1.Wireshark介绍

Wireshark 是一个开源的网络协议分析工具，它能够捕获和分析网络数据包，提供深入的网络故障排除、网络性能优化和安全审计等功能。它支持跨多个操作系统，包括 Windows、macOS 和 Linux。

2.Wireshark主要使用方法

• 捕获数据包：

        打开 Wireshark，选择要捕获数据包的网络接口。您可以选择物理网卡或虚拟接口。
点击“开始”按钮开始捕获数据包。
        Wireshark 将开始监听选定的接口，并显示捕获到的数据包。

• 分析数据包：

        捕获到的数据包将以列表形式显示在 Wireshark 界面上。您可以查看每个数据包的详细信息，如源地址、目标地址、协议类型等。
        Wireshark 还提供了过滤器功能，使您可以根据特定的协议、源/目标地址、端口等条件来筛选和查找感兴趣的数据包。
        可以查看每个数据包的原始数据以及解析后的协议信息，以深入了解网络通信过程。

• 分析工具和功能：

        Wireshark 提供了一系列强大的分析工具，如统计信息、流量图表、协议层次结构图等，以帮助您分析和诊断网络问题。
        您可以使用统计功能来获取有关数据包数量、协议使用情况、流量分布等方面的信息。
Wireshark 还支持导出数据包以供进一步分析或与他人共享。

3.CentOS 图形化Wireshark快速安装

• 安装Wireshark

        如果直接安装wireshark，则不包含图形化界面，可以在命令行执行tshark来使用。如需图形化界面，选择包含gnome的版本安装。

sudo yum update
sudo yum search wireshark
sudo yum install wireshark-gnome.x86_64

• 启动Wireshark

sudo wireshark &

• 安装过程 

[xxx ~]# sudo yum update
[xxx ~]# sudo yum search wireshark
Loaded plugins: fastestmirror, langpacks, nvidia
Loading mirror speeds from cached hostfile
============================ N/S matched: wireshark ============================
wireshark-devel.i686 : Development headers and libraries for wireshark
wireshark-devel.x86_64 : Development headers and libraries for wireshark
wireshark-gnome.x86_64 : Gnome desktop integration for wireshark
wireshark.i686 : Network traffic analyzer
wireshark.x86_64 : Network traffic analyzerName and summary matches only, use "search all" for everything.
[xxx ~]# yum remove wireshark
Loaded plugins: fastestmirror, langpacks, nvidia
Resolving Dependencies
--> Running transaction check
---> Package wireshark.x86_64 0:1.10.14-25.el7 will be erased
--> Finished Dependency ResolutionDependencies Resolved================================================================================Package           Arch           Version                   Repository     Size
================================================================================
Removing:wireshark         x86_64         1.10.14-25.el7            @base          67 MTransaction Summary
================================================================================
Remove  1 PackageInstalled size: 67 M
Is this ok [y/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transactionErasing    : wireshark-1.10.14-25.el7.x86_64                              1/1 Verifying  : wireshark-1.10.14-25.el7.x86_64                              1/1 Removed:wireshark.x86_64 0:1.10.14-25.el7                                             Complete!
[xxx ~]# sudo yum install wireshark-gnome.x86_64
Loaded plugins: fastestmirror, langpacks, nvidia
Loading mirror speeds from cached hostfile* base: centos.mirror.far.fi* centos-sclo-rh: centos.mirror.far.fi* centos-sclo-sclo: centos.mirror.far.fi* epel: epel.mirror.serveriai.lt* extras: centos.mirror.far.fi* updates: centos.mirror.far.fi
Resolving Dependencies
--> Running transaction check
---> Package wireshark-gnome.x86_64 0:1.10.14-25.el7 will be installed
--> Processing Dependency: wireshark = 1.10.14-25.el7 for package: wireshark-gnome-1.10.14-25.el7.x86_64
--> Processing Dependency: libwsutil.so.3()(64bit) for package: wireshark-gnome-1.10.14-25.el7.x86_64
--> Processing Dependency: libwiretap.so.3()(64bit) for package: wireshark-gnome-1.10.14-25.el7.x86_64
--> Processing Dependency: libwireshark.so.3()(64bit) for package: wireshark-gnome-1.10.14-25.el7.x86_64
--> Running transaction check
---> Package wireshark.x86_64 0:1.10.14-25.el7 will be installed
--> Finished Dependency ResolutionDependencies Resolved================================================================================Package                Arch          Version                 Repository   Size
================================================================================
Installing:wireshark-gnome        x86_64        1.10.14-25.el7          base        912 k
Installing for dependencies:wireshark              x86_64        1.10.14-25.el7          base         13 MTransaction Summary
================================================================================
Install  1 Package (+1 Dependent package)Total download size: 13 M
Installed size: 69 M
Is this ok [y/d/N]: y
Downloading packages:
(1/2): wireshark-gnome-1.10.14-25.el7.x86_64.rpm           | 912 kB   00:01     
(2/2): wireshark-1.10.14-25.el7.x86_64.rpm                 |  13 MB   00:03     
--------------------------------------------------------------------------------
Total                                              4.4 MB/s |  13 MB  00:03     
Running transaction check
Running transaction test
Transaction test succeeded
Running transactionInstalling : wireshark-1.10.14-25.el7.x86_64                              1/2 Installing : wireshark-gnome-1.10.14-25.el7.x86_64                        2/2 Verifying  : wireshark-gnome-1.10.14-25.el7.x86_64                        1/2 Verifying  : wireshark-1.10.14-25.el7.x86_64                              2/2 Installed:wireshark-gnome.x86_64 0:1.10.14-25.el7                                       Dependency Installed:wireshark.x86_64 0:1.10.14-25.el7                                             Complete![xxx ~]# sudo wireshark &

• 使用截图