1. 網(wǎng)絡(luò)抓包相關(guān)閱讀

• 抓包工具Wireshark基本介紹和學(xué)習(xí)TCP三次握手
• Wireshark網(wǎng)絡(luò)抓包實(shí)踐
• HTTP代理神器Fidder

2. Wireshark

世界上最流行的網(wǎng)絡(luò)協(xié)議分析器，抓包工具Wireshark基本介紹和學(xué)習(xí)TCP三次握手

通過(guò)ping命令拿到網(wǎng)址的IP

過(guò)濾表達(dá)式的規(guī)則

表達(dá)式規(guī)則規(guī)則說(shuō)明

協(xié)議過(guò)濾	比如TCP，只顯示TCP協(xié)議
IP 過(guò)濾	比如 ip.src ==192.168.1.102 顯示源地址為192.168.1.102，ip.dst==192.168.1.102，目標(biāo)地址為192.168.1.102
端口過(guò)濾	tcp.port ==80, 端口為80的； tcp.srcport == 80, 只顯示TCP協(xié)議的愿端口為80的
Http模式過(guò)濾	http.request.method==”GET”, 只顯示HTTP GET方法的
邏輯運(yùn)算符	AND/ OR

常用的過(guò)濾表達(dá)式

過(guò)濾表達(dá)式用途

http	只查看HTTP協(xié)議的記錄
ip.src ==192.168.1.102	過(guò)濾源ip地址是192.168.1.102
ip.dst==192.168.1.102	過(guò)濾目標(biāo)ip地址是192.168.1.102
ip.src ==192.168.1.102 or ip.dst==192.168.1.102	源地址或者目標(biāo)地址是192.168.1.102
http.request.method==”GET”	過(guò)濾get請(qǐng)求
http.request.method==”P(pán)OST”	過(guò)濾post請(qǐng)求
http.request.method==”GET” and ip.dst==192.168.1.102

Wireshark抓包實(shí)戰(zhàn)

抓取某新聞客戶(hù)端的數(shù)據(jù)

注意事項(xiàng)

• 在抓取數(shù)據(jù)之前先清除緩存，緩存會(huì)影響抓包

過(guò)濾get請(qǐng)求

通過(guò)ping命令獲取新聞數(shù)據(jù)的目標(biāo)IP地址，封包信息中網(wǎng)址帶有163可能就是新聞客戶(hù)端的url

拿到目標(biāo)IP地址，就可以通過(guò)目標(biāo)IP地址過(guò)濾數(shù)據(jù)

用瀏覽器打開(kāi)抓到的url，即可得到新聞的數(shù)據(jù)

http://c.m.163.com/nc/article/list/T1467284926140/0-20.html

新聞分類(lèi)tid

url組織形式http://c.m.163.com/nc/article/list/tid/startindex-count.html

其中tid是新聞?lì)悇e的id，startindex是數(shù)據(jù)的起始索引，count是新聞數(shù)據(jù)的條數(shù)

• 體育T1348649079062
• 頭條T1467284926140
• 娛樂(lè)T1348648517839
• 要聞T1348647909107

新聞Tab標(biāo)簽

http://c.m.163.com/nc/topicset/android/subscribe/manage/listspecial.html

{"tList": [{"template": "normal1","topicid": "0001899N","hasCover": false,"weburl": "http://www.163.com/","alias": "Top News","subnum": "3.2萬(wàn)","recommendOrder": 0,"isNew": 0,"hashead": 1,"img": "","isHot": 0,"hasIcon": false,"cid": "C1348646712614","recommend": "0","headLine": true,"hasAD": 1,"color": "","bannerOrder": 0,"tname": "頭條","ename": "androidnews","showType": "comment","special": 0,"tid": "T1348647909107","ad_type": 1},{"template": "normal1","topicid": "0001899N;000187QQ","hasCover": false,"alias": "yaowenspecial","subnum": "10.6萬(wàn)","recommendOrder": 0,"isNew": 0,"hashead": 1,"img": "","isHot": 0,"hasIcon": false,"cid": "C1348647991705","recommend": "0","headLine": false,"hasAD": 1,"color": "","bannerOrder": 0,"tname": "要聞","ename": "yaowenspecial","showType": "comment","special": 0,"tid": "T1467284926140","ad_type": 1},{"template": "recommend","topicid": "00037VVH","hasCover": false,"weburl": "http://ent.163.com/","alias": "Entertainment","subnum": "超過(guò)1000萬(wàn)","recommendOrder": 120,"isNew": 0,"hashead": 1,"img": "T1348648517839","isHot": 0,"hasIcon": true,"cid": "C1348648351901","recommend": "1","headLine": false,"hasAD": 1,"color": "","bannerOrder": 0,"tname": "娛樂(lè)","ename": "yule","showType": "comment","special": 0,"tid": "T1348648517839","ad_type": 1}] }

json數(shù)據(jù)中的tid即為上文中的新聞?lì)悇eid

新聞詳情頁(yè)

http://c.m.163.com/nc/article/docid/full.html

https://c.m.163.com/news/a/docid.html

例如：http://c.m.163.com/nc/article/CG4A99320001899O/full.html

其中CG4A99320001899O是docid，如圖所示

總結(jié)

以上是生活随笔為你收集整理的Wireshark网络抓包实践的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問(wèn)題。

如果覺(jué)得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。