Scrum

Scrum is an iterative and incremental agile software development method for managing software projects and product or application development. Scrum has not only reinforced the interest in project management,^{[citation needed]} but also challenged the conventional ideas about such management. Scrum focuses on project management institutions where it is difficult to plan ahead. Mechanisms of empirical process control, where feedback loops that constitute the core management technique are used as opposed to traditional command-and-control oriented management.^{[citation needed]} It represents a radically new approach for planning and managing projects, bringing decision-making authority to the level of operation properties and certainties.

There are three core roles and a range of ancillary roles—core roles are often referred to as pigs and ancillary roles as chickens (after the story The Chicken and the Pig).

Core roles

The core roles are those committed to the project in the Scrum process—they are the ones producing the product (objective of the project). They represent the scrum team.

Product Owner

The Product Owner represents the stakeholders and is the voice of the customer. He or she is accountable for ensuring that the team delivers value to the business. The Product Owner writes customer-centric items (typically user stories), prioritizes them, and adds them to the product backlog. Scrum teams should have one Product Owner, and while they may also be a member of the development team, it is recommended that this role not be combined with that of Scrum Master.

Development Team

The Development Team is responsible for delivering potentially shippable product increments at the end of each Sprint. A Development Team is made up of 3–9 people with cross-functional skills who do the actual work (analyse, design, develop, test, technical communication, document, etc.). The Development Team in Scrum is self-organizing, even though they may interface with project management organizations (PMOs).

Scrum Master

Scrum is facilitated by a Scrum Master, sometimes written as ScrumMaster, who is accountable for removing impediments to the ability of the team to deliver the sprint goal/deliverables. The Scrum Master is not the team leader, but acts as a buffer between the team and any distracting influences. The Scrum Master ensures that the Scrum process is used as intended. The Scrum Master is the enforcer of rules. A key part of the Scrum Master’s role is to protect the Development Team and keep it focused on the tasks at hand. The role has also been referred to as a servant-leader to reinforce these dual perspectives.

Many a times, a Scrum Master is mistaken to be a Project Manager. However the difference is that while the Project Manager may also have people management responsibilities in addition to the role of a Scrum Master, a Scrum Master shall not hold any such additional people responsibilities.

Ancillary roles

The ancillary roles in Scrum teams are those with no formal role and infrequent involvement in the Scrum process—but nonetheless, they must be taken into account.

Stakeholders

The stakeholders are the customers, vendors. They are people who enable the project and for whom the project produces the agreed-upon benefit[s] that justify its production. They are only directly involved in the process during the sprint reviews.

Managers

People who control the environment.

Sprint

A sprint is the basic unit of development in Scrum. Sprints last between one week and one month, and are a "timeboxed" (i.e. restricted to a specific duration) effort of a constant length.

Each sprint is preceded by a planning meeting, where the tasks for the sprint are identified and an estimated commitment for the sprint goal is made, and followed by a review or retrospective meeting,where the progress is reviewed and lessons for the next sprint are identified.

During each sprint, the team creates finished portions of a product. The set of features that go into a sprint come from the product backlog, which is a prioritized list of requirements. Which backlog items go into the sprint (the sprint goals) is determined during the sprint planning meeting. During this meeting, the Product Owner informs the team of the items in the product backlog that he or she wants completed (the ones with the highest priority). The team then determines how much of time they can commit to complete during the next sprint, and records this in the sprint backlog. The sprint backlog is property of the development team, i.e. during a sprint, no one is allowed to edit the sprint backlog except for the development team. The sprint goals should not be changed during the sprint. Development is timeboxedsuch that the sprint must end on time; if requirements are not completed for any reason they are left out and returned to the product backlog. After a sprint is completed, the team demonstrates how to use the software.

Scrum enables the creation of self-organizing teams by encouraging co-location of all team members, and verbal communication between all team members and disciplines in the project.

A key principle of Scrum is its recognition that during a project the customers can change their minds about what they want and need (often called requirements churn), and that unpredicted challenges cannot be easily addressed in a traditional predictive or planned manner. As such, Scrum adopts an empirical approach—accepting that the problem cannot be fully understood or defined, focusing instead on maximizing the team’s ability to deliver quickly and respond to emerging requirements.

Like other agile development methodologies, Scrum can be implemented through a wide range of tools. Many companies use universal tools, such as spreadsheets to build and maintain artifacts such as the sprint backlog. There are also open-source and proprietary packages dedicated to management of products under the Scrum process. Other organizations implement Scrum without the use of any tools, and maintain their artifacts in hard-copy forms such as paper, whiteboards, and sticky notes.

Meetings

Daily Scrum

Each day during the sprint, a project status meeting occurs. This is called a daily scrum, or the daily standup. This meeting has specific guidelines:

• All members of the Development Team come prepared with the updates for the meeting
• The meeting starts precisely on time even if some Development team members are missing
• The meeting should happen at the same location and same time every day
• The meeting length is set (timeboxed) to 15 minutes
• All are welcome, but normally only the core roles speak

During the meeting, each team member answers three questions:

• What have you done since yesterday?
• What are you planning to do today?
• Any impediments/stumbling blocks?

• Any impediment/stumbling block identified in this meeting is documented by the Scrum Master and worked towards resolution outside of this meeting. No detailed discussions shall happen in this meeting.

Backlog grooming: storytime

The team should spend time during a sprint doing product backlog grooming. This is the process of estimating the existing backlog using effort/points, refining the acceptance criteria for individual stories, and breaking larger stories into smaller stories.

• Meetings should not be longer than an hour
• Meeting does not include breaking stories into tasks
• The team can decide how many meetings are needed per week.

The most commonly used method is the planning poker.

Scrum of Scrums

Each day normally after the Daily Scrum.

• These meetings allow clusters of teams to discuss their work, focusing especially on areas of overlap and integration.
• A designated person from each team attends.

The agenda will be the same as the Daily Scrum, plus the following four questions:

• What has your team done since we last met?
• What will your team do before we meet again?
• Is anything slowing your team down or getting in their way?
• Are you about to put something in another team’s way?

Sprint planning meeting

At the beginning of the sprint cycle (every 7–30 days), a “Sprint planning meeting” is held.

• Select what work is to be done
• Prepare the Sprint Backlog that details the time it will take to do that work, with the entire team
• Identify and communicate how much of the work is likely to be done during the current sprint
• Eight-hour time limit
  • (1st four hours) Entire team: dialog for prioritizing the Product Backlog
  • (2nd four hours) Development Team: hashing out a plan for the Sprint, resulting in the Sprint Backlog

At the end of a sprint cycle, two meetings are held: the “Sprint Review Meeting” and the “Sprint Retrospective”

Sprint review meeting

• Review the work that was completed and not completed
• Present the completed work to the stakeholders (a.k.a. “the demo”)
• Incomplete work cannot be demonstrated
• Four-hour time limit

Sprint retrospective

• All team members reflect on the past sprint
• Make continuous process improvements
• Two main questions are asked in the sprint retrospective: What went well during the sprint? What could be improved in the next sprint?
• Three-hour time limit
• This meeting is facilitated by the Scrum Master

Artifacts

Product Backlog

The product backlog is an ordered list of "requirements" that is maintained for a product. It contains Product Backlog Items that are ordered by the Product Owner based on considerations like risk, business value, dependencies, date needed, etc. The features added to the backlog are commonly written in story format (See terminology below). The product backlog is the “What” that will be built, sorted in the relative order it should be built in. It is open and editable by anyone, but the Product Owner is ultimately responsible for ordering the stories on the backlog for the Development Team. The product backlog contains rough estimates of both business value and development effort, these values are often stated in story points using a rounded Fibonacci sequence. Those estimates help the Product Owner to gauge the timeline and may influence ordering of backlog items. For example, if the “add spellcheck” and “add table support” features have the same business value, the one with the smallest development effort will probably have higher priority, because the ROI (Return on Investment) is higher.

The Product Backlog, and business value of each listed item is the responsibility of the Product Owner. The estimated effort to complete each backlog item is, however, determined by the Development Team. The team contributes by estimating Items and User-Stories, either in Story-points or in estimated hours.

[edit]Sprint Backlog

The stories/features are broken down into tasks by the Development Team, which, as a best practice, should normally be between four and sixteen hours of work. With this level of detail the Development Team understands exactly what to do, and potentially, anyone can pick a task from the list. Tasks on the sprint backlog are never assigned; rather, tasks are signed up for by the team members as needed during the daily scrum, according to the set priority and the Development Team member skills. This promotes self-organization of the Development Team, and developer buy-in.The sprint backlog is the list of work the Development Team must address during the next sprint. The list is derived by selecting stories/features from the top of the product backlog until the Development Team feels it has enough work to fill the sprint. This is done by the Development Team asking "Can we also do this?" and adding stories/features to the sprint backlog. The Development Team should keep in mind the velocity of its previous Sprints (total story points completed from each of the last sprints stories) when selecting stories/features for the new sprint, and use this number as a guide line of how much "effort" they can complete.

The sprint backlog is the property of the Development Team, and all included estimates are provided by the Development Team. Often an accompanying task board is used to see and change the state of the tasks of the current sprint, like “to do”, “in progress” and “done”.

Increment

The increment is the sum of all the Product Backlog Items completed during a sprint and all previous sprints. At the end of a sprint, the Increment must be done according to the Scrum Team's definition of done. The increment must be in usable condition regardless of whether the Product Owner decides to actually release it.

Burn down

A sample burn down chart for a completed iteration, showing remaining effort and tasks for each of the 21 work days of the 1-month iteration.

Main article: burn down chart

The sprint burn down chart is a publicly displayed chart showing remaining work in the sprint backlog. Updated every day, it gives a simple view of the sprint progress. It also provides quick visualizations for reference. There are also other types of burndown, for example the release burndown chart that shows the amount of work left to complete the target commitment for a Product Release (normally spanning through multiple iterations) and the alternative release burndown chart,^[19] which basically does the same, but clearly shows scope changes to Release Content, by resetting the baseline.

It should not be confused with an earned value chart.

Terminology

The following terminology is used in Scrum:

Scrum Team

Product Owner, Scrum Master and Development Team

Product Owner

The person responsible for maintaining the Product Backlog by representing the interests of the stakeholders, and ensuring the value of the work the Development Team does.

Scrum Master

The person responsible for the Scrum process, making sure it is used correctly and maximizing its benefits.

Development Team

A cross-functional group of people responsible for delivering potentially shippable increments of Product at the end of every Sprint.

Sprint burn down chart

Daily progress for a Sprint over the sprint’s length.

Product backlog

A prioritized list of high-level requirements.

Sprint backlog

A prioritized list of tasks to be completed during the sprint.

Sprint

A time period (typically 1–4 weeks) in which development occurs on a set of backlog items that the team has committed to. Also commonly referred to as a Time-box or iteration.

(User) Story

A feature that is added to the backlog is commonly referred to as a story and has a specific suggested structure. The structure of a story is: "As a <user type> I want to <do some action> so that <desired result>" This is done so that the development team can identify the user, action and required result in a request and is a simple way of writing requests that anyone can understand. Example: As a wiki user I want a tools menu on the edit screen so that I can easily apply font formatting.

A story is an independent, negotiable, valuable, estimatable, small, testable requirement ("INVEST"). Despite being independent i.e. they have no direct dependencies with other requirements, stories may be clustered into epics when represented on a product roadmap or further down in the backlog.

Theme

A theme is a top-level objective that may span projects and products. Themes may be broken down into sub-themes, which are more likely to be product-specific. Themes can be used at both program and project level to drive strategic alignment and communicate a clear direction.

Epic

An epic is a group of related stories, mainly used in product roadmaps and the backlog for features that have not yet been analyzed enough to break down into component stories, which should be done before bringing it into a sprint so to reduce uncertainty. Epics can also be used at a both program and project level.

Spike

A time boxed period used to research a concept and/or create a simple prototype. Spikes can either be planned to take place in between sprints or, for larger teams, a spike might be accepted as one of many sprint delivery objectives. Spikes are often introduced before the delivery of large epics or user stories in order to secure budget, expand knowledge, and/or produce a proof of concept. The duration and objective(s) of a spike will be agreed between the Product Owner and Delivery Team before the start. Unlike sprint commitments, spikes may or may not deliver tangible, shippable, valuable functionality. For example, the objective of a spike might be to successfully reach a decision on a course of action. The spike is over when the time is up, not necessarily when the objective has been delivered.

Tracer Bullet

The tracer bullet is a spike with the current architecture, current technology set, current set of best practices which results in production quality code. It might just be a very narrow implementation of the functionality but is not throw away code. It is of production quality and rest of the iterations can build on this code.

Point Scale/Effort/Story points

Relates to an abstract point system, used to discuss the difficulty of the story, without assigning actual hours. The most common scale used is a rounded Fibonacci sequence (1,2,3,5,8,13,20,40,100), although some teams use linear scale (1,2,3,4...), powers of two (1,2,4,8...), and clothes size (XS, S, M, L, XL).^[21]

Tasks

Added to the story at the beginning of a sprint and broken down into hours. Each task should not exceed 12 hours, but it's common for teams to insist that a task take no more than a day to finish.

Definition of Done (DoD)

The exit-criteria to determine whether a product backlog item is complete. In many cases the DoD requires that all regression tests should be successful.

Velocity

The total effort a team is capable of in a sprint. The number is derived by adding all the story points from the last sprint's stories/features. This is a guideline for the team and assists them in understanding how many stories they can do in a sprint.

Impediment

Anything that prevents a team member from performing work as efficiently as possible.^[22]

Sashimi

A report that something is "done". The definition of "done" may vary from one Scrum team to another, but must be consistent within one team.

Abnormal Termination

The Product Owner can cancel a Sprint if necessary.^[23] The Product Owner may do so with input from the team, scrum master or management. For instance, management may wish to cancel a sprint if external circumstances negate the value of the sprint goal. If a sprint is abnormally terminated, the next step is to conduct a new Sprint planning meeting, where the reason for the termination is reviewed.

Planning Poker

In the Sprint Planning Meeting, the team sits down to estimate its effort for the stories in the backlog. The Product Owner needs these estimates, so that he or she is empowered to effectively prioritize items in the backlog and, as a result, forecast releases based on the team's velocity.

Scrum-ban

Scrum-ban is a software production model based on Scrum and Kanban. Scrum-ban is especially suited for maintenance projects or (system) projects with frequent and unexpected user stories or programming errors. In such cases the time-limited sprints of the Scrum model are of no appreciable use, but Scrum’s daily meetings and other practices can be applied, depending on the team and the situation at hand. Visualization of the work stages and limitations for simultaneous unfinished user stories and defects are familiar from the Kanban model. Using these methods, the team’s workflow is directed in a way that allows for minimum completion time for each user story or programming error, and on the other hand ensures each team member is constantly employed.

To illustrate each stage of work, teams working in the same space often use post-it notes or a large whiteboard. In the case of decentralized teams, stage-illustration such asAssembla, ScrumWorks, Rational Team Concert or JIRA in combination with GreenHopper can be used to visualize each team’s user stories, defects and tasks divided into separate phases.

In their simplest, the tasks or usage stories are categorized into the work stages

• Unstarted
• Ongoing
• Completed

If desired, though, the teams can add more stages of work (such as “defined”, “designed”, “tested” or “delivered”). These additional phases can be of assistance if a certain part of the work becomes a bottleneck and the limiting values of the unfinished work cannot be raised. A more specific task division also makes it possible for employees to specialize in a certain phase of work.

There are no set limiting values for unfinished work. Instead, each team has to define them individually by trial and error; a value too small results in workers standing idle for lack of work, whereas values too high tend to accumulate large amounts of unfinished work, which in turn hinders completion times. A rule of thumb worth bearing in mind is that no team member should have more than two simultaneous selected tasks, and that on the other hand not all team members should have two tasks simultaneously.

The major differences between Scrum and Kanban are derived from the fact that, in Scrum, work is divided into sprints that last a certain amount of time, whereas in Kanban the workflow is continuous. This is visible in work stage tables, which in Scrum are emptied after each sprint. In Kanban all tasks are marked on the same table. Scrum focuses on teams with multifaceted know-how, whereas Kanban makes specialized, functional teams possible.

Since Scrum-ban is such a new development model, there is not much reference material. Kanban, on the other hand, has been applied by Microsoft and Corbis.

資料來源: http://en.wikipedia.org/wiki/Scrum_(development)

Wireshark

前言：
網路故障了？沒有用網路時網路燈號卻一直閃爍不停？新的網路通訊協定夠不夠完善？種種大大小小的問題充斥在網路世界中，為了解決各種問題，我們常常需要先對網路中的資料進行擷取和分析，以瞭解問題的癥結點並擬對策。Wireshark就是一種網路分析工具，它能夠擷取網路封包，並盡可能顯示出最為詳細的網路封包資料。本文將對Wireshark做一些基本的使用介紹。

Wireshark簡介：
Wireshark的前身叫做Ethereal(2006.06因為商標問題改名)，是一開放原始碼軟體，使用者可以免費從官方網站(http://www.wireshark.org/)下載使用。Wireshark支援了多種作業系統，在Windows、UNIX、MAC…etc下都有相對應的版本。藉由此軟體我們可以抓取資料封包，進一步分析封包內的摘要及詳細資訊。一般常用在網路故障排除、監聽異常封包、軟體封包問題檢測等地方。Wireshark的方便強大之處，在於其支援的Protocol多且完整，更因為開放原始碼的關係，更新Protocol相當迅速，不同封包擷取軟體所產生的檔案亦可在這套軟體中讀取檢視。此外，在介面使用上，Wireshark圖形化的介面相當容易上手，豐富的過濾語言，可以輕鬆判別出封包的種類，是一套整合度完整的軟體。

安裝Wireshark：
首先我們必須到官方網頁來下載安裝程式，位置是http://www.wireshark.org/，官方網頁中有不同的作業系統可供選擇，也提供了Portable的版本，在這邊我們將以Windows Installer (.exe) Package來做示範。

安裝的過程相當簡單，跟一般軟體的流程一樣，接受授權、客製化、安裝。現階段我們使用預設的設定即可。

比較需要注意的是在安裝的過程中會要我們安裝WinPcap(Windows Packet Capture)，如圖所示。WinPcap 是 Windows 版本的 lippcap 函式庫，Wireshark使用了這個函式庫去抓取網路上的封包，它含有支援抓取網路上封包的驅動程式，所以我們必須要安裝它，若電腦本身已經有安裝WinPcap，建議還是更新到最新的版本。

按下Install開始安裝，若想要瞭解更多關於WinPcap的資訊，點選『What is WinPcap?』的按鈕即可。
在一連串的Next過後，Wireshark安裝完畢如上圖。接下來我們藉由三個小步驟來介紹Wireshark的功能。

步驟1：明碼封包的截取與觀察
目的：透過基本的封包擷取，瞭解Wireshark的使用流程。從實驗中我們必須要知道sniffer的運作原理，習得呈現內容過濾的技巧，並利用stream彙整的功能找到需要的資訊。

流程：
當安裝完畢，點擊開啟Wireshark，看到的程式介面如下。

接著我們想要開始抓取網路的封包，請點選主選單中的Capture → Interfaces會看到類似以下的畫面，此畫面會列出電腦裡所有的網路卡資訊。選擇想要觀察的網路卡，按下Start就開始擷取封包了。[Tips: 進入這個畫面，Wireshark就會開始監測每張網路卡上的封包流動數目，若真的不確定要選哪張網路卡，選擇packets/s數高的，通常會選中，這是比較懶人的作法啦！]
開始監測之後，畫面會一直動態產生所接收到的封包。你可能會發現很多封包的Source和Destination都不是自己，這是因為我們目前所使用的區域網路大部分為乙太網路，係採用廣播為技術基礎，所以在區域網路中我們很容易可以透過sniffer軟體(本文介紹的Wireshark即是)看到別人的封包，甚至知道別人的隱私內容，本實驗就是要強調明碼的危險性。
明碼傳輸的protocol相當多，telnet、FTP、HTTP等常用協定皆在這個範疇裡面，國人熱愛的BBS(Bulletin Board System)就是使用telnet協定運作，透過sniffer的監聽我們很容易知道別人的帳號密碼。
我們拿BBS來做這次的實驗，首先連接到一個BBS站台，以輔大資工謠言報為例，在命令提示字元內鍵入telnet bbs.rumor.tw。
注意：此時Wireshark的還是在Capture狀態。

進入登入介面後，輸入帳號密碼登入。
接下來我們停止Wireshark的擷取動作，執行主選單的Capture → Stop或是直接點選Stop the running live capture圖示。
停止之後介面上的封包將不再增加，不過所擷取到的資料仍舊太多太雜，這時候可以利用Display Filter功能過濾呈現的內容，如下圖點擊Expression挑選過濾語法。

因為我們只是要篩選出Telnet協定的流量，找到TELNET字樣如下，直接按OK。

其實篩選的功能很強大，遵循著語法：[通訊協定][運算元][數值]就可以過濾出很多有用的資訊。
通訊協定這部分在前面有提到，Wireshark幾乎支援目前所有的協定，所以不太會有解析不出來的情況發生。
可以用的運算元就是上圖Relation那個區塊，亦可以用縮寫來替代。如下表：
English C-like Description and example
eq == Equal ex: ip.src==192.168.2.89
ne != Not equal ex: ip.src!= 192.168.2.89
gt > Greater than ex: frame.len > 10
lt <>= Greater than or equal to ex: frame.len ge 0x100
le <= Less than or equal to ex: frame.len <= 0x20 舉幾個例子： 只顯示 IP Address 為 192.168.2.89 語法為ip.addr eq 192.168.2.89 只顯示 IP Address 為 192.168.2.88 且 port 為 23 語法為(ip.addr eq 192.168.2.88) and (tcp.port eq 23) 只顯示通訊協定為 ARP 或 UDP 語法為arp or tcp 詳細的描述可以參考官方wiki：http://wiki.wireshark.org/DisplayFilters

語法確定後點選Apply就過濾出所有包含TELNET協定的封包。介面的中央區塊代表的是封包裡面的內容，關於這個區塊代表的意義我們實驗2會再談到，現階段我們要點開最下面的+號如圖紅色部分，觀看屬於應用層的內容。


經過觀察，發現一些連續的sent封包，內容依序放著s、h、a、o、l、i、n，這不正是我們先前登入的帳號？可是這樣一個封包一個封包看相當沒有效率，沒關係，Wireshark可以節錄整理串流訊息，在相關的封包上面按右鍵找到Follow TCP Stream點選，Wireshark會幫你彙整該stream的內容。

彙整出來如下圖，紅色的部分為我們送出的DATA，藍色的部分是我們收到的DATA。

為了更去蕪存菁，我們再篩選出只有我們送出的DATA，點選下面紅色部分進行篩選。

最後的結果如下，內容中『....』代表的是指令，沒有辦法顯現出來。可以看到我們曾經發出shaolin，然後按下換行，繼續輸入demo1換行，從這邊我們確切的抓到了帳號跟密碼資訊ID:shaolin Password:demo1。除此之外，我們更可以進一步知道別人在看什麼文章，或是得知別人私人信件的內容，隱私將毫無保障。
[註:為了避免被有心人監測到重要資料，有SSH、SSL、HTTPS等加密協定可用就盡量使用，至少別人監聽到的內容是加密過的。]

步驟2：HTTP Protocol的觀察
目的：藉由HTTP Protocol的觀察，練習篩選所要的資訊，並能夠清楚的知道TCP/IP實際的運作模式

流程：這次要看的是自己的HTTP封包。在上一個實驗中我們用到Display Filter，這個實驗也可以透過同樣的方式組合過濾，不過我們來嘗試另一種過濾方式Capture Filter。
同樣的進入選擇網路卡的地方。Capture → Interfaces點選Options。

進入了選項視窗後，有各種參數可以設定，比較主要的功能是在Capture這個區塊，其中：

Interface代表你要使用的網路卡。
IP address代表該網路卡的網路位置。
Buffer size代表抓取網路封包時所用的緩衝區大小。
Capture packets in promiscuous mode代表抓取封包的模式，如果勾選會抓取整個LAN的封包；如果不勾選，則只會抓取從你的電腦進或出的封包。
Limit each packet to n bytes用來指定對於每個封包要抓取的資料大小。
Capture Filter用來指定抓取時的篩選規則。

跟我們相關的功能如下圖紅色的部分，『Capture packets in promiscuous mode』、『Capture Filter』這兩部分，因為我們只要觀察自己的封包，所以『Capture packets in promiscuous mode』不要打勾，另外我們想要的是http相關資訊，所以在剛開始就設定篩選讀取，請點選『Capture Filter』的按鈕開始進行篩選設定。

Capture Filter是使用 libpcap filter 語言，詳細的語法可以參考tcpdump的網頁(http://www.tcpdump.org/tcpdump_man.html)
這裡舉幾個簡單的例子：
只抓取某一個 host(例如 IP 是 10.0.0.5) 的 telnet 封包
語法為：tcp port 23 and host 10.0.0.5
抓取 telnet 的封包但不要抓到從某一 host 的(例如 IP 是 10.0.0.5)
語法為：tcp port 23 and not host 10.0.0.5
更詳細的描述可以參考官方wiki：http://wiki.wireshark.org/CaptureFilters

在這裡我們沒有要用到這麼複雜，直接用Wireshark已經建立好的常用功能HTTP TCP port(80)即可，OK之後點選Start擷取封包

先以連接到Google首頁為例，來看看讀取一個網頁到底中間做了什麼事情？

回到Wireshark主程式，看到已經有很多封包被擷取出來了。
見下圖，右上角紅色的框框，這就是TCP在做三向交握建立連線，有興趣的可以自行察看封包並比對網路相關書籍，這裡就不多著墨了。
接下來看到下面的紅色框框，這是編號四號的封包內容，也就是當三向交握結束，client對server做出request，封包的內容層層分明，讓我們先來複習一下TCP/IP的四層架構：

應用層 (OSI 5 到 7層)	例如HTTP、FTP、DNS(如BGP和RIP這樣的路由協定，儘管由於各種各樣的原因它們分別運行在TCP和UDP上，仍然可以將它們看作網路層的一部分)
傳輸層 (OSI 4 和 5層)	例如TCP、UDP、RTP、SCTP(如OSPF這樣的路由協定，儘管運行在IP上也可以看作是網路層的一部分)
網路層 (OSI 3層)	對於TCP/IP來說這是網際網路協定(IP)(如ICMP和IGMP這樣的必須協定儘管運行在IP上，也仍然可以看作是網路互連層的一部分；ARP不運行在IP上)
連結層 (OSI 1和2層)	例如Ethernet、Wi-Fi、MPLS等。

以下圖為例，第一條內容是屬於連結層(frame)；
第二條內容為MAC address，隸屬於網路層；
第三條內容也是網路層(IP)；第四條TCP到了傳輸層；
最後一條HTTP為應用層。
藉由封包的分析，我們可以更清楚瞭解每一層實際運作的情形。
最後，我們開始來分析一下這些HTTP protocol，截取的內容如下，分別的動作是client請求提供服務；server回應OK並傳送網頁。透過這些header，可以從中去思考分析這些資訊分別是做什麼用的，相關的資訊請參考HTTP/1.1: Header Field Definitions (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html)

GET / HTTP/1.1
Host: www.google.com.tw
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-TW; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: zh-tw,en-us;q=0.7,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: Big5,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: PREF=ID=e60ffeff3ffd6915:TM=1205430311:LM=1205430311:S=J9rJbq4UpUnfR9hl
Cache-Control: max-age=0

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Server: gws
Content-Length: 3034
Date: Thu, 13 Mar 2008 01:37:33 GMT

(底下HTML code省略)

步驟3：實戰練習

目的：找一個網站去瞭解其運作模式，藉此分析該網站的安全度、可靠度等細節。
流程：這次實驗挑選的對象是去年新成立的社交網站，該網站提供blog、相簿，並提供房間讓你布置，網站內的功能也持續推陳出新，是一個非常有趣新奇的網站，網址為：http://www.roomi.com.tw/。

因為布置房間需要金幣，我們比較有興趣的可能是該網站賺取金幣的模式如何運作，所以開啟Wireshark開始記錄。
首先進入打工中心，隨便找個零工打打看。
打工的成果為111金幣，開始察看封包。
利用前面幾個實驗所用的方法，我們在列表中發現了一個關鍵的封包，負責回傳遊戲的分數。

GET
/obj/swf/minigame/php/index.php?type=honeybee&PA=save&score=111
HTTP/1.1Host: http://www.roomi.com.tw/User-Agent:
Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-TW; rv:1.8.1.11) Gecko/20071127
Firefox/2.0.0.11Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5Accept-Language:
zh-tw,en-us;q=0.7,en;q=0.3Accept-Encoding: gzip,deflateAccept-Charset:
Big5,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Connection: keep-aliveCookie:
PHPSESSID=0c8a8ebd9ffd07114acb6a866417c99b;
__utma=122646152.2093039428.1205467293.1205467293.1205467293.1;
__utmb=122646152; __utmc=122646152;
__utmz=122646152.1205467293.1.1.utmccn=(organic)utmcsr=googleutmctr=roomiutmcmd=organic

資料來源: http://blog.shaolin.tw/2008/03/wireshark.html
軟體來源: http://www.azofreeware.com/2008/06/wireshark-100.html