cnp3-ebook/exercises/trace — French @ Weblate: wireshark_ is more recent than tcpdump

Zen

Translation

English

French

Needs editing

Skip

	English	French	Actions
	Analyzing packet traces
	When debugging networking problems or to figure out performance problems, it is sometimes useful to capture the segments that are exchanged between two hosts and to analyze them.
	Several packet trace analysis tools are available, either as commercial or open-source tools. These tools are able to capture all the packets exchanged on a link. Of course, capturing packets require administrator privileges. They can also analyze the content of the captured packets and display information about them. The captured packets can be stored in a file for offline analysis.
	tcpdump_ is probably one of the most well known packet capture software. It is able to both capture packets and display their content. tcpdump_ is a text-based tool that can display the value of the most important fields of the captured packets. Additional information about tcpdump_ may be found in :manpage:`tcpdump(1)`.
	As an illustration, let us use tcpdump_ to analyze the packets exchanged while executing the following command on a Linux host:
	The ``-6`` parameter passed to curl_ forces the utilization of IPv6. curl_ returns an HTML page that indicates that https must be used instead of http to access this web site.
	A first solution to analyze this trace is to use tcpdump_ on the command line. The `-n` disables the reverse DNS lookups that tcpdump_ does by default for all IP addresses. The `-r` argument is the name of the file contained the captured packets. The trace starts with the DNS request. This request was sent over IPv4 which is the default on this host. tcpdump_ indicates the query and the response returned by the local DNS resolver.
	The following three lines of the tcpdump_ output correspond to TCP's three-way handshake. There are several interesting points to note in this output. First, ``Flags [S]`` indicates that the `SYN` flag was set in the first and second segments. In this first segment, tcpdump_ indicates the initial sequence number (``2681184541``). In the second segment, tcpdump_ indicates both the initial sequence number (``3804204915``) and the acknowledgment number (``2681184542``). Both segments contain TCP options. Starting in the third segment, tcpdump_ shows relative sequence numbers. Thus, the acknowledgment that you observe in the third segment is an acknowledgment for the `SYN` returned by the server.
	The two lines above correspond to the request sent by the client and the acknowledgment returned by the server. Note that the first byte sent by the client has `1` as relative sequence number. In this example, the HTTP request has a total length of 92 bytes. This request is immediately acknowledged by the server.
	The server then sends its response, which fits inside a single segment. The client acknowledges the reception of this segment.
	The TCP connection is then closed by exchanging three segments, the first two having the `FIN` flag set.
	tcpdump_ can provide more detailed information about the packets by using the `-v` or `-vv` option.
	wireshark_ is more recent than tcpdump_. It evolved from the ethereal packet trace analysis software. It can be used as a text tool like tcpdump_. For a TCP connection, wireshark_ can provide almost the same output as tcpdump_. The main advantage of wireshark_ is that it also includes a graphical user interface that allows performing various types of analysis on a packet trace.
	Wireshark : default window
	The wireshark_ window is divided in three parts. The top part of the window is a summary of the first packets from the trace. By clicking on one of the lines, you can show the detailed content of this packet in the middle part of the window. The middle of the window allows you to inspect all the fields of the captured packet. The bottom part of the window is the hexadecimal representation of the packet, with the field selected in the middle window being highlighted.
	wireshark_ is very good at displaying packets, but it also contains several analysis tools that can be very useful. The first tool is `Follow TCP stream`. It is part of the `Analyze` menu and allows you to reassemble and display all the payload exchanged during a TCP connection. This tool can be useful if you need to analyze for example the commands exchanged during an HTTP or SMTP session.
	The second tool is the flow graph that is part of the `Statistics` menu. It provides a time sequence diagram of the packets exchanged with some comments about the packet contents. See below for an example.
	Wireshark : flow graph
	Use wireshark to analyze the packet traces described earlier :download:`traces/simple-trace.pcap`.
	When analyzing packet traces with wireshark_, it is often very useful to use `Display filters` that only show the packets that match some specific criteria. There filters are described in several online documents:
	the `wireshark wiki <https://wiki.wireshark.org/>` page on `Display filters <https://wiki.wireshark.org/DisplayFilters>`_
	a nice `list of Wireshark Display Filters <https://networksecuritytools.com/list-wireshark-display-filters/>`_ by Robert Allen
	You can now use your understanding of wireshark_ and tcpdump_ to analyze a 2-minutes long packet trace.

Loading…

None

Source string added

English 0 characters edited

4 years ago

Browse all string changes

Glossary

English	French
No related strings found in the glossary.

30679 String information

Source string location

../../exercises/trace.rst:82

String age

4 years ago

Last updated

a month ago

Source string age

4 years ago

Translation file

locale/fr/LC_MESSAGES/exercises/trace.po, string 13

Shortcut	Action
`?`	Open available keyboard shortcuts.
`Alt` + `Home`	Navigate to the first translation in the current search.
`Alt` + `End`	Navigate to the last translation in the current search.
`Alt` + `PageUp` or `Ctrl` + `↑` or `Alt` + `↑` or `Cmd` + `↑` or	Navigate to the previous translation in the current search.
`Alt` + `PageDown` or `Ctrl` + `↓` or `Alt` + `↓` or `Cmd` + `↓` or	Navigate to the next translation in the current search.
`Ctrl` + `Enter` or `Cmd` + `Enter`	Submit current form; this works the same as pressing Save and continue while editing translation.
`Ctrl` + `Shift` + `Enter` or `Cmd` + `Shift` +`Enter`	Unmark translation as Needing edit and submit it.
`Alt` + `Enter` or `Option` + `Enter`	Submit the string as a suggestion; this works the same as pressing Suggest while editing translation.
`Ctrl` + `E` or `Cmd` + `E`	Focus on translation editor.
`Ctrl` + `U` or `Cmd` + `U`	Focus on comment editor.
`Ctrl` + `M` or `Cmd` + `M`	Shows Automatic suggestions tab.
`Ctrl` + `1` to `Ctrl` + `9` or `Cmd` + `1` to `Cmd` + `9`	Copies placeable of a given number from source string.
`Ctrl` + `M` followed by `1` to `9` or `Cmd` + `M` followed by `1` to `9`	Copy the machine translation of a given number to current translation.
`Ctrl` + `I` followed by `1` to `9` or `Cmd` + `I` followed by `1` to `9`	Ignore one item in the list of failing checks.
`Ctrl` + `J` or `Cmd` + `J`	Shows the Nearby strings tab.
`Ctrl` + `S` or `Cmd` + `S`	Focus on search field.
`Ctrl` + `O` or `Cmd` + `O`	Copy the source string.
`Ctrl` + `Y` or `Cmd` + `Y`	Toggle the Needs editing checkbox.
`→`	Browse the next translation string.
`←`	Browse the previous translation string.