Contents
hide
IntroductionWireshark is a powerful tool used for network analysis and troubleshooting. In this guide, we will explore Wireshark statistics to help you understand network traffic better.
What are Wireshark
Packet Size: arp < icmp < dns
Wireshark Syntax
Code Language: JavaScriptCopy
Filter IP, such as source IP or destination x.x.x.xip.src == x.x.x.x or ip.dst eq x.x.x.x or ip.addr == x.x.x.xFilter Porttcp.port eq 80 or udp.port eq 80Filter MACeth.dst ==A0:00:00:04:C5:84HTTP Mode Filter (a kind of fuzzy matching)http.request.method== "GET" http.request.method== "POST" http.request.uri =="/img/logo-edu.gif" http contains"GET" http contains"HTTP/1." http.request.method== "GET" && http contains "User-Agent:"# Filter Login BackendLogin backend is (relative path suffices) /admin/login.phphttp contains "login" && http.request.method == "POST"# Login Passwordhttp contains "password"ip.src == 192.168.94.59 and http contains "eval"http contains "{\"success\":true}" and ip.addr==192.168.94.59What is the network card configuration, submit internal network IP of the network cardhttp contains "eth" # Protocol Grading Statistics, similar fuzzy matching for MySQLmysql.query contains “SELECT”mysql contains "hash_code"Click Statistics -> EndpointsQ: How to query the request and response size of a specific application or server and client?A: Use the menu Statistics -> Group Length to perform packet size statistics;
Code Language: JavaScriptCopy
# Filter according to its pattern# Requestip.src==10.20.172.103 && ip.dst==192.168.10.200# Responseip.dst==10.20.172.103 && ip.src==192.168.10.200# Packet Size Calculation211 * 187.09 / 1024 = 38.55 kb (Note the size difference in KB)228 * 3661.07 / 1024 = 815.16 kb
WeiyiGeek. All Requests Data Packet Size Query
Q: How to query the number of HTTP data packet request/response statistics?A: Use the menu Statistics -> HTTP -> Group CounterFor example: HTTP data packet request/response return counts are 49 times each;
