Wireshark on The SIP Lab https://wdd.js.org/zh/categories/wireshark/ Recent content in Wireshark on The SIP Lab Hugo -- 0.151.0 zh Sun, 11 Dec 2022 14:33:04 +0800 Wireshark 使用技巧 https://wdd.js.org/zh/posts/2022/12/wireshark-101/ Sun, 11 Dec 2022 14:33:04 +0800 https://wdd.js.org/zh/posts/2022/12/wireshark-101/ <h1 id="0-前提条件">0. 前提条件</h1> <ul> <li>wireshark 4.0.2</li> </ul> <h1 id="1-时间显示">1. 时间显示</h1> <p><img loading="lazy" src="https://wdd.js.org/zh/posts/2022/12/wireshark-101/2022-12-11-15-54-39.png"></p> <p>wireshark的默认时间显示是抓包的相对时间, 如果我们时间按照年月日时分秒显示,就需要进行如下设置:</p> <p>视图-&gt;时间显示格式-&gt;选择具体的时间格式</p> <p><img loading="lazy" src="https://wdd.js.org/zh/posts/2022/12/wireshark-101/2022-12-11-15-59-57.png"></p> <h1 id="2-udp解码为rtp">2. UDP解码为RTP</h1> <h2 id="方案1">方案1</h2> <p>在一个包UDP包上点击右键,出现如下弹框,选择<strong>Decode As</strong></p> <p><img loading="lazy" src="https://wdd.js.org/zh/posts/2022/12/wireshark-101/2022-12-11-16-03-18.png"></p> <p>再当前值上选择RTP <img loading="lazy" src="https://wdd.js.org/zh/posts/2022/12/wireshark-101/2022-12-11-16-04-59.png"></p> <h2 id="方案2">方案2</h2> <p>方案1有一个缺点,只能过滤单一端口的UDP包,将其解码为RTP。</p> <p>假如有很多的UDP包,并且端口都不一样,如果想把这些包都解码为RTP, 则需要如下设置。</p> <p>选择分析-&gt;启用的协议</p> <p><img loading="lazy" src="https://wdd.js.org/zh/posts/2022/12/wireshark-101/2022-12-11-16-07-47.png"></p> <p>在搜索框中输入RTP, 然后启用RTP的<strong>rtp_udp</strong></p> <p><img loading="lazy" src="https://wdd.js.org/zh/posts/2022/12/wireshark-101/2022-12-11-16-08-46.png"></p>