找回密码
 立即注册
邮电通讯系统 2022-06-28 72 0star收藏 版权: . 保留作者信息 . 禁止商业使用 . 禁止修改作品
捕包选项1、选择好捕包网卡,左连还有一些其它捕包条件供选择,如果当所选网卡不支持“杂项接收”功能,系统会提示相应信息,出现该情况时您将无法获取与本网卡无关的数据包,换言之,您无法获取其他电脑之间的通讯包,所以,建议您更换网卡。不支持“杂项接收”的网卡,多数为一部分无线网卡及少数专用服务器/笔记本网卡。2、协议过滤通常情况下,可不选,除非您对协议类型较为熟悉。3、设置捕包缓冲确省的捕包缓冲区大小为1M,如果您的要追踪的网络规模较大,可适当调大该值;另外,如果追踪主机CPU处理能力不够,也需加大缓冲;否则,可能出现丢包的情况。4、IP过滤IP过滤里可以设置想要捕包的IP地址或是设置要排除的IP地址等信息。5、端口过滤端口过滤过滤里可以设置想要捕包的端口或是设置要排除过滤的端口等信息。捕包分析1、设置捕包过滤项这里的过滤和“追踪任务”过滤设置是独立分开的,请不要混淆,其可选内容项更多。上述选项中,最为复杂的是“数据块匹配”部分,详细的介绍将在下面的章节部分出现,这里只需要配置好正确的网卡即可,其他选项可以不做任何设置。IP包回放1、有助于了解原始包通讯的地理分布情况。2、通过将IP包回放到网卡上,模拟原始IP包在网络上传输情况,也可供同类捕包软件捕获分析。通讯协议分析捕包准备捕包分析工具条:开始捕包前,用户需先进行过滤设置,选项内容包括:选网卡如果您有多块网卡,需要选中能捕包到预想中的数据的网卡。协议过滤针对Internet通讯部分,常见的IP包类型为:TCP/UDP/ICMP。绝大部分是TCP连接的,比如HTTP(s)/SMTP/POP3/FTP/TELNET等等;一部分聊天软件中除了采用TCP通讯方式外,也采用了UDP的传输方式,如QQ/SKYPE等;而常见的ICMP包是由客户的Ping产生的。IP过滤“IP过滤”在捕包过滤使用最为常见,IP匹配主要分两类:一是不带通讯方向,单纯的是范围的匹配,如上图中的“From:to”类型;另外一类是带通讯方向的一对一匹配,如上图“lt;--gt;”类型,不仅匹配IP地址,也匹配通讯的源IP和目标IP的方向。端口过滤“端口过滤”只针对两种类型的DoD-IP包:TCP/UDP。数据区大小“数据区大小”的匹配针对所有DoD-IP类型包,不过需要说明的是,TCP/UDP的IP数据区是以实际数据区位置开始计算的,而其他类型的则把紧随IP包头后面的部分当作数据区。数据块匹配“数据块匹配”较为复杂,但却非常有用.在这里,用户可以输入文本,也可以输入二进制,可以选择特定位置的匹配,也可以选择任意位置的匹配,总之,该设置非常灵活好用。结束条件缺省条件下,当捕获的包占用空间多余10M时,自动停止。
本资料共包含以下附件:
chartdir40.dll
Decode.dll
Infoapi.dll
JmLib.dll
Packet.dll
TrackNet.dll
wlgx.dll
使用说明文档.txt
tcpinfo.dat
office2007.cjstyles
IPAnalyse.exe
config
ETC
IpTool抓包工具....


(Packet capture options 1. Select a packet capture network card. There are other packet capture conditions to choose from on the left. If the selected network card does not support the "miscellaneous receive" function, the system will prompt the corresponding information. In this case, you will not be able to obtain packets unrelated to this network card. In other words, you will not be able to obtain communication packets between other computers. Therefore, it is recommended that you replace the network card. Network cards that do not support "miscellaneous reception" are mostly some wireless network cards and a few dedicated server / notebook network cards. 2. Generally, protocol filtering is optional unless you are familiar with the protocol type. 3. Set the size of the packet capture buffer to 1m. If the network you want to track is large, you can increase this value appropriately; In addition, if the CPU processing capacity of the tracking host is insufficient, it is also necessary to increase the buffer; Otherwise, packet loss may occur. 4. IP filtering in IP filtering, you can set the IP address you want to capture packets or the IP address you want to exclude. 5. In port filtering, you can set the port you want to capture packets or the port you want to exclude filtering. Packet capture analysis 1. Set packet capture filter items. The filter settings here and the "tracking task" filter settings are independent. Please do not confuse them. There are more optional items. Among the above options, the most complex one is the "data block matching" part. The detailed description will appear in the following chapters. Here, you only need to configure the correct network card. Other options can be set without any settings. IP packet playback 1. It helps to understand the geographical distribution of the original packet communication. 2. By putting IP packets back on the network card, the transmission of original IP packets on the network is simulated, which can also be captured and analyzed by similar packet capturing software. Communication protocol analysis packet capture preparation packet capture analysis toolbar: before starting packet capture, the user needs to set the filter. The options include: select a network card. If you have multiple network cards, you need to select a network card that can capture packets to the expected data. Protocol filtering is aimed at Internet communication. The common IP packet types are tcp/udp/icmp. Most of them are TCP connections, such as HTTP (s) /smtp/pop3/ftp/telnet, etc; In addition to TCP communication, some chat software also adopts UDP transmission mode, such as qq/skype; The common ICMP package is generated by the customer's Ping. IP filtering "IP filtering" is most commonly used in packet capture filtering. IP matching is mainly divided into two types: first, without communication direction, it is simply range matching, as shown in the "from:to" type in the above figure; The other is one-to-one matching with communication direction, as shown in the above figure "lt; --gt;" Type, which matches not only the IP address, but also the direction of the source IP and destination IP of the communication. Port filtering "port filtering" only applies to two types of dod-ip packets: tcp/udp. The data area size "data area size" matches all dod-ip packets. However, it should be noted that the IP data area of tcp/udp is calculated from the actual data area position, while the part immediately following the IP packet header is regarded as the data area for other types. Data block matching "data block matching" is complex but very useful Here, the user can enter text or binary, and can select the matching at a specific position or at any position. In short, this setting is very flexible and easy to use. End condition by default, when the captured packet occupies more than 10m of space, it will automatically stop.
This document contains the following attachments:
chartdir40.dll
Decode. dll
Infoapi. dll
JmLib. dll
Packet. dll
TrackNet. dll
wlgx. dll
Instructions for use txt
tcpinfo. dat
office2007.cjstyles
IPAnalyse. exe
config
ETC
Iptool packet capturing tool)

[下载]14204463946.rar




上一篇:DameWareNT
下一篇:最新2011上兴远程控制