我怎么在wireshark中这样做?

0

我有四个数据包在wireshark中捕获。ARP请求和回复数据包以及ICMP数据包。哪些字段和值用于标识以太网帧承载的不同数据包?

tcpip  wireshark 
thehollow89
source

Answers:

2

Ehternet帧有一个类型字段(字节0x0C,参见EthernetEtherType):

0000   ff ff ff ff ff ff AB AB AB AB AB AB 08 06
                                           ^^^^^
  • 0x0806 = ARP
  • 0x0800 = IP数据包

IP数据包具有额外的标头以标识协议(请参阅IPv4

0000   ff ff ff ff ff ff AB AB AB AB AB AB 08 00 45 00
0010   00 3c 66 f0 00 00 80 01
                            ^^
  • 0x01 = ICMP
  • 0x06 = TCP
  • 0x11 = UDP
heavyd
source
By using our site, you acknowledge that you have read and understand our Cookie Policy and Privacy Policy.
Licensed under cc by-sa 3.0 with attribution required.