Wireshark computer Chinese version is a very popular network packet analysis software in China, and many network administrators can often use it. In addition, this software brought by the kk website for users is a Chinese version, which can be used immediately without installation. It is very convenient. If you are a network security engineer, you should not miss this software. Come and download it to experience it.
How to use wireshark
1. Determine the location of Wireshark
If there is no correct location, it will take a long time to capture some irrelevant data after starting Wireshark.
2. Select Capture Interface
Generally, the interface connecting to the Internet network is selected so that network related data can be captured. Otherwise, other captured data will not help you.
3. Use capture filters
By setting the capture filter, you can avoid producing too large capture files. In this way, users will not be interfered by other data when analyzing data. Moreover, it can save a lot of time for users.
4. Use Display Filters
Usually, the data filtered by capture filter is still very complex. In order to make the filtered data packet more detailed, the display filter is used for filtering.
5. Use shading rules
Usually, the data filtered by the display filter are useful data packages. If you want to highlight a session more, you can use shading rules to highlight it.
6. Build Diagram
If users want to see the changes of data in a network more clearly, they can easily display the data distribution in the form of charts.
7. Reorganize data
Wireshark's reorganization function can reorganize the information of different packets in a session, or reorganize a complete picture or file. Because the files transferred are often large, the information is distributed in multiple data packets. In order to view the entire picture or file, you need to use the method of data reorganization.
Wireshark's main role
Network administrators use Wireshark to detect network problems, network security engineers use Wireshark to check information security related problems, developers use Wireshark to debug new communication protocols, and ordinary users use Wireshark to learn about network protocols. Of course, some people will use it to find some sensitive information
Wireshark is not an Intrusion Detection System (IDS). Wireshark will not generate alerts or any prompts for abnormal traffic behaviors on the network. However, careful analysis of packets captured by Wireshark can help users have a clearer understanding of network behavior. Wireshark will not modify the content of network packets, but only reflect the current packet information. Wireshark itself does not send packets to the network.
Wireshark software features
1. Capture packets in real time on the interface
2. Support UNIX and Windows platforms
3. You can open/save the captured package
4. Be able to display the detailed protocol information of the package in detail
5. Packets can be filtered in many ways
6. You can import and export package data formats supported by other capture programs
7. Multiple ways to find packages
8. Display the package in multiple colors through filtering
9. Create multiple statistical analysis
Wireshark Chinese function
1. Network security engineers are used to detect security risks.
2. The network administrator detected a network problem.
3. It can exchange data messages directly with the network card.
Wireshark update log
V3.6.8 Update:
1: New interface, refreshing, simple and efficient
2: Better and better performance
V3.6.1 Updates:
mismatch repair
The following vulnerabilities have been fixed:
The RTMPT parser loops indefinitely. 17745. cve – 2021 – 4185。
The BitTorrent DHT parser has an infinite loop. The year 17754. cve – 2021 – 4184。
The pcapng file parser crashed. The year 17755. cve – 2021 – 4183。
RFC 7468 file parser infinite loop. 17801 problem. cve – 2021 – 4182。
Sysdig event profiler crashed. cve – 2021 – 4181。
Infinite loop in Kafka resolution area. The year 17811.
The following errors have been fixed:
It is allowed to display the next second timestamp in the form of hexdumps.
GRPC: If the length of GRPC message body is 0 Issue 17675, an unnecessary empty Protobuf item will be displayed.
Unable to install ChmodBPF. Or Add Wireshark to System Path. On M1 MacBook Air Monterey without Rosetta 2 17757.
LIN payload truncated 1 byte 17760 problem.
If a 64 bit field of type BASE_CUSTOMER is applied as a column Issue 17762, Wireshark will crash.
Command line option "- o console.log". This causes wireshark and tshark to exit at startup.
Setting WIRESHARK_LOG_LEVEL=debug will interrupt the interface capture.
Cannot build without tshark Issue 17766.
IEEE 802.11 action frames are not parsed, which is always regarded as a malformed 17767 problem.
The iec60870 - 5-101 link address field is 1 byte, but should have a configurable length of 0, 1, or 2 bytes.
dfilter:“tcp。 Port not in {1} 'Crash Wireshark Issue 17785
New and updated features
"Console.log. The level priority has been removed in Wireshark 3.6.0. This version adds an '- o console.log. level:' backward compatibility option in the CLI, which maps to the new logging subsystem. Note that this has no bitmask semantics and does not correspond to any actual preferences. It is just a transition mechanism, which depends on this CLI option for users and will be deleted in the future. To view the new diagnostic output options, see the manual or the output of '-- help'.
New protocol support
There are no new protocols in this version.
Updated protocol support
ANSI A I/F、AT、BitTorrent DHT、FF、GRPC、IEC 101/104、IEEE 802.11、IEEE 802.11 Radiotap、IPsec、Kafka、QUIC、RTMPT、RTSP、SRVLOC、Sysdig Event、TECMP
New and updated capture file support
BLF and RFC 7468
New file format decoding support
This version does not support new or updated file formats.
