Находим в параметрах TCP поле [stream index], создаем (правой кнопкой) столбец. Это видео подтвердило то, что я "открыл" сам. Потому констатирую, что прекращаю смотреть все подряд, посольку вышел на уровень уверенного чайника Wireshark.
Опубликовано: 20 июля 2013 г. This tip was released via Twitter (@laurachappell). Find out how a simple TCP Stream Index column can help unravel the spaghetti mess of intertwined TCP conversations.
Находим в параметрах TCP поле [stream index], создаем (правой кнопкой) столбец
In []:
0:01Wireshark tip 10
0:03if you want to follow along with the steps as I release them
0:06on Twitter you can follow me at Laura Chappell
0:09in this too we're gonna go through how to
0:14right mouse click on the TCP stream field and apply it as a column for
0:18dealing with spaghetti TCP traffic
0:20and what I mean by that is that a lot of times when you're communicating
0:24on the network you have multiple connections when you look at the trace
0:28file they're all
0:29intertwined and sometimes it's hard to tell when you've gone from one
0:33conversation to the next conversation
0:36so use this TCP stream field
0:39it's a stream index field to add a column so it quickly see
0:43when we've gone from one conversation to the next have opened up trace file
0:47called
0:48ap dash Norton dash update to you
0:52and we can see that the trace file begins with DNS queries in that we have
0:56our handshake remake
0:58get request another get request so profound that film that's not too good
1:03see another get requester get request alright
1:06so first before at this column I'm going to change the way the length column is
1:11aligned
1:11really bothers me that it's sorta runs right into the infocomm
1:15so many right mouse click on the length column heading
1:18and say a line left now I'm ready
1:22at my stream index column in order to do this the fastest way
1:28I'm going to expand the TCP header in the packet Details window
1:33and tears are streaming index mine
1:36in Wireshark it
1:39assigns a stream index number to every TCP conversation
1:43starting with the number 0 so here we have a sim pack in this is
1:47to find a stream index 0 and every packet in that conversation will
1:52maintain stream indexes 0
1:54when this client goes and makes another
1:57sin connection request to another target
2:00where separate number that one first
2:04easily detect when removed from one conversation to the next
2:07well just out this is a column the fastest way to add a columnist right
2:12mouse click on the field that you're interested in
2:14and select apply as column there's my stream index column
2:19in this tracfone I do have intertwining TCP conversations
2:25but it's very easy to see what I've moved to another conversation there I
2:28can see I went from
2:29stream index 02 stream x1
2:32so so far we have two streams and even as I scroll through I can easily see
2:37when I'm hopping over to stream number three to or three or four
2:41et cetera we can also use that stream index
2:45feel too apply filters for traffic based on a conversation
2:50when you select the stream index line you can see down below that the syntax
2:54for display filter is simply
2:56TCP dot stream so I can take a TCP dot stream
3:00equal sign equal sign for and I'm only looking at
3:04TCP stream for traffic but TCP stream index value
3:10is great we can use it when we apply
3:13graphs to the traffic we can use it for our
3:16display filters and we can use it when we want to just pull out
3:21one conversation to keep up with the Wireshark
3:26tips you can follow me on twitter outdoor chapel
3:30and for more Wireshark tips and training visit chapel you dot com
Посты чуть ниже также могут вас заинтересовать
Комментариев нет:
Отправить комментарий