您的位置:首页 > 职场人生

window下使用wireshark远程抓包 推荐

2012-01-09 21:40 886 查看

首先要在我们需要被抓包的remote机器上确保安装了WinPcap,尽量找最新的版本,安装路径按默认即可。在remote端,进入命令行模式下,切换到winpcap的路径下:C:\Program Files\WinPcap,运行rpcapd -h,可以看到各个参数的用法,下面列出参数的用法:

C:\Program Files\WinPcap>rpcapd.exe -h
rpcapd [-b <address>] [-p <port>] [-6] [-l <host_list>] [-a <host,port>]
[-n] [-v] [-d] [-s <file>] [-f <file>]
-b <address>: the address to bind to (either numeric or literal).
Default: it binds to all local IPv4 addresses
-p <port>: the port to bind to. Default: it binds to port 2002
-4: use only IPv4 (default both IPv4 and IPv6 waiting sockets are used)
-l <host_list>: a file that keeps the list of the hosts which are allowed
to connect to this server (if more than one, list them one per line).
We suggest to use literal names (instead of numeric ones) in order to
avoid problems with different address families
-n: permit NULL authentication (usually used with '-l')
-a <host,port>: run in active mode when connecting to 'host' on port 'port'
In case 'port' is omitted, the default port (2003) is used
-v: run in active mode only (default: if '-a' is specified, it accepts
passive connections as well
-d: run in daemon mode (UNIX only) or as a service (Win32 only)
Warning (Win32): this switch is provided automatically when the service
is started from the control panel
-s <file>: save the current configuration to file
-f <file>: load the current configuration from file; all the switches
specified from the command line are ignored
-h: print this help screen

-l 允许远端可以连接本机,次参数必须
-d 允许rpcapd服务以daemon的方式运行,此参数必须
-n 此参数加上可以让远程连接抓包时不需要输入用户名和密码

以上为我抓包时在remote端运行是加的参数,rpcapd -lnd 即可,但是奇怪的是我用netstat 看机器上运行的端口时,没发现2002端口开着,很诡异,但是不管那么多了,remote这里已经搞定了。

我们点击“Add Remote Interface”,弹出添加远程接口的窗口:




内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息