wireshark数据分析学习

wireshark数据分析--http

选择一个http封包，选中该封包可在窗口下方查看详情，进行分析。

Frame 23: 241 bytes on wire (1928 bits), 241 bytes captured (1928 bits)   23帧241个字节（1928位）上线，捕获了241字节（1928位）

Encapsulation type: Ethernet (1)   封装类型：以太网（1）

Arrival Time: Jan 20, 2015 11:14:27.295248000 中国标准时间  到达时间：一月22,2015 11:14:27.295248000

Time shift for this packet: 0.000000000 seconds 此包时移：0.000000000秒

Epoch Time: 317186067.295248000 seconds 划时代时间：317186067.295248000秒

Time delta from previous captured frame: 0.014069000 seconds 从以前捕获的帧的时间差：0.014069000秒

Time delta from previous displayed frame: 0.014069000 seconds 从以前的帧显示的时间差：0.014069000秒

Time since reference or first frame: 13.510681000 seconds 自引用或第一帧时间：13.510681000秒

Frame Number: 23 帧编号：23

Frame Length: 241 bytes (1928 bits)  帧长度：241个字节（1928位）

Capture Length: 241 bytes (1928 bits) 捕获长度：241个字节（1928位）

Frame is marked: False 帧标记：虚假

Frame is ignored: False 帧被忽略：虚假

Protocols in frame: eth:ethertype:ip:tcp:http  帧协议：eth:ethertype:ip:tcp:http n

Number of per-protocol-data: 1 每个协议数据量：1

[Hypertext Transfer Protocol, key 0] 超文本传输协议，键值0

Coloring Rule Name: HTTP   着色规则名称：HTTP

Coloring Rule String: http || tcp.port == 80 || http2   着色规则字符串http || tcp.port == 80 || http2  

Ethernet II, Src: Htc_46:48:8c (64:a7:69:46:48:8c), Dst: IETF-VRRP-VRID_8c (00:00:5e:00:01:8c)  以太网II,源Htc_46:48:8c (64:a7:69:46:48:8c), 目标: IETF-VRRP-VRID_8c (00:00:5e:00:01:8c) 

Destination: IETF-VRRP-VRID_8c (00:00:5e:00:01:8c) 目的地：IETF-VRRP-VRID_8c (00:00:5e:00:01:8c)

Address: IETF-VRRP-VRID_8c (00:00:5e:00:01:8c) 地址：IETF-VRRP-VRID_8c (00:00:5e:00:01:8c)

.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)  LG位：全局唯一地址（出厂默认）

.... ...0 .... .... .... .... = IG bit: Individual address (unicast) LG位：独特地址（单广播）

Source: Htc_46:48:8c (64:a7:69:46:48:8c) 来源: Htc_46:48:8c (64:a7:69:46:48:8c)

Address: Htc_46:48:8c (64:a7:69:46:48:8c) 地址：Htc_46:48:8c (64:a7:69:46:48:8c)

.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)LG位：全局唯一地址（出厂默认

.... ...0 .... .... .... .... = IG bit: Individual address (unicast) LG位：独特地址（单广播）

Type: IP (0x0800) 类型: IP (0x0800) 

Internet Protocol Version 4, Src: 10.10.141.74 (10.10.141.74), Dst: 106.38.179.49 (106.38.179.49) 网络t协议版本IPV4，来源：10.10.141.74 (10.10.141.74), 目标: 106.38.179.49 (106.38.179.49) 

Version: 4  网络t协议版本IPV4

Header Length: 20 bytes 报头的长度：20字节

Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))区分服务领域：为0x00（DSCP：默认为0x00; ECN：0x0的：不ECT（不支持ECN的运输））

0000 00.. = Differentiated Services Codepoint: Default (0x00) 区分服务领域代码点数默认(0x00)

.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) 基于显示反馈的协议不ECT（不支持ECN的运输）(0x00)

Total Length: 227总长度：227

Identification: 0x9720 (38688) 标识: 0x9720 (38688)

Flags: 0x02 (Don't Fragment)  标志： 0x02 (Don't Fragment)

Fragment offset: 0 片段偏移：0

Time to live: 64 生存时间：64

Protocol: TCP (6) 协议: TCP (6)

Header checksum: 0xee48 [validation disabled] 头校验和： 0xee48

Source: 10.10.141.74 (10.10.141.74) 来源：10.10.141.74 (10.10.141.74)

Destination: 106.38.179.49 (106.38.179.49) 目标106.38.179.49 (106.38.179.49)

Source GeoIP: Unknown 来源基于IP查询的地理位置：未知

Destination GeoIP: Unknown目标基于IP查询的地理位置：未知

Transmission Control Protocol, Src Port: 40475 (40475), Dst Port: 80 (80), Seq: 1, Ack: 1, Len: 175 TCP协议，源端口号： 40475 (40475),目标端口号 80 (80), Ack: 1, 长: 175 

Source Port: 40475 (40475) 源端口号： 40475 (40475)

Destination Port: 80 (80)目标端口号 80 (80)

Stream index: 5 流指数：5

TCP Segment Len: 175 TCP 节片长：175

Sequence number: 1    (relative sequence number) 序列号：1

Next sequence number: 176    (relative sequence number) 下一个序列号：176

Acknowledgment number: 1    (relative ack number)确认通知序列号：1

Header Length: 32 bytes 报头的长度：32字节

.... 0000 0001 1000 = Flags: 0x018 (PSH, ACK).... 0000 0001 1000 = 标志：0x018 (PSH, ACK).... 

Window size value: 8030 窗口大小：8030

Calculated window size: 64240 计划窗口大小：64240

Window size scaling factor: 8：窗口大小缩放因子：8

Checksum: 0xb3c4 [validation disabled]校验和： 0xb3c4 

Hypertext Transfer Protocol：http

GET /static/appsapi/conf/config.txt?cdnversion=5286434 HTTP/1.1\r\n：获取 /static/appsapi/conf/config.txt?cdnversion=5286434 HTTP/1.1\r\n

Expert Info (Chat/Sequence): GET /static/appsapi/conf/config.txt?cdnversion=5286434 HTTP/1.1\r\n 专家信息（聊天/序列）获取/static/appsapi/conf/config.txt?cdnversion=5286434 HTTP/1.1\r\n

Request Method: GET 请求方式:GET

Request URI: /static/appsapi/conf/config.txt?cdnversion=5286434 请求网址：/static/appsapi/conf/config.txt?cdnversion=5286434 

Request Version: HTTP/1.1 请求版本:HTTP/1.1 

Host: wappass.bdimg.com\r\n 主机：wappass.bdimg.com\r\n

Connection: Keep-Alive\r\n 连接：连接重用\r\n 

User-Agent: Baidu-Android-Lib-V1.0\r\n用户代理: Baidu-Android-Lib-V1.0\r\n

Accept-Encoding: gzip\r\n浏览器支持的编码类型gzip\r\n