RawCap抓取本地回环接口数据包
转载
RawCap.exe --help
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 | D:\rawcap>RawCap.exe --help NETRESEC RawCap version 0.1.5.0 http: //www .netresec.com Usage: RawCap.exe [OPTIONS] <interface_nr> <target_pcap_file> OPTIONS: -f Flush data to file after each packet (no buffer) -c <count> Stop sniffing after receiving <count> packets -s <sec> Stop sniffing after <sec> seconds INTERFACES: 0. IP : 192.168.1.103 NIC Name : 无线网络连接 NIC Type : Wireless80211 1. IP : 169.254.134.220 NIC Name : 本地连接 2 NIC Type : Ethernet 2. IP : 169.254.94.64 NIC Name : Bluetooth 网络连接 NIC Type : Ethernet 3. IP : 127.0.0.1 NIC Name : Loopback Pseudo-Interface 1 NIC Type : Loopback Example: RawCap.exe 0 dumpfile.pcap |
使用RawCap监听本地回环接口
TCP, UDP and ICMP packets can, however, all be sniffed properly from localhost on newer operating systems like Windows Vista and Windows 7.
方式一:
?
1 2 3 4 5 | D:\rawcap>RawCap.exe 3 localhost_capture.pcap Unable to enter promiscuous mode (RCVALL_ON), using RCVALL_SOCKETLEVELONLY. Sniffing IP : 127.0.0.1 File : localhost_capture.pcap Packets : 0 |
方式二:
?
1 2 3 4 5 | D:\rawcap>RawCap.exe 127.0.0.1 localhost_capture.pcap Unable to enter promiscuous mode (RCVALL_ON), using RCVALL_SOCKETLEVELONLY. Sniffing IP : 127.0.0.1 File : localhost_capture.pcap Packets : 0 |
方式三:
?
1 2 3 4 5 6 7 8 9 10 11 12 | D:\rawcap>RawCap.exe Interfaces: 0. 192.168.1.103 无线网络连接 Wireless80211 1. 169.254.134.220 本地连接 2 Ethernet 2. 169.254.94.64 Bluetooth 网络连接 Ethernet 3. 127.0.0.1 Loopback Pseudo-Interface 1 Loopback Select interface to sniff [default '0' ]: 3 Output path or filename [default 'dumpfile.pcap' ]: localhost_capture.pcap Unable to enter promiscuous mode (RCVALL_ON), using RCVALL_SOCKETLEVELONLY. Sniffing IP : 127.0.0.1 File : localhost_capture.pcap Packets : 0 |
Unable to enter promiscuous mode
通过上面的结果,可以看到这个提示Unable to enter promiscuous mode (RCVALL_ON), using RCVALL_SOCKETLEVELONLY.
根据我的测试也不能监听localhost。就是因为Unable to enter promiscuous mode (RCVALL_ON), using RCVALL_SOCKETLEVELONLY.这个原因。
看网上说cmd不是以管理员身份运行的,但我以管理员身份运行后还是不能有这个提示,并不能监听到localhost。
暂时无解。。。。。。。。
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。