Wireshark 序

1. Foreword 前言

2. Who should read this document? 谁适合读该文档？

3. Acknowledgements 致谢

4. About this document 关于本文档

5. Where to get the latest copy of this document? 哪里获取本文档最新副版

6. Providing feedback about this document 反馈

7. Typographic Conventions 版式约定

7.1. Admonitions 期望

7.2. Shell Prompt and Source Code Examples 源码案例

---

1. Foreword 前言

Wireshark is the world’s foremost network protocol analyzer, but the rich feature set can be daunting for the unfamiliar. This document is part of an effort by the Wireshark team to improve Wireshark’s usability. We hope that you find it useful and look forward to your comments.

Wireshark是世界第一流的网络协议分析器，但是丰富的特性套件让不熟悉它的人望而生畏。Wireshark团队希望此文档能提高Wireshark的可用性  。希望你觉的它有用，最好能看到你的评论。

2. Who should read this document? 此文档适合谁？

The intended audience of this book is anyone using Wireshark.

This book explains all of the basic and some advanced features of Wireshark. As Wireshark has become a very complex program, not every feature may be explained in this book.

This book is not intended to explain network sniffing in general and it will not provide details about specific network protocols. A lot of useful information regarding these topics can be found at the Wireshark Wiki at https://wiki.wireshark.org/.

By reading this book, you will learn how to install Wireshark, how to use the basic elements of the graphical user interface (such as the menu) and what’s behind some of the advanced features that are not always obvious at first sight. It will hopefully guide you around some common problems that frequently appear for new (and sometimes even advanced) Wireshark users.

本书的目标读者是任何一个Wireshark的使用者。

本书解释了Wireshark的素有基本特性和部分高级特性。由于Wireshark是如此的复杂，所以此书并未包含所有的特性。

本书不会解释常见的网络嗅探，也不会对特定的网络协议提供详细解说。在Wireshark Wiki上可以找到很多与此主题相关的信息，Wiki地址 https://wiki.wireshark.org/。

阅读本书，你将学会如何安装Wireshark，如何使用图形界面上的基本元素（例如菜单），以及隐藏在部分高级功能背后的特性，这些往往没法一目了然。希望这本书能帮你解决一些Wireshark新用户经常遇到的问题。

3. Acknowledgements

The authors would like to thank the whole Wireshark team for their assistance. In particular, the authors would like to thank:

• Gerald Combs, for initiating the Wireshark project and funding to do this documentation.
• Guy Harris, for many helpful hints and a great deal of patience in reviewing this document.
• Gilbert Ramirez, for general encouragement and helpful hints along the way.

The authors would also like to thank the following people for their helpful feedback on this document:

• Pat Eyler, for his suggestions on improving the example on generating a backtrace.
• Martin Regner, for his various suggestions and corrections.
• Graeme Hewson, for many grammatical corrections.

The authors would like to acknowledge those man page and README authors for the Wireshark project from who sections of this document borrow heavily:

• Scott Renfro from whose mergecap man page Section D.8, “mergecap: Merging multiple capture files into one” is derived.
• Ashok Narayanan from whose text2pcap man page Section D.9, “text2pcap: Converting ASCII hexdumps to network captures”is derived.

作者感谢整个Wireshark团队的工作支持。尤其要感谢：

• Gerald Combs, for initiating the Wireshark project and funding to do this documentation.
• Guy Harris, for many helpful hints and a great deal of patience in reviewing this document.
• Gilbert Ramirez, for general encouragement and helpful hints along the way.

作者同样感谢以下人员对本书的有效反馈：

• Pat Eyler, for his suggestions on improving the example on generating a backtrace.
• Martin Regner, for his various suggestions and corrections.
• Graeme Hewson, for many grammatical corrections.

4. About this document 关于本书

This book was originally developed by Richard Sharpe with funds provided from the Wireshark Fund. It was updated by Ed Warnicke and more recently redesigned and updated by Ulf Lamping.

It was originally written in DocBook/XML and converted to AsciiDoc by Gerald Combs.

此书最初由 Richard Sharpe 创建，Wireshark基金会提供资金支持。后来由Ed Warnicke 更新，最近由Ulf Lamping重新设计和更新。本书最初以DocBook/XML编写，由Gerald Combs转成AsciiDoc。

5. Where to get the latest copy of this document?

The latest copy of this documentation can always be found at https://www.wireshark.org/docs/.

本文档的最新版本可以在https://www.wireshark.org/docs/找到

6. Providing feedback about this document

Should you have any feedback about this document, please send it to the authors through wireshark-dev[AT]wireshark.org.

如果你对本文档有任何反馈，请发送给作者。wireshark-dev[AT]wireshark.org

7. Typographic Conventions

The following table shows the typographic conventions that are used in this guide.

以下表格列出了本文档中用到的约定版式

Table 1. Typographic Conventions 约定版式

Style 样式	Description 描述	Example 案例
Italic 斜体	File names, folder names, and extensions	C:\Development\wireshark.
Monospace 等宽字体	Commands, flags, and environment variables	CMake’s -G option.
Bold Monospace 粗体等宽字体	Commands that should be run by the user 用户执行的命令	Run cmake -G Ninja ...
Button	Dialog and window buttons 对话框或窗口按钮	Press Launch to go to the Moon.
Key	Keyboard shortcut 快捷键	Press Ctrl+Down to move to the next packet.
Menu	Menu item 菜单项	Select Go → Next Packet to move to the next packet.

7.1. Admonitions

Important and notable items are marked as follows:重要事项和注意事项如下标记：

	This is a warning 警告
	You should pay attention to a warning, otherwise data loss might occur.

	This is a note 注意
	A note will point you to common mistakes and things that might not be obvious.

	This is a tip 提示
	Tips are helpful for your everyday work using Wireshark.

7.2. Shell Prompt and Source Code Examples 提示符和源码案例

Bourne shell, normal user. 运行脚本，普通用户

$ # This is a comment
$ git config --global log.abbrevcommit true

Bourne shell, root user. 运行脚本，root用户

# # This is a comment
# ninja install

Command Prompt (cmd.exe).  命令提示符

>rem This is a comment
>cd C:\Development

PowerShell.  全新命令行

PS$># This is a comment
PS$>choco list -l

C Source Code. C语言代码

#include "config.h"

/* This method dissects foos */
static int
dissect_foo_message(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_)
{
    /* TODO: implement your dissecting code */
    return tvb_captured_length(tvb);
}