RawCap.exe --help

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29

​D:\rawcap>RawCap.exe --help​​​​NETRESEC RawCap version 0.1.5.0​​​http:​​​​//www​​​.netresec.com​​​Usage: RawCap.exe [OPTIONS] <interface_nr> <target_pcap_file>​​​​OPTIONS:​​​​​​​​-f Flush data to ​​​​file​​​​after each packet (no buffer)​​​​​​​​-c <count> Stop sniffing after receiving <count> packets​​​​​​​​-s <sec> Stop sniffing after <sec> seconds​​​​INTERFACES:​​​​​​​​0. IP : 192.168.1.103​​​​​​​​NIC Name : 无线网络连接​​​​​​​​NIC Type : Wireless80211​​​​​​​​1. IP : 169.254.134.220​​​​​​​​NIC Name : 本地连接 2​​​​​​​​NIC Type : Ethernet​​​​​​​​2. IP : 169.254.94.64​​​​​​​NIC Name : Bluetooth 网络连接​​​​​​​​NIC Type : Ethernet​​​​​​​​3. IP : 127.0.0.1​​​​​​​​NIC Name : Loopback Pseudo-Interface 1​​​​​​​​NIC Type : Loopback​​​​Example: RawCap.exe 0 dumpfile.pcap​



使用RawCap监听本地回环接口

TCP, UDP and ICMP packets can, however, all be sniffed properly from localhost on newer operating systems like Windows Vista and Windows 7.

方式一:

​?​

1 2 3 4 5

​D:\rawcap>RawCap.exe 3 localhost_capture.pcap​​​​Unable to enter promiscuous mode (RCVALL_ON), using RCVALL_SOCKETLEVELONLY.​​​​Sniffing IP : 127.0.0.1​​​​File : localhost_capture.pcap​​​​Packets : 0​


方式二:

​?​

1 2 3 4 5

​D:\rawcap>RawCap.exe 127.0.0.1 localhost_capture.pcap​​​​Unable to enter promiscuous mode (RCVALL_ON), using RCVALL_SOCKETLEVELONLY.​​​​Sniffing IP : 127.0.0.1​​​​File : localhost_capture.pcap​​​​Packets : 0​


方式三:

​?​

1 2 3 4 5 6 7 8 9 10 11 12

​D:\rawcap>RawCap.exe​​​​Interfaces:​​​​​​​​0. 192.168.1.103 无线网络连接 Wireless80211​​​​​​​​1. 169.254.134.220 本地连接 2 Ethernet​​​​​​​​2. 169.254.94.64 Bluetooth 网络连接 Ethernet​​​​​​​​3. 127.0.0.1 Loopback Pseudo-Interface 1 Loopback​​​​Select interface to sniff [default ​​​​'0'​​​​]: 3​​​​Output path or filename [default ​​​​'dumpfile.pcap'​​​​]: localhost_capture.pcap​​​​Unable to enter promiscuous mode (RCVALL_ON), using RCVALL_SOCKETLEVELONLY.​​​​Sniffing IP : 127.0.0.1​​​​File : localhost_capture.pcap​​​​Packets : 0​



Unable to enter promiscuous mode

通过上面的结果,可以看到这个提示Unable to enter promiscuous mode (RCVALL_ON), using RCVALL_SOCKETLEVELONLY.

根据我的测试也不能监听localhost。就是因为Unable to enter promiscuous mode (RCVALL_ON), using RCVALL_SOCKETLEVELONLY.这个原因。

看网上说cmd不是以管理员身份运行的,但我以管理员身份运行后还是不能有这个提示,并不能监听到localhost。

暂时无解。。。。。。。。