Wireshark 序

1. Foreword 前言

2. Who should read this document? 誰適合讀該文檔？

3. Acknowledgements 致謝

4. About this document 關於本文檔

5. Where to get the latest copy of this document? 哪裏獲取本文檔最新副版

6. Providing feedback about this document 反饋

7. Typographic Conventions 版式約定

7.1. Admonitions 指望

7.2. Shell Prompt and Source Code Examples 源碼案例

---

 

1. Foreword 前言

Wireshark is the world’s foremost network protocol analyzer, but the rich feature set can be daunting for the unfamiliar. This document is part of an effort by the Wireshark team to improve Wireshark’s usability. We hope that you find it useful and look forward to your comments.

Wireshark是世界第一流的網絡協議分析器，可是豐富的特性套件讓不熟悉它的人望而生畏。Wireshark團隊但願此文檔能提升Wireshark的可用性  。但願你覺的它有用，最好能看到你的評論。

 

2. Who should read this document? 此文檔適合誰？

The intended audience of this book is anyone using Wireshark.

This book explains all of the basic and some advanced features of Wireshark. As Wireshark has become a very complex program, not every feature may be explained in this book.

This book is not intended to explain network sniffing in general and it will not provide details about specific network protocols. A lot of useful information regarding these topics can be found at the Wireshark Wiki at https://wiki.wireshark.org/.

By reading this book, you will learn how to install Wireshark, how to use the basic elements of the graphical user interface (such as the menu) and what’s behind some of the advanced features that are not always obvious at first sight. It will hopefully guide you around some common problems that frequently appear for new (and sometimes even advanced) Wireshark users.

本書的目標讀者是任何一個Wireshark的使用者。

本書解釋了Wireshark的素有基本特性和部分高級特性。因爲Wireshark是如此的複雜，因此此書並未包含全部的特性。

本書不會解釋常見的網絡嗅探，也不會對特定的網絡協議提供詳細解說。在Wireshark Wiki上能夠找到不少與此主題相關的信息，Wiki地址 https://wiki.wireshark.org/。

閱讀本書，你將學會如何安裝Wireshark，如何使用圖形界面上的基本元素（例如菜單），以及隱藏在部分高級功能背後的特性，這些每每無法一目瞭然。但願這本書能幫你解決一些Wireshark新用戶常常遇到的問題。

 

3. Acknowledgements

The authors would like to thank the whole Wireshark team for their assistance. In particular, the authors would like to thank:

• Gerald Combs, for initiating the Wireshark project and funding to do this documentation.
• Guy Harris, for many helpful hints and a great deal of patience in reviewing this document.
• Gilbert Ramirez, for general encouragement and helpful hints along the way.

The authors would also like to thank the following people for their helpful feedback on this document:

• Pat Eyler, for his suggestions on improving the example on generating a backtrace.
• Martin Regner, for his various suggestions and corrections.
• Graeme Hewson, for many grammatical corrections.

The authors would like to acknowledge those man page and README authors for the Wireshark project from who sections of this document borrow heavily:

• Scott Renfro from whose mergecap man page Section D.8, 「mergecap: Merging multiple capture files into one」 is derived.
• Ashok Narayanan from whose text2pcap man page Section D.9, 「text2pcap: Converting ASCII hexdumps to network captures」is derived.

做者感謝整個Wireshark團隊的工做支持。尤爲要感謝：

• Gerald Combs, for initiating the Wireshark project and funding to do this documentation.
• Guy Harris, for many helpful hints and a great deal of patience in reviewing this document.
• Gilbert Ramirez, for general encouragement and helpful hints along the way.

做者一樣感謝如下人員對本書的有效反饋：

• Pat Eyler, for his suggestions on improving the example on generating a backtrace.
• Martin Regner, for his various suggestions and corrections.
• Graeme Hewson, for many grammatical corrections.

4. About this document 關於本書

This book was originally developed by Richard Sharpe with funds provided from the Wireshark Fund. It was updated by Ed Warnicke and more recently redesigned and updated by Ulf Lamping.

It was originally written in DocBook/XML and converted to AsciiDoc by Gerald Combs.

 此書最初由 Richard Sharpe 建立，Wireshark基金會提供資金支持。後來由Ed Warnicke 更新，最近由Ulf Lamping從新設計和更新。本書最初以DocBook/XML編寫，由Gerald Combs轉成AsciiDoc。

5. Where to get the latest copy of this document? 

The latest copy of this documentation can always be found at https://www.wireshark.org/docs/.

 本文檔的最新版本能夠在https://www.wireshark.org/docs/找到

6. Providing feedback about this document

Should you have any feedback about this document, please send it to the authors through wireshark-dev[AT]wireshark.org.

 若是你對本文檔有任何反饋，請發送給做者。wireshark-dev[AT]wireshark.org

7. Typographic Conventions

The following table shows the typographic conventions that are used in this guide.

如下表格列出了本文檔中用到的約定版式

Table 1. Typographic Conventions 約定版式

Style 樣式	Description 描述	Example 案例
Italic 斜體	File names, folder names, and extensions	C:\Development\wireshark.
Monospace 等寬字體	Commands, flags, and environment variables	CMake’s -G option.
Bold Monospace 粗體等寬字體	Commands that should be run by the user 用戶執行的命令	Run cmake -G Ninja ...
Button	Dialog and window buttons 對話框或窗口按鈕	Press Launch to go to the Moon.
Key	Keyboard shortcut 快捷鍵	Press Ctrl+Down to move to the next packet.
Menu	Menu item 菜單項	Select Go → Next Packet to move to the next packet.

 

7.1. Admonitions

Important and notable items are marked as follows:重要事項和注意事項以下標記：

	This is a warning 警告
	You should pay attention to a warning, otherwise data loss might occur.

	This is a note 注意
	A note will point you to common mistakes and things that might not be obvious.

	This is a tip 提示
	Tips are helpful for your everyday work using Wireshark.

7.2. Shell Prompt and Source Code Examples 提示符和源碼案例

Bourne shell, normal user. 運行腳本，普通用戶

$ # This is a comment
$ git config --global log.abbrevcommit true

 

Bourne shell, root user. 運行腳本，root用戶

# # This is a comment
# ninja install

 

Command Prompt (cmd.exe).  命令提示符

>rem This is a comment
>cd C:\Development

 

PowerShell.  全新命令行

PS$># This is a comment
PS$>choco list -l

 

C Source Code. C語言代碼

#include "config.h"

/* This method dissects foos */
static int
dissect_foo_message(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_)
{
    /* TODO: implement your dissecting code */
    return tvb_captured_length(tvb);
}