网络抓包技术哪家强?wireshark来帮忙!
在windows上,如果要抓取回路的网络包,直接用wireshark就不行了。因为wireshark用的是wincap抓包,但windows上的tcp/ip协议栈默认没有实现自身回路的网卡。
参考http://www.hsc.fr/ressources/articles/win_net_srv/missing_loopback.html
Windows TCP/IP stack does not implement a network loopback interface, as found in other TCP/IP stack like lo* interfaces in BSD systems.
Thus, it is not possible to sniff network traffic using the typical Windows packet capture driver, WinPcap
再详细参考http://wiki.wireshark.org/CaptureSetup/Loopback
通过一系列复杂的更改路由操作可以做到,但是对于想快速抓取回路包画面有点太美,不敢看!
推荐一款小巧的软件http://www.netresec.com/?page=RawCap
通过RawCap就可以轻松的实现在windows上抓取回路包,并使用wireshark打开。
RawCap.exe -f 127.0.0.1 test.pcap
可以实时的把抓取的回路包数据写到文件中,wireshark可以打开该文件,就行刷新查看和分析。
详细帮助以下
F:\Tools>RawCap.exe --help
NETRESEC RawCap version 0.1.5.0
http://www.netresec.com
Usage: RawCap.exe [OPTIONS] <interface_nr> <target_pcap_file>
OPTIONS:
-f Automatically flush data to file after each packet (no buffer)
-c <count> Stop sniffing after receiving <count> packets
-s <sec> Stop sniffing after <sec> seconds
INTERFACES:
0. IP : 192.168.0.17
NIC Name : Local Area Connection
NIC Type : Ethernet
1. IP : 192.168.0.47
NIC Name : Wireless Network Connection
NIC Type : Wireless80211
2. IP : 90.130.211.54
NIC Name : 3G UMTS Internet
NIC Type : Ppp
3. IP : 192.168.111.1
NIC Name : VMware Network Adapter VMnet1
NIC Type : Ethernet
4. IP : 192.168.222.1
NIC Name : VMware Network Adapter VMnet2
NIC Type : Ethernet
5. IP : 127.0.0.1
NIC Name : Loopback Pseudo-Interface
NIC Type : Loopback
Example: RawCap.exe 0 dumpfile.pcap
转载于:https://blog.51cto.com/noteworthy/1591957