Wireshark University
| 1.408.378.7841
SharkFest'18 (Asia/US/Europe) Registration
SharkFest'18 ASIA -
- April 9-11, Nanyang Technological University, Singapore
SharkFest'18 US -
- June 25-28, Computer History Museum, Mountain View, California
SharkFest'18 Europe - Registration Opening Soon - October 31-November 2, Imperial Riding School, Renaissance Vienna Hotel, Vienna, Austria
&&Sign Up to Receive Wireshark Tips
&&Want to Learn new Wireshark skills? Sign up for the
today. &&Laura is launching a series of Wireshark Tips starting late January 2018.
SharkFest 2016 (US/Europe) Packet Challenges
Want to test your Wireshark skills? Take the
from SharkFest 2016.
Wireshark 2.0 Webinar with Gerald Combs and Laura Chappell
Watch this video to learn the basics of the newest Wireshark release! Trace files referenced in the training:
About Wireshark
Wireshark is the world's most popular network analyzer with over 500,000 downloads per month. And yes, it is still free. Created by Gerald Combs under the original name Ethereal, Wireshark is maintained by a dedicated group of core developers. Wireshark University was formed to validate your skills in packet capture and analysis.
Check out the training options for self-study or instructor-led courses related to Wireshark.
Educate yourself today.
Certification
Get all the information you need to prepare and register for the Wireshark Certified Network Analyst designation.
Get certified today.
Wireshark 101: Essential Skills for Network Analysis book is a great place to start.
Get the book.
Sign up for our Newsletter
The newsletter includes training updates, certification exam updates and news regarding events pertaining to Wireshark. This is an incredibly low-volume newsletter that you can opt-out of any time.What is Wireshark? - Definition from WhatIs.com
Share this item with your network:
Wireshark is an open source tool for profiling network traffic and analyzing packets. Such a tool is often referred to as a network analyzer, network protocol analyzer or .
Wireshark, formerly known as Ethereal, can be used to examine the details of traffic at a variety of levels ranging from connection-level information to the bits that make up a single . Packet capture can provide a network administrator with information about individual packets such as transmit time, source, destination,
data. This information can be useful for evaluating security events and troubleshooting network security device issues.
Wireshark will typically display information in three panels. The top panel lists
individually with key data on a single line. Any single frame selected in the top pane is further explained in the tool's middle panel. In this section of the display, Wireshark shows packet details, illustrating how various aspects of the frame can be understood as belonging to the , ,
or . Finally, Wireshark's bottom pane displays the raw frame, with a
rendition on the left and the corresponding
values on the right.
Because Wireshark can also be used for eavesdropping, an organization using the tool should make sure it has a clearly defined
that spells out the rights of individuals using its network, grants permission to sniff traffic for security and troubleshooting issues and states the organization's policies for obtaining, analyzing and retaining network traffic samples.
Wireshark is licensed under the .
See also:& ,
Continue Reading About Wireshark
Related Terms
Network as a service (NaaS) is a business model for delivering enterprise-wide area network services virtually on a subscription ...
The Windows event log is a detailed record of system, security and application notifications stored by the Windows operating ...
Zabbix is an open source monitoring software tool for diverse IT components, including networks, servers, virtual machines (VMs) ...
Logistics management is the governance of supply chain management functions that helps organizations plan, manage and implement processes to move and store goods.
File Extensions and File Formats
Powered by:
A smart contract, also known as a cryptocontract, is a computer program that directly controls the transfer of digital currencies...
A risk map, also known as a risk heat map, is a data visualization tool for communicating specific risks an organization faces. A...
An internal audit (IA) is an organizational initiative to monitor and analyze its own business operations in order to determine ...
A honeypot is a computer system that is set up to act as a decoy to lure cyberattacks and to detect, deflect, or study attempts ...
IPsec, also known as the Internet Protocol Security or IP Security protocol, defines the architecture for security services for ...
An SSL VPN is a type of virtual private network that uses the Secure Sockets Layer protocol -- or, more often, its successor, the...
Biomedical informatics is the branch of health informatics that uses data to help clinicians, researchers and scientists improve ...
Health information exchange (HIE) is the electronic transmission of healthcare-related data among medical facilities, health ...
Protected health information (PHI), also referred to as personal health information, generally refers to demographic information,...
An incident management plan (IMP), sometimes called an incident response plan or emergency management plan, is a document that ...
Crisis communication is a method of corresponding with people and organizations during a disruptive event to provide them with ...
Zerto is a storage software vendor that specializes in enterprise-class business continuity and disaster recovery in virtual and ...
Network-attached storage (NAS) is dedicated file storage that enables multiple users and heterogeneous client devices to retrieve...
An SSD write cycle is the process of programming data to a NAND flash memory chip in a solid-state storage device.
Data storage is the collective methods and technologies that capture and retain digital information on electromagnetic, optical ...wireshark如何只保存显示过滤器筛选的部分报文？非常着急，在这等着_百度知道
wireshark如何只保存显示过滤器筛选的部分报文？非常着急，在这等着
wireshark如何只保存显示过滤器筛选的部分报文？捕捉时没有设置捕捉过滤器，导致文件过大，如何只保存想要的部分？
我有更好的答案
有几种方法：1、先用filter进行过滤，然后File——Save As，Packet Range里面选择Displayed，然后保存。2、如果想保存从第2001个到第3000个这1000个包，可以在2001个包上点右键选择Mark Packet(toggle)，在第3000个包上点右键选择Mark Packet(toggle)，然后File——Save As，Packet Range里面，选择First to last marked，然后保存。或者不用标记，保存的时候选择Range，填上：，然后保存。3、如果只想保存几个特定的包，也可以在你要的每个Packet上点右键，选择Mark Packet(toggle)，然后File——Save As，Packet Range里面选择Marked packets，然后保存。
采纳率：40%
最新的版本已经是file&export里面了，export specified packets，选项有选择可保存特定选择的部分报文（可以选择capture和display，还可以指定行数等）
1、先标记显示的packets
Edit-&Mark All Displayed Packets2、只保存标记的packets
File-&Save As
Packet Range 中选择Marked packets我想其他的你会的。
引用mybrightday的回答：有几种方法：1、先用filter进行过滤，然后File——Save As，Packet Range里面选择Displayed，然后保存。2、如果想保存从第2001个到第3000个这1000个包，可以在2001个包上点右键选择Mark Packet(toggle)，在第3000个包上点右键选择Mark Packet(toggle)，然后File——Save As，Packet Range里面，选择First to last marked，然后保存。或者不用标记，保存的时候选择Range，填上：，然后保存。3、如果只想保存几个特定的包，也可以在你要的每个Packet上点右键，选择Mark Packet(toggle)，然后File——Save As，Packet Range里面选择Marked packets，然后保存。
不是另存为， 是导出
1条折叠回答
为您推荐：
其他类似问题
您可能关注的内容
wireshark的相关知识
换一换
回答问题，赢新手礼包
个人、企业类
违法有害信息,请在下方选择后提交
色情、暴力
我们会通过消息、邮箱等方式尽快将举报结果通知您。Wireshark_百度百科
清除历史记录关闭
声明：百科词条人人可编辑，词条创建和修改均免费，绝不存在官方及代理商付费代编，请勿上当受骗。
Wireshark（前称Ethereal）是一个分析软件。网络封包分析软件的功能是撷取网络封包，并尽可能显示出最为详细的网络封包资料。Wireshark使用WinPCAP作为接口，直接与网卡进行数据报文交换。网络封包分析软件的功能可想像成 &电工技师使用电表来量测电流、电压、电阻& 的工作 - 只是将场景移植到网络上，并将电线替换成网络线。在过去，网络封包分析软件是非常昂贵的，或是专门属于盈利用的软件。Ethereal的出现改变了这一切。在GNUGPL通用许可证的保障范围底下，使用者可以以免费的代价取得软件与其，并拥有针对其源代码修改及的权利。Ethereal是目前全世界最广泛的网络封包分析软件之一。
Wireshark应用
Wireshark使用目的
以下是一些使用Wireshark目的的例子：
使用Wireshark来检测网络问题，使用Wireshark来检查资讯安全相关问题，开发者使用Wireshark来为新的通讯协定除错，普通使用者使用Wireshark来学习网络协定的相关知识。当然，有的人也会“”的用它来寻找一些敏感信息……
Wireshark不是入侵侦测系统（Intrusion Detection System,）。对于网络上的异常流量行为，Wireshark不会产生警示或是任何提示。然而，仔细分析Wireshark撷取的能够帮助使用者对于网络行为有更清楚的了解。Wireshark不会对产生内容的修改，它只会反映出目前流通的封包资讯。 Wireshark本身也不会送出封包至网络上。
Wireshark发展简史
1997年底，GeraldCombs需要一个能够追踪网络流量的作为其工作上的辅助。因此他开始撰写Ethereal软件。Ethereal在经过几次中断开发的事件过后，终于在1998年7月释出其第一个版本v0.2.0。自此之后，Combs收到了来自全世界的修补程式、错误回报与鼓励信件。的发展就此开始。不久之后，GilbertRamirez看到了这套软件的开发潜力并开始参予低阶程式的开发。1998年10月，来自NetworkAppliance公司的GuyHarris在寻找一套比tcpview（另外一套撷取程式）更好的软件。于是他也开始参与Ethereal的开发工作。1998年底，一位在教授TCP/IP课程的讲师RichardSharpe，看到了这套软件的发展潜力，而后开始参与开发与加入新协定的功能。在当时，新的通讯协定的制定并不复杂，因此他开始在Ethereal上新增的撷取功能，几乎包含了当时所有通讯协定。
自此之后，数以千计的人开始参与Ethereal的开发，多半是因为希望能让Ethereal撷取特定的，尚未包含在Ethereal默认的网络协定的封包而参予新的开发。2006年6月，因为商标的问题，Ethereal更名为Wireshark。
Wireshark工作流程
（1）确定Wireshark的位置。如果没有一个正确的位置，启动Wireshark后会花费很长的时间捕获一些与自己无关的数据。
（2）选择捕获接口。一般都是选择连接到Internet网络的接口，这样才可以捕获到与网络相关的数据。否则，捕获到的其它数据对自己也没有任何帮助。
（3）使用捕获过滤器。通过设置捕获过滤器，可以避免产生过大的捕获文件。这样用户在分析数据时，也不会受其它数据干扰。而且，还可以为用户节约大量的时间。
（4）使用显示过滤器。通常使用捕获过滤器过滤后的数据，往往还是很复杂。为了使过滤的数据包再更细致，此时使用显示过滤器进行过滤。
（5）使用着色规则。通常使用显示过滤器过滤后的数据，都是有用的数据包。如果想更加突出的显示某个会话，可以使用着色规则高亮显示。
（6）构建图表。如果用户想要更明显的看出一个网络中数据的变化情况，使用图表的形式可以很方便的展现数据分布情况。
（7）重组数据。Wireshark的重组功能，可以重组一个会话中不同数据包的信息，或者是一个重组一个完整的图片或文件。由于传输的文件往往较大，所以信息分布在多个数据包中。为了能够查看到整个图片或文件，这时候就需要使用重组数据的方法来实现。
Wireshark时标
时标依赖于抓包电脑的系统时间。有一点需要注意：抓取的第一条和最后一条报文的时标并不是高度精确的。
Wireshark过滤器
Wireshark拥有强大的过滤器引擎，用户可以使用过滤器筛选出有用的数据包，排除无关信息的干扰。
．wireshark-wiki-官方．[引用日期]
．wireshark官方使用手册[引用日期]
清除历史记录关闭