Wireshark is a commonly used tool in the network security field, and also a packet capture and analysis tool. Data packets are encapsulated layer by layer in a model before being sent out. Wireshark captures packets at the lowest level, extracting data from the entire ISO model and displaying it in TCP/IP terms. Its Chinese name is "Little Shark" or "Shark Fin." It relies on libPCAP and winPCAP as its drivers.
Function Description
Its main function is to extract network packets from the network card, capable of detecting and analyzing various protocols, including Ethernet, Wi-Fi, TCP/IP, and HTTP.
Application Scenarios:
* Standalone Packet Capture: Directly captures incoming and outgoing traffic packets from the local network card.
* LAN Packet Capture: Configures a switch to forward port traffic to the host's network card for packet capture and analysis within the local area network.
* Hacker App Spoofing Packet Capture: Uses ARP spoofing software to perform ARP attacks, redirecting the host's traffic data to the host machine's network for packet capture from various hosts within the local area network.
In summary
Wireshark is an open-source, cross-platform tool for capturing, analyzing, and decoding network packets. Its core capability is to translate binary data transmitted over the network into human-readable protocol fields and interaction logic.