WIRESHARK - ์‰ฝ๊ฒŒ ๋”ฐ๋ผํ•˜๋Š” ํŠœํ† ๋ฆฌ์–ผ - ํ†ต๊ณ„

Wireshark ํ†ต๊ณ„
์ตœ์ข… ์—…๋ฐ์ดํŠธ: Feb 04 2008




Tool
Tutorial
Ergonomy
Forum



์„ธ๋ถ€๋‚ด์šฉ Wireshark๋ž€ ๋ฌด์—‡์ธ๊ฐ€?
์Šคํฌ๋ฆฐ์ƒท
์ค€๋น„์‚ฌํ•ญ
์„ค์น˜
Wireshark ์‹คํ–‰
ํ”Œ๋žซํผ
ํ•„ํ„ฐ
ํ†ต๊ณ„

Korean translation by JaeYoung Jeon.



โš ๏ธโš ๏ธโš ๏ธ
Please check our page about COVID-19!!
100 Questions and answers about Coronavirus.

โš ๏ธโš ๏ธโš ๏ธ
Merci de consulter notre page sur la COVID-19 !!
227 questions et rรฉponses sur le Coronavirus.



ํ™”๋ฉด์˜ ์ƒ๋‹จ์— ์žˆ๋Š” "statistics"์„ ํด๋ฆญํ•˜๋ฉด ๋‹ค์–‘ํ•œ ํ†ต๊ณ„์ž๋ฃŒ๋ฅผ ๋ณผ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

๋ช‡ ๊ฐ€์ง€ ํ†ต๊ณ„ ์ •๋ณด ์˜ˆ์‹œ๋ฅผ ๋ณด์—ฌ๋“œ๋ฆฌ๊ฒ ์Šต๋‹ˆ๋‹ค:







Summary

Protocol Hierarchy

Conversations

Endpoints

IO Graphs


Conversation List

Endpoint List

Service Response Time






 
wireshark statistics

 
RTP

SIP
VoIP Calls


 
Destinations
Flow Graph
HTTP
IP address



Packet Length
Port Type
 



Summary

๊ธฐ๋ณธ์ ์ธ ํ†ต๊ณ„ ์ •๋ณด๋“ค์„ summary ์ฐฝ์—์„œ ๋ณผ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค:
- capture ํŒŒ์ผ ์†์„ฑ.
- capture ์‹œ๊ฐ„.
- capture ํ•„ํ„ฐ ์ •๋ณด.
- display ํ•„ํ„ฐ ์ •๋ณด.

wireshark statistics summary

ํŽ˜์ด์ง€ ์ฒ˜์Œ์œผ๋กœ



Protocol Hierarchy

protocol hierarchy์ฐฝ์—์„œ๋Š” ๊ฐ OSI layer๋ณ„๋กœ ์„ธ๋ถ€์ ์ธ ๋ฐ์ดํ„ฐ๋ฅผ ํ™•์ธ ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

wireshark statistics protocol hierarchy

ํŽ˜์ด์ง€ ์ฒ˜์Œ์œผ๋กœ



Conversations

TCP/IP ์–ดํ”Œ๋ฆฌ์ผ€์ด์…˜์ด๋‚˜ ํ”„๋กœํ† ์ฝœ์„ ์‚ฌ์šฉํ•œ๋‹ค๋ฉด, Ethernet, IP, TCP, UDP ์˜conversations ์„ ์œ„ํ•œ 4๊ฐœ์˜ ํƒญ์ด ํ™œ์„ฑํ™” ๋œ ๊ฒƒ์„ ๋ณผ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. "conversation"์ด๋ž€ ๋‘ ํ˜ธ์ŠคํŠธ ์‚ฌ์ด์˜ ํŠธ๋ž˜ํ”ฝ์„ ๋งํ•ฉ๋‹ˆ๋‹ค.
๊ฐ ํƒญ์˜ ํ”„๋กœํ† ์ฝœ ๋ช… ์˜†์— ์žˆ๋Š” ์ˆซ์ž๋Š” conversation์˜ ์ˆ˜๋ฅผ ๋‚˜ํƒ€๋ƒ…๋‹ˆ๋‹ค. ์˜ˆ: "Ethernet:6"

Ethernet conversations:

wireshark statistics conversations ethernet

IP conversations:

wireshark statistics conversations ip

TCP conversations:

wireshark statistics conversations tcp

UDP conversations:

wireshark statistics conversations udp

ํŽ˜์ด์ง€ ์ฒ˜์Œ์œผ๋กœ



Endpoints

Endpoints ์ฐฝ์€ ๊ฐ ์žฅ์น˜ ๋ณ„๋กœ ์ฃผ๊ณ  ๋ฐ›์€ ๋ฐ์ดํ„ฐ์— ๋Œ€ํ•œ ํ†ต๊ณ„ ์ •๋ณด๋ฅผ ๋ณด์—ฌ์ค๋‹ˆ๋‹ค.
ํƒญ์—์„œ ํ”„๋กœํ† ์ฝœ ์ด๋ฆ„ ์˜†์— ์žˆ๋Š” ์ˆซ์ž๋Š” endpoints์˜ ์ˆ˜๋ฅผ ๋‚˜ํƒ€๋ƒ…๋‹ˆ๋‹ค. ์˜ˆ : "Ethernet:6".

Ethernet endpoints:

wireshark statistics endpoints ethernet

IP endpoints:

wireshark statistics endpoints ip

TCP endpoints:

wireshark statistics endpoints tcp

UDP endpoints:

wireshark statistics endpoints udp

ํŽ˜์ด์ง€ ์ฒ˜์Œ์œผ๋กœ



IO Graphs

๊ธฐ๋ณธ์ ์ธ ๊ทธ๋ž˜ํ”„๋“ค์€ "IO graphs" ์„น์…˜์—์„œ ๋ณผ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.
๊ฐ display ํ•„ํ„ฐ ๋ณ„๋กœ ๊ฐ™์€ ๊ทธ๋ž˜ํ”„ ์ฐฝ์•ˆ์— ๋‹ค๋ฅธ ๊ทธ๋ž˜ํ”„๋ฅผ ์ถ”๊ฐ€ ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.
๋‹ค์Œ์˜ ์˜ˆ์‹œ์—์„œ, "tcp"์™€ "http" display ํ•„ํ„ฐ์— ๋Œ€ํ•œ ๋‘ ๊ฐœ์˜ ๊ทธ๋ž˜ํ”„๋ฅผ ๊ทธ๋ ธ์Šต๋‹ˆ๋‹ค.

wireshark io graphs

ํŽ˜์ด์ง€ ์ฒ˜์Œ์œผ๋กœ



Conversation List

"Conversation List" ์„น์…˜์€ "Conversations" section์—์„œ ๋ณผ ์ˆ˜ ์žˆ๋Š” ๊ฒƒ๊ณผ ๊ฐ™์€ ์ •๋ณด๋ฅผ ์ œ๊ณตํ•ฉ๋‹ˆ๋‹ค.

ํŽ˜์ด์ง€ ์ฒ˜์Œ์œผ๋กœ



Endpoint List

"Endpoint list" ์„น์…˜์€ "Endpoints" section์—์„œ ๋ณผ ์ˆ˜ ์žˆ๋Š” ๊ฒƒ๊ณผ ๊ฐ™์€ ์ •๋ณด๋ฅผ ์ œ๊ณตํ•ฉ๋‹ˆ๋‹ค.

ํŽ˜์ด์ง€ ์ฒ˜์Œ์œผ๋กœ



Service Response Time

๋ณด๋‹ค ์ •๋ฐ€ํ•œ ๊ฒ€์‚ฌ๊ฐ€ ๊ฐ€๋Šฅํ•œ 13๊ฐœ์˜ ํ”„๋กœํ† ์ฝœ์ด ์ œ๊ณต๋ฉ๋‹ˆ๋‹ค.
์˜ˆ์ œ์—์„œ๋Š” NetBIOS ํ”„๋กœํ† ์ฝœ(Protocol Hierarchy screenshot ์ฐธ์กฐ) ์ตœ์ƒ์œ„์—์„œ ์‹คํ–‰๋˜๊ณ , ๋ณดํ†ต MS Windows ๋กœ์ปฌ ํ™˜๊ฒฝ์—์„œ ํŒŒ์ผ ๊ณต์œ ๋ฅผ ์œ„ํ•ด ์‚ฌ์šฉํ•˜๋Š” SMB(Server Message Block)์„ ์‚ฌ์šฉํ•˜์˜€์Šต๋‹ˆ๋‹ค.

wireshark service response time

Wireshark์˜ display ํ•„ํ„ฐ๊ฐ€ smb ํ•„ํ„ฐ ํ•„๋“œ์— ๋ณด์—ฌ์ง‘๋‹ˆ๋‹ค.
์˜ˆ์ œ์—์„œ๋Š” display ํ•„ํ„ฐ๋ฅผ ์‚ฌ์šฉํ•˜์ง€ ์•Š์•˜์Šต๋‹ˆ๋‹ค.

wireshark service response time

wireshark service response time

ํŽ˜์ด์ง€ ์ฒ˜์Œ์œผ๋กœ



RTP

RTP (Real-time Transport Protocol, RFC 3550)์€ IP ๋„คํŠธ์›Œํฌ๋ฅผ ํ†ตํ•ด ์Œ์„ฑ ์ „๋‹ฌ๊ณผ ์˜์ƒ ํ†ต์‹ ์„ ํ•˜๊ธฐ ์œ„ํ•œ ํ”„๋กœํ† ์ฝœ์ž…๋‹ˆ๋‹ค. ์ด๊ฒƒ์€ User Datagram Protocol(UDP) ์œ„์—์„œ ์‹คํ–‰๋ฉ๋‹ˆ๋‹ค.
๋˜ํ•œ ์ด๊ฒƒ์€ signaling ์ž‘์—…์„ ์ œ๊ณตํ•˜๋Š”SIP๋‚˜ H.323๊ณผ ํ•จ๊ป˜ ์—ฐ๊ฒฐํ•˜๊ธฐ ์œ„ํ•ด ์ข…์ข… ์‚ฌ์šฉ๋ฉ๋‹ˆ๋‹ค.

๋ชจ๋“  ์ŠคํŠธ๋ฆผ ๋ณด๊ธฐ

wireshark RTP all streams

wireshark RTP all streams

์ŠคํŠธ๋ฆผ ๋ถ„์„

wireshark RTP stream analysis

wireshark RTP analysis stream



ํŽ˜์ด์ง€ ์ฒ˜์Œ์œผ๋กœ



SIP

SIP (Session Initiation Protocol, RFC 3261)์€ VoIP๋‚˜ ๋น„๋””์˜ค ์„ธ์…˜์„ ์—ด๊ธฐ ์œ„ํ•œsingnaling ํ”„๋กœํ† ์ฝœ์ž…๋‹ˆ๋‹ค.
์ด๊ฒƒ์€ ๋ณดํ†ต ๋ฉ€ํ‹ฐ๋ฏธ๋””์–ด ๋ฐ์ดํ„ฐ๋ฅผ ์ „์†กํ•˜๋Š”๋ฐ ์‚ฌ์šฉ๋˜๋Š” RTP ํ”„๋กœํ† ์ฝœ๊ณผ ํ•จ๊ป˜ ๋™์ž‘ํ•ฉ๋‹ˆ๋‹ค.

wireshark SIP



ํŽ˜์ด์ง€ ์ฒ˜์Œ์œผ๋กœ



VoIP Calls

VoIP (Voice over IP)์€ ์ผ๋ฐ˜์ ์œผ๋กœ ๋‘ ๊ฐ€์ง€ ํ”„๋กœํ† ์ฝœ์„ ์‚ฌ์šฉํ•ฉ๋‹ˆ๋‹ค:
- SIP, H.323 ๊ฐ™์€signaling ํ”„๋กœํ† ์ฝœ
- RTP๊ฐ™์€ carring ํ”„๋กœํ† ์ฝœ

wireshark RTP stream analysis

wireshark voip calls

ํŽ˜์ด์ง€ ์ฒ˜์Œ์œผ๋กœ



Destinations

"Destinations" ์„น์…˜์€ ๋„คํŠธ์›Œํฌ ํŒจํ‚ท์˜ ๋ชจ๋“  ๋ชฉ์ ์ง€ IP ์ฃผ์†Œ๋ฅผ ๋ณด์—ฌ์ค๋‹ˆ๋‹ค.

wireshark filter

wireshark destinations

ํŽ˜์ด์ง€ ์ฒ˜์Œ์œผ๋กœ



Flow Graph

"Flow Graph" ์„น์…˜์€ TCP ์—ฐ๊ฒฐ์˜ ์—ฐ์†์ ์ธ ๋ถ„์„ ์ •๋ณด๋ฅผ ์ œ๊ณตํ•ฉ๋‹ˆ๋‹ค.
์˜ˆ์ œ์—์„œ๋Š” openmaniak.com ์›น์‚ฌ์ดํŠธ์— ๋Œ€ํ•œ ํŠธ๋ž˜ํ”ฝ๋งŒ์„ ๋ณด๊ธฐ ์œ„ํ•ด display ํ•„ํ„ฐ๋ฅผ ๋งŒ๋“ค์—ˆ์Šต๋‹ˆ๋‹ค.

wireshark flow graph

์ฒ˜์Œ ์„ธ ์ค„์€ TCP ์—ฐ๊ฒฐ์ด "SYN", "SYN ACK", "ACK"์˜ ์ˆœ์„œ๋กœ ๋งŒ๋“ค์–ด์ง€๋Š” ๊ฒƒ์„ ๋ณด์—ฌ์ค๋‹ˆ๋‹ค.

wireshark flow graph filter


ํŽ˜์ด์ง€ ์ฒ˜์Œ์œผ๋กœ



HTTP

HTTP (Hypertext Transfer Protocol)๋Š” HTML ํŒŒ์ผ์„ ์ „์†กํ•˜๊ธฐ ์œ„ํ•œ ํด๋ผ์ด์–ธํŠธ/์„œ๋ฒ„๊ฐ„ ํ†ต์‹  ํ”„๋กœํ† ์ฝœ์ž…๋‹ˆ๋‹ค.
๋Œ€๋ถ€๋ถ„์˜ ์›น ๋ธŒ๋ผ์šฐ์ € ์‚ฌ์šฉ์ž์ธ HTTP ํด๋ผ์ด์–ธํŠธ๋Š” ํŒŒ์ผ์„ ์ฐพ๊ธฐ ์œ„ํ•ด HTTP request์„ "URL"๊ณผ ํ•จ๊ป˜ ์›น ์„œ๋ฒ„์— ๋ณด๋ƒ…๋‹ˆ๋‹ค. ๊ทธ๋ฆฌ๊ณ  ์›น ์„œ๋ฒ„๋Š” HTTP reponse์„ ํ†ตํ•ด ๊ทธ์— ๋Œ€ํ•œ ์‘๋‹ต์„ ํ•˜๊ณ , ํด๋ผ์ด์–ธํŠธ๊ฐ€ ์›ํ•˜๋Š” ์›น ํŽ˜์ด์ง€๋ฅผ ๋ณด์—ฌ์ค๋‹ˆ๋‹ค.

"HTTP" ์•„๋ž˜ ์„ธ๊ฐ€์ง€ ํ•˜์œ„ ์„น์…˜์ด ์กด์žฌํ•ฉ๋‹ˆ๋‹ค:
- Load Distribution
- Packet Counter
- Requests

Load distribution:

wireshark http

์˜ˆ์ œ์—์„œ๋Š” openmaniak.com ์‚ฌ์ดํŠธ์— ๋Œ€ํ•œ ํŠธ๋ž˜ํ”ฝ๋งŒ ๋ณด๊ธฐ ์œ„ํ•ด display ํ•„ํ„ฐ๋ฅผ ์ƒ์„ฑํ•˜์˜€์Šต๋‹ˆ๋‹ค.

wireshark http filter

wireshark load distribution

Packet Counter:

HTTP ์š”์ฒญ๊ณผ ์‘๋‹ต์„ ๋ณด์—ฌ์ค๋‹ˆ๋‹ค.

wireshark http packet counter

์˜ˆ์ œ์—์„œ๋Š” openmaniak.com ์‚ฌ์ดํŠธ์— ๋Œ€ํ•œ ํŠธ๋ž˜ํ”ฝ๋งŒ ๋ณด๊ธฐ ์œ„ํ•ด display ํ•„ํ„ฐ๋ฅผ ์ƒ์„ฑํ•˜์˜€์Šต๋‹ˆ๋‹ค.

wireshark http filter

wireshark http packet counter

Requests:

์›น ์„œ๋ฒ„์—์„œ ์š”์ฒญ ๋ฐ›์€ ํŒŒ์ผ๋“ค์„ ๋ณด์—ฌ์ค๋‹ˆ๋‹ค.

wireshark http requests

์˜ˆ์ œ์—์„œ๋Š” openmaniak.com ์‚ฌ์ดํŠธ์— ๋Œ€ํ•œ ํŠธ๋ž˜ํ”ฝ๋งŒ ๋ณด๊ธฐ ์œ„ํ•ด display ํ•„ํ„ฐ๋ฅผ ์ƒ์„ฑํ•˜์˜€์Šต๋‹ˆ๋‹ค.

wireshark http filter

wireshark http requests

ํŽ˜์ด์ง€ ์ฒ˜์Œ์œผ๋กœ



IP address

๋„คํŠธ์›Œํฌ ํŒจํ‚ท์˜ ์ถœ๋ฐœ์ง€, ๋ชฉ์ ์ง€ IP ์ฃผ์†Œ๋ฅผ ๋ณด์—ฌ์ค๋‹ˆ๋‹ค.

wireshark filter

wireshark ip address

ํŽ˜์ด์ง€ ์ฒ˜์Œ์œผ๋กœ



Packet Length

wireshark filter

wireshark packet length

ํŽ˜์ด์ง€ ์ฒ˜์Œ์œผ๋กœ



Port Type

[TCP๋‚˜ UDP ํฌํŠธ์˜ ํ†ต๊ณ„ ์ •๋ณด๋ฅผ ๋ณด์—ฌ์ค๋‹ˆ๋‹ค.

wireshark filter

wireshark port type

ํŽ˜์ด์ง€ ์ฒ˜์Œ์œผ๋กœ