okukuvumela ukuthi ubonise kuphela amaphakethe ahlangabezana nezimo ezithile: isibonelo, ip.addr == 192.168.1.50 ukuze ugxile kudivayisi ethile, noma i-http ukuze ubone ithrafikhi yewebhu kuphela.

Uma usola ukuthi amaphasiwedi noma idatha ebucayi idluliselwa ngaphandle kokubethela emyalezweni othwetshuliwe, ungasesha izintambo zombhalo ngaphakathi kokuqukethwe kwephakethe. Kungenzeka ukuthola amaphakethe aqukethe, isibonelo, igama “ukudlula” noma “okuqukethwe” kudatha ebanjiwe. Ungahlola futhi ukuthi lezo zintambo ziyavela yini kulwazi lwesifinyezo noma lwephakheji, hhayi emzimbeni kuphela.

Lokhu kuwusizo kakhulu lapho kuhlaziywa amaphrothokholi angavikelekile njenge-HTTP noma i-FTP. Ezindaweni zokuqeqesha zohlobo lwe-TryHackMe, omunye wemisebenzi ejwayelekile ukukhipha iziqinisekiso zithunyelwe ngombhalo ocacile ngokusebenzisa lezi zinsizakalo, noma ukuthola amafomu athumela ulwazi olungabethelwe, olumelela ingozi esobala yokuphepha.

Ngale kwezintambo zombhalo, ungasebenzisa izihlungi ezingcono kakhulu ngokuhlanganisa izinkambu zephrothokholi, opharetha abanengqondo, kanye nokuqhathanisa. Lokhu kukuvumela, isibonelo, ukuhlukanisa izicelo ze-DNS ezihlulekile kuphela, amaphakethe e-TCP anamaphutha, noma imiyalezo evela ekusakazweni okuthile kwe-RTP.

Imibala kanye nemithetho yokugqamisa ukuze kubonakale kangcono ithrafikhi

I-Wireshark ihlanganisa uhlelo lwe- imibala yamaphakheji Lokhu kukusiza ukuthi uhlukanise ngokushesha izinhlobo ezahlukene zethrafikhi. Okuluhlaza ngokuvamile kuhlotshaniswa nethrafikhi "ejwayelekile" ye-TCP, okuluhlaza okwesibhakabhaka okunethrafikhi ye-UDP noma ye-DNS, kanti okumnyama noma okubomvu kubonisa amaphutha noma okungafani. Ngokubuka nje isikrini, ungabona ukuthi konke kusebenza kahle noma ukuthi kunemigqa eminingi eyinkinga.

Kusukela kumenyu yezilungiselelo, ungavumela noma ukhubaze ukubuka kombala. Uma kudingeka, kungenzeka futhi shintsha umbala wangemuva wemithetho ethileIsibonelo, ukudala umthetho ogqamisa zonke izikhathi ze-TCP emthunzini othize, noma ophawula ukudluliselwa kabusha noma amaphakethe angalungile komunye umbala.

Ngaphezu kokushintsha imibala, unenketho yokukhubaza umthetho othize ngaphandle kokuwususa, ngakho-ke uyeka ukufaka imibala kodwa ungawuvuselela kamuva. Lokhu kuwusizo kakhulu uma uhlola amacebo ahlukene futhi ungafuni ukulahlekelwa izilungiselelo zakho ezikhona.

Enye indlela ethokozisayo ukufaka imibala kuzo zonke iziphakeji ezingezona ezifanayo Ingxoxo ye-TCP noma ye-UDPNgale ndlela, ungalandela ngokubona konke ukugeleza phakathi kwama-endpoint amabili, noma ngabe kuxutshwe nezinye izixhumanisi eziningi ezifanayo. Ungabe usukwazi ukuhamba phakathi kwalawo maphakethe agqanyisiwe kalula kakhulu.

Ukuthola izinkinga zenethiwekhi ekhaya nasenkampanini

Nakuba i-Wireshark iyithuluzi elisezingeni lobuchwepheshe, ingasiza abasebenzisi basekhaya ukuthi baqonde ukuthi kwenzekani ngokuxhumeka kwabo. Isibonelo, uma ubona ukulibala noma ukuthuthumela emidlalweni yakho eku-inthanethi, ingakusiza ukuxazulula inkinga yokuxhumeka kwakho kwe-inthanethi. Ukuphazamiseka kwe-WiFiUngahlaziya ithrafikhi ukuze ubone ukuthi Amaphakheji ayalahleka uma efika engahlelekile. noma uma kukhona ukubambezeleka okukhulu engxenyeni ethile yohambo.

Kulesi simo, kuvamile ukugxila kuthrafikhi ye-UDP, esetshenziswa imidlalo eminingi kanye nezinhlelo zokusebenza zesikhathi sangempela. Uma, lapho uhlunga nge-UDP, ubona imigqa eminingi ephawulwe ngemibala yamaphutha, amaphakethe angaphandle koku-oda, noma ukudluliselwa kabusha, uzokwazi ukuthi inkinga akuyona nje i-ping ephezulu esivivinyweni, kodwa into ejulile ehlobene nokuzinza komzila noma ukugcwala kwe-node.

I-Wireshark nayo iwusizo kakhulu uma Iwebhusayithi ayilayishi, iphrinta iyanyamalala kunethiwekhi noma isevisi yangaphakathi yehluleka. Njengoba isithombe-skrini siphambi kwakho, ungabona ngqo ukuthi ukuxhumana kuyaphela kuphi: uma isicelo siphuma kukhompyutha yakho kodwa singatholi mpendulo, uma kukhona amaphutha e-DNS, uma iseva iphendula ngekhodi yephutha, njll.

Ngokombono wobumfihlo, ithuluzi likuvumela ukuthi ubone ukuthi iyiphi idatha ethunyelwa amadivayisi akho nge-inthanethi. Lingabona ukuthi idivayisi "ikhuluma kakhulu" nefu, igcina ukuxhumana namaseva angaziwa, noma ithumela ulwazi olungabethelwe ongathanda ukulubona lubethelwe. Konke lokhu kukusiza ukuthi hlola ukuziphatha kwe Amadivayisi we-IoTomakhalekhukhwini, amakhamera e-IP, ama-smart TV kanye nanoma iyiphi idivayisi exhunyiwe.

Kumanethiwekhi asekhaya anamadivayisi amaningi, ungahlukanisa ikheli le-IP ledivayisi ngayinye bese ubona ukuthi ixhuma kumaphi amaseva, kangaki, nokuthi idlulisela luphi uhlobo lokuqukethwe. Ngale ndlela, uqonda kangcono ithrafikhi engakahleleki yenethiwekhi yakho futhi ungenza izinqumo ezinjengokuhlukanisa amadivayisi, ukuvimba izizinda, noma ukushintsha ukucushwa.

Ukuhlaziywa okuthuthukisiwe: i-HTTP, i-DNS, ukuskena kwenethiwekhi kanye nokuhlasela

Ezindaweni ezithuthuke kakhulu, i-Wireshark iba ithuluzi elibalulekile lokuhlaziya ukuphepha kanye nokuphenya ngezingozi. Ivumela ukuhlaziywa okuningiliziwe. Ithrafikhi ye-HTTP, imibuzo nezimpendulo ze-DNS, ukuskena kwechweba nge-NmapImizamo yokudambisa ubuthi be-ARP, imigudu ye-SSH, nokunye okuningi.

Nge-HTTP, ungabuyekeza izihloko, amakhodi empendulo, ama-URL aceliwe, futhi, uma kungekho ukubethela, ngisho nokuqukethwe kwamafomu noma amafayela. Nge-DNS, uzobona ukuthi yiziphi izizinda ezixazululwayo, ukuthi yimaphi amaseva abuzwayo, nokuthi ngabe kukhona yini izimpendulo ezisolisayo noma izizinda ezingahambisani nokusetshenziswa okuvamile kwemishini.

Ukuskena kwe-Nmap kushiya amaphethini ahlukile kunethiwekhi: imizamo eminingi yokuxhumanisa amachweba amaningi, ukusetshenziswa kwamafulegi athile e-TCP, njll. Ngezihlungi ezifanele, ungabona le misebenzi bese uqinisekisa ukuthi othile unesihluku. izinsizakalo zokumapha eziveziwe engqalasizinda yakho.

Ukuphanga/ukufaka ubuthi ku-ARP kungatholakala nangokubona indlela ukuhlanganiswa kwekheli le-IP ne-MAC okushintshwa ngayo kunethiwekhi yendawo. Futhi ngemigudu ye-SSH, noma okuqukethwe kubethelwe, usengakwazi ukuhlaziya amaphethini okuxhumana, ubude besikhathi, kanye nenani ledatha edlulisiwe.

Eziningi zalezi zivivinyo ziyingxenye yamalebhu asebenzayo njengalawo avela ku-TryHackMe, ahloselwe ukuhlaziywa kwethrafikhi enonya noma esolisayoUzosebenza ngezithombe ezithathwe kusengaphambili ukuze ufunde ukubona izinkomba zokuyekethisa, ama-vector okuhlasela, kanye nokuziphatha okungavamile usebenzisa i-Wireshark kuphela.

I-Wireshark 4.6.0 ku-macOS: i-pktap metadata kanye nokuhlaziywa kwenqubo

Enye yezinguquko ezithakazelisa kakhulu kubasebenzisi be-Mac iza nenguqulo I-Wireshark 4.6.0okwethula ukwesekwa komdabu kwe-metadata ye-macOS pktap. Lokhu kuvumela iphakethe ngalinye lenethiwekhi ukuthi lihlotshaniswe nenqubo yesistimu eyikhiqizile, okunikeza izinga elinamandla kakhulu lemininingwane.

Ngenxa yalokhu kuhlanganiswa, iWireshark ingabonisa ulwazi olufana nalolu I-PID (isihlonzi senqubo) ​​kanye negama lesicelo okusungula ithrafikhi, kanye neminye imethadatha efanele. Lokhu kwenza kube lula kakhulu ukulungisa amaphutha kuhlelo lokusebenza, njengoba wazi kahle ukuthi iyiphi ingxenye evula ukuxhumana, idla i-bandwidth, noma ibangela amaphutha.

I-metadata ihlanganisa nedatha yezihlonzi zokugeleza kanye nezibalo zephakethe ezilahliwe, okuvumela ukuhlaziywa okuningiliziwe kwezinkinga zokusebenza. Lolu lwazi luvame ukuqoshwa nge... i-tcpdump enezinketho ze--ky -K, bese ingeniswa ku-Wireshark, echaza futhi ibonise lawo mabhulokhi ngaphakathi kwefomethi ye-pcap-ng.

Kumaqembu okuthuthukisa kanye nokuphepha ohlelweni lwe-Apple, lokhu kumelela igxathu elikhulu: angaphenya izehlakalo ngokuchazwa okunembile kakhulu kwezinqubo ezithile, abone ukuziphatha okungavamile ngaphakathi kwezinhlelo zabo zokusebenza, futhi aqinisekise ukuthi izinqubomgomo zokuphepha kanye nobumfihlo ziyalandelwa ngempela.

Ngaphezu kwalokho, isifaki se-Wireshark 4.6.0 se-macOS siyi jikelele we-Arm64 kanye ne-Intel architecturesLokhu kwenza kube lula ukufaka kuma-Mac anamuhla ane-Apple Silicon kanye nasemakhompyutha amadala kancane ane-Intel processors.

I-Wireshark njengethuluzi lochwepheshe: izifundo, izincwadi kanye nezindawo zesimanje

Ukusetshenziswa okuthuthukisiwe kwe-Wireshark kuyisihloko esiphindaphindayo ezifundweni zokuqeqesha ezikhethekile, lapho kuboniswa khona imisebenzi yayo enamandla kakhulu yokulungisa amaphutha, ukuhlola, kanye nemisebenzi yokuphepha. Lezi zifundo zifundisa ukuthi kwenziwa kanjani lungiselela ithuluzi kusukela ekuqaleni, yenza ngendlela oyifisayo futhi uhlaziye izinqubo zenethiwekhi ezivame kakhulu ezindaweni zezinkampani.

Isikhathi esiningi sivame ukuchithwa kumaphrothokholi afana nalawa I-HTTP, i-FTP, i-SSL/TLS, i-DNS, i-DHCP, i-RTP, i-SIP kanye nezinye izinkinga ezivamile ku-VoIP, izinsizakalo zewebhu, kanye nokuxhumana okubethelwe. Izifundo ezingokoqobo zenziwa ukuze kutholakale isivinini esisheshayo, izinkinga zekhwalithi yocingo, ukungasebenzi kwesevisi, kanye nokulungiselelwa okungalungile.

Ngesikhathi esifanayo, kuye kwavela izincwadi nezinsiza ezithuthukisiwe, ezigxile kochwepheshe benethiwekhi, ochwepheshe bezokuphepha kwe-inthanethi, kanye nabafundi abafuna ukuba yingcweti ye-Wireshark ezimweni zanamuhla. Lezi zinto zivame ukuhlanganisa ithiyori ne- I-TCP/IP, i-TLS, ukuhlaziywa kwamaphakethe kanye nezihlungi ezithuthukisiwe ngokuzivocavoca okusebenzayo kanye nama-laboratory aqondiswayo.

Indlela evamile ukuhlanganisa ukusetshenziswa kweWireshark namanye amathuluzi okuphepha nokuqapha, njenge I-Snort, i-Suricata, i-Zeek noma i-ELK stack (Elasticsearch, Logstash, Kibana) ngaphakathi kwamapulatifomu e-SIEM. Umqondo uwukusebenzisa i-Wireshark ekuhlolweni okuningiliziwe kwezinga eliphansi, kuyilapho amanye amathuluzi enikeza ukuhlangana, izexwayiso, kanye namadeshibhodi asezingeni eliphezulu.

Iphinde ihlanganise izinhlelo zokusebenza ezithile kumanethiwekhi nezinhlelo ze-IoT ezisebenzisa ubuhlakani bokwenziwa, lapho ukubonakala kwethrafikhi kubalulekile khona ekuboneni ubuthakathaka, amadivayisi angalungiselelwe kahle, noma ukuxhumana okungalindelekile. Ukwazi i-Wireshark kulezi zindawo kwenza ithuluzi libe yi- isisetshenziswa samasu sokuphepha nokwenza ngcono yamanethiwekhi ayinkimbinkimbi.

Sekukonke, iWireshark isuka ekubeni ngumuntu othanda ukuhogela kalula iye ekubeni ithuluzi eliyisisekelo ekuqapheni okuthuthukile, ekuxilongeni amaphutha, ekuhlaziyeni izinsongo, nasekuqondeni okujulile ukuthi izinhlelo zokusebenza nezinsizakalo ziziphatha kanjani kunethiwekhi.

Ngayo yonke into enikezayo, kusukela emisebenzini eyisisekelo yokuthwebula nokuhlunga kuya kumakhono okuhlaziya athuthukile ngephrothokholi, imibala, izikhathi, kanye nemethadatha yenqubo, kusobala ukuthi I-Wireshark iyithuluzi elibalulekile Noma ubani odinga ukuqonda ukuthi kwenzekani ngempela kunethiwekhi yakhe, kungaba sekhaya, ebhizinisini elincane, noma enhlanganweni enkulu.

I-athikili ehlobene:

Umhlahlandlela ophelele wokuhlaziya ama-router kanye nezindawo zokufinyelela ze-WiFi