网络抓包的部署和工具Wireshark【图书节选】

PRACTICAL PACKET ANALYSIS Using Wireshark to Solve Real-World Network Problems

by Chris Sanders

ISBN-10: 1-59327-149-2

ISBN-13: 978-1-59327-149-7

Publisher: William Pollock

Production Editor: Christina Samuell

不同的网络设备的包流动情况

抓包的配置

There are three primary ways to capture traffic from a target device on a switched network: port mirroring, ARP cache poisoning, and hubbing out.

 

Wireshark历史

Wireshark has a very rich history. Gerald Combs, a computer science graduate of the University of Missouri at Kansas City, originally developed it out ofnecessity. The very first version of Combs’ application, called Ethereal, was released in 1998 under the GNU Public License (GPL).

Eight years after releasing Ethereal, Combs left his job to pursue other career opportunities. Unfortunately, his employer at that time had full right to the Ethereal trademarks, and Combs was unable to reach an agreement that would allow him to control the Ethereal “brand.” Instead, Combs and the rest of the development team rebranded the project as Wireshark in mid-2006.

Wireshark has grown dramatically in popularity, and its collaborative development team now boasts over 500 contributors. The program as it exist

under the Ethereal name is no longer being developed