ProHoster > Ibhulogi > iindaba ze-intanethi > Ukukhutshwa kwe-Wireshark 4.0 yenethiwekhi ye-analyzer

Ukukhutshwa kwe-Wireshark 4.0 yenethiwekhi ye-analyzer

Ukukhutshwa kwesebe elitsha elizinzileyo lomhlalutyi womnatha we-Wireshark 4.0 kupapashwe. Masikhumbule ukuba le projekthi yaqala ukuphuhliswa phantsi kwegama elithi Ethereal, kodwa ngo-2006, ngenxa yokungqubuzana nomnini we-trademark ye-Ethereal, abaphuhlisi baphoqeleka ukuba babize igama leprojekthi ye-Wireshark. Ikhowudi yeprojekthi isasazwa phantsi kwelayisensi ye-GPLv2.

Izinto ezintsha eziphambili kwiWireshark 4.0.0:

  • Ubeko lwezinto kwifestile engundoqo lutshintshiwe. ULwazi lwePakethi eyongezelelweyo kunye neepaneli zePakethi zePakethi zibekwe ngapha nangapha ngaphantsi kwephaneli yoLuhlu lwePhakeji.
  • Uyilo lwebhokisi yencoko ethi "Incoko" kunye ne "Endpoint" itshintshiwe.
    • Iinketho ezongeziweyo kwiimenyu zomxholo ukubuyisela ubungakanani kwakhona kuzo zonke iikholamu kunye nokukopa izinto.
    • Ukukwazi ukuqhafaza kwaye uncamathisele iithebhu unikiwe.
    • Inkxaso eyongeziweyo yokuthumela ngaphandle ngefomathi ye-JSON.
    • Xa izihluzi zisetyenziswa, kuboniswa iikholamu ezibonisa umahluko phakathi kweepakethi ezidityanisiweyo nezo zingahluzwanga.
    • Ukuhlelwa kweentlobo ezahlukeneyo zedatha kutshintshiwe.
    • Izazisi ziqhotyoshelwe kwimijelo ye-TCP kunye ne-UDP kunye nokukwazi ukucoca ngabo kunikezelwa.
    • Ivumelekile ukufihla iingxoxo kwimenyu yentsingiselo.
  • Ukungeniswa okuphuculweyo kokulahla i-hex kwi-interface ye-Wireshark kunye nokusebenzisa umyalelo we-text2pcap.
    • I-text2pcap inika amandla okurekhoda ukulahla kuzo zonke iifomati ezixhaswa yilayibrari ye-wiretap.
    • Kwi-text2pcap, i-pcapng imiselwe njengefomati engagqibekanga, efana ne-editcap, i-mergecap kunye ne-tshark utility.
    • Inkxaso eyongeziweyo yokukhetha uhlobo lwe-encapsulation yefomathi yemveliso.
    • Kongezwe iinketho ezintsha zokungena.
    • Ukubonelela ngokukwazi ukugcina i-IP ye-dummy, i-TCP, i-UDP kunye ne-SCTP iintloko kwiindawo zokulahla xa usebenzisa i-Raw IP, i-Raw IPv4 kunye ne-Raw IPv6 encapsulation.
    • Inkxaso eyongeziweyo yokuskena iifayile zegalelo kusetyenziswa intetho eqhelekileyo.
    • Ukusebenza kwe-text2pcap utility kunye ne-interface ethi "Import esuka kwi-Hex Dump" kwi-Wireshark iqinisekisiwe.
  • Ukusebenza kokumiselwa kwendawo kusetyenziswa oovimba beenkcukacha zeMaxMind kuphuculwe kakhulu.
  • Utshintsho lwenziwe kwi-syntax yemithetho yokucoca i-traffic:
    • Ukongezwa amandla okukhetha uluhlu oluthile lwe-protocol stack, umzekelo, xa ufaka i-IP-over-IP, ukukhupha iidilesi kwiipakethi zangaphandle kunye ne-nested, ungacacisa "ip.addr#1 == 1.1.1.1" kunye " ip.addr#2 == 1.1.1.2. XNUMX".
    • Iingxelo ezinemiqathango ngoku zixhasa "nayiphi na" kunye "yonke" i-quantifiers, umzekelo "yonke i-tcp.port > 1024" ukuvavanya zonke iindawo ze-tcp.port.
    • Kukho i-syntax eyakhelwe-ngaphakathi yokuchaza izingqinisiso zentsimi - ${some.field}, ephunyezwe ngaphandle kokusetyenziswa kweemacros.
    • Kongezwe ukukwazi ukusebenzisa imisebenzi ye-arithmetic ("+", "-", "*", "/", "%") ngamabala amanani, ukwahlula intetho kunye neebrayisi ezigobileyo.
    • Idityanisiwe max(), min() kunye abs() imisebenzi.
    • Ivumelekile ukukhankanya iintetho kunye nokubiza eminye imisebenzi njengeengxoxo zokusebenza.
    • Kongezwe i-syntax entsha ukwahlula i-literals from i-identifiers - ixabiso eliqala ngechaphaza liphathwa njengeprothokholi okanye indawo yeprothokholi, kwaye ixabiso elingaphakathi kwezibiyeli ze-engile liphathwa njengelingokoqobo.
    • I-bit operator eyongeziweyo "&", umzekelo, ukutshintsha amasuntswana ngamanye ungakhankanya "isakhelo[0] & 0x0F == 3".
    • Ukuqala kwengqiqo KUNYE nomsebenzi ngoku kuphezulu kunoko OKANYE nomsebenzisi.
    • Inkxaso eyongeziweyo yokuchaza izinto ezingaguqukiyo kwimo yokubini kusetyenziswa isimaphambili "0b".
    • Ukongeza ukukwazi ukusebenzisa amaxabiso esalathiso angalunganga wokunika ingxelo ukusuka ekupheleni, umzekelo, ukujonga iibyte ezimbini zokugqibela kwi-header ye-TCP ungacacisa "tcp[-2:] == AA:BB".
    • Ukwahlula izakhi zeseti enezithuba akuvumelekanga; ukusebenzisa izithuba endaweni yeekoma ngoku kuya kukhokelela kwimpazamo kunesilumkiso.
    • Kongezwe ulandelelwano lokubaleka olongezelelweyo: \a, \b, \f, \n, \r, \t, \v.
    • Kongezwe ukukwazi ukukhankanya amagama e-Unicode kwi-\uNNNN kunye \UNNNNNNNNN iifomati.
    • Kongezwe umqhubi omtsha wothelekiso "===" ("all_eq"), osebenza kuphela ukuba kwintetho "a === b" onke amaxabiso "a" adibana no "b". Umsebenzisi obuyela umva "!==" ("any_ne") naye wongeziwe.
    • I-"~=" umsebenzisi uyekisiwe kwaye "!==" kufuneka isetyenziswe endaweni yoko.
    • Akuvumelekile ukusebenzisa amanani anechaphaza elivulekileyo, okt. amaxabiso ".7" kunye "7." ngoku azikho mthethweni kwaye endaweni yazo kufuneka kufakwe "0.7" kunye "7.0".
    • I-injini yokubonakalisa rhoqo kwi-injini yesihluzi sokubonisa isiwe kwithala leencwadi le-PCRE2 endaweni ye-GRegex.
    • Ukuphathwa ngokuchanekileyo kwe-null bytes kumiliselwa kwimitya yokubonisa rhoqo kunye neetemplates (β€˜\0’ kumtya iphathwa njenge-null byte).
    • Ukongeza kwi-1 kunye ne-0, amaxabiso e-boolean ngoku angabhalwa njengeNyaniso/YINYANISO kunye noBubuxoki/BUBUXOKI.
  • Imodyuli ye-HTTP2 ye-dissector yongeze inkxaso yokusebenzisa iiheader ze-dummy ukucazulula idatha ebanjwe ngaphandle kweepakethi zangaphambili ezineentloko (umzekelo, xa usasaza imiyalezo kuqhagamshelwano olusele lusekiwe lwe-gRPC).
  • Inkxaso yeMesh Connex (MCX) yongezwe kwi-IEEE 802.11 parser.
  • Ugcino lwexeshana (ngaphandle kokugcina kwidiski) lwegama lokugqitha kwincoko yababini ye-Extcap linikiwe, ukwenzela ukuba ungayingenisi ngexesha lophehlelelo oluphindaphindiweyo. Yongeza ukukwazi ukuseta igama lokugqitha le extcap ngokusebenzisa izinto eziluncedo zomgca womyalelo ezifana netshark.
  • I-ciscodump utility iphumeza ukukwazi ukubamba ukude ukusuka kwizixhobo ezisekelwe kwi-IOS, i-IOS-XE kunye ne-ASA.
  • Inkxaso eyongeziweyo yeeprothokholi:
    • Ukufunyanwa kwe-Allied Telesis Loop (AT LDF),
    • I-AUTOSAR I-PDU Multiplexer (AUTOSAR I-PduM),
    • Ukhuseleko lweProtocol ye-DTN Bundle (BPSec),
    • DTN Bundle Protocol Version 7 (BPv7),
    • I-DTN TCP Convergence Layer Protocol (TCPCL),
    • Itheyibhile yoLwazi loKhetho lweDVB (DVB SIT),
    • IsiNxibelelwano sokuRhweba ngeMali eyongeziweyo 10.0 (XTI),
    • Ujongano Lwencwadi Yomyalelo Olongeziweyo 10.0 (EOBI),
    • IsiNxulumaniso soRhwebo 10.0 (ETI),
    • IProtokholi yoFikelelo lweLifa le-FiveCo (5co-legacy),
    • IProtokholi yokuGqithisela ngeDatha eNxibeleleyo (GDT),
    • IWebhu ye-gRPC (gRPC-Web),
    • IProtokholi yoLungiso lwe-IP yoMmkeli (HICP),
    • IHuawei GRE bonding (GREbond),
    • Imodyuli yoNxibelelwano lweNdawo (IDENT, CALIBRATION, ISAMPULI -IM1, ISAMPULI -IM2R0),
    • I-Mesh Connex (MCX),
    • Microsoft Cluster Remote Control Protocol (RCP),
    • Vula iProtocol yoLawulo ye-OCA/AES70 (OCP.1),
    • iProtocol Extensible Authentication Protocol (PEAP)
    • I-REdis Serialization Protocol v2 (RESP),
    • I-Roon Discovery (i-RoonDisco),
    • Khusela iProtokholi yokuGqithisela iFayile (sftp),
    • Ukhuseleko lweProtokholi yoLungiso lwe-IP (SHICP),
    • I-SSH File Transfer Protocol (SFTP),
    • I-USB eqhotyoshelwe kwi-SCSI (UASP),
    • I-ZBOSS Network Coprocessor (ZB NCP).
  • Iimfuno zendawo yokwakha (CMake 3.10) kunye nokuxhomekeka (GLib 2.50.0, Libgcrypt 1.8.0, Python 3.6.0, GnuTLS 3.5.8) zonyusiwe.

umthombo: opennet.ru

Yongeza izimvo