Packet analyzer
在开发与网络相关的application的时候,使用包分析工具是一种非常快速的排查方法,尤其是抓包工具。
wikipedia Packet analyzer
NOTE: 包分析工具
A packet analyzer or packet sniffer is a computer program, or computer hardware such as a packet capture appliance, that can intercept and log traffic that passes over a computer network or part of a network.
Notable packet analyzers
For a more comprehensive list, see Comparison of packet analyzers.
NOTE: 原文给出了比较好的总结,可以作为后续寻找工具的入口
Packet capture
Packet capture即抓包,它是最最常见的一种packet analysis方式,本节对它进行描述。
wikipedia Packet capture appliance
NOTE: appliance的意思是 设备
wikipedia pcap
NOTE: 非常重要的API,很多的tool都是在它的基础上创建的
In the field of computer network administration, pcap is an application programming interface (API) for capturing network traffic.
| OS | implementation |
|---|---|
| Unix-like systems | libpcap library |
| Windows | Npcap for Windows 7 |
NOTE: how to parse
Programs that use libpcap
NOTE: 下面是目前我接触过的工具
pcap file
pcap file是抓包的产物,如何来分析呢?
正如wikipedia pcap中所述:
A capture file saved in the format that libpcap, WinPcap, and Npcap use can be read by applications that understand that format, such as tcpdump, Wireshark, CA NetMaster, or Microsoft Network Monitor 3.x.
显然,上面提到的这些工具都可以解析,一般使用Wireshark来进行解析。如何使用tcpdump 来解析呢?参见Network\Tools\Packet-analyzer\tcpdump。