(Packet capture options 1. Select a packet capture network card. There are other packet capture conditions to choose from on the left. If the selected network card does not support the "miscellaneous receive" function, the system will prompt the corresponding information. In this case, you will not be able to obtain packets unrelated to this network card. In other words, you will not be able to obtain communication packets between other computers. Therefore, it is recommended that you replace the network card. Network cards that do not support "miscellaneous reception" are mostly some wireless network cards and a few dedicated server / notebook network cards. 2. Generally, protocol filtering is optional unless you are familiar with the protocol type. 3. Set the size of the packet capture buffer to 1m. If the network you want to track is large, you can increase this value appropriately; In addition, if the CPU processing capacity of the tracking host is insufficient, it is also necessary to increase the buffer; Otherwise, packet loss may occur. 4. IP filtering in IP filtering, you can set the IP address you want to capture packets or the IP address you want to exclude. 5. In port filtering, you can set the port you want to capture packets or the port you want to exclude filtering. Packet capture analysis 1. Set packet capture filter items. The filter settings here and the "tracking task" filter settings are independent. Please do not confuse them. There are more optional items. Among the above options, the most complex one is the "data block matching" part. The detailed description will appear in the following chapters. Here, you only need to configure the correct network card. Other options can be set without any settings. IP packet playback 1. It helps to understand the geographical distribution of the original packet communication. 2. By putting IP packets back on the network card, the transmission of original IP packets on the network is simulated, which can also be captured and analyzed by similar packet capturing software. Communication protocol analysis packet capture preparation packet capture analysis toolbar: before starting packet capture, the user needs to set the filter. The options include: select a network card. If you have multiple network cards, you need to select a network card that can capture packets to the expected data. Protocol filtering is aimed at Internet communication. The common IP packet types are tcp/udp/icmp. Most of them are TCP connections, such as HTTP (s) /smtp/pop3/ftp/telnet, etc; In addition to TCP communication, some chat software also adopts UDP transmission mode, such as qq/skype; The common ICMP package is generated by the customer's Ping. IP filtering "IP filtering" is most commonly used in packet capture filtering. IP matching is mainly divided into two types: first, without communication direction, it is simply range matching, as shown in the "from:to" type in the above figure; The other is one-to-one matching with communication direction, as shown in the above figure "lt; --gt;" Type, which matches not only the IP address, but also the direction of the source IP and destination IP of the communication. Port filtering "port filtering" only applies to two types of dod-ip packets: tcp/udp. The data area size "data area size" matches all dod-ip packets. However, it should be noted that the IP data area of tcp/udp is calculated from the actual data area position, while the part immediately following the IP packet header is regarded as the data area for other types. Data block matching "data block matching" is complex but very useful Here, the user can enter text or binary, and can select the matching at a specific position or at any position. In short, this setting is very flexible and easy to use. End condition by default, when the captured packet occupies more than 10m of space, it will automatically stop.
This document contains the following attachments:
chartdir40.dll
Decode. dll
Infoapi. dll
JmLib. dll
Packet. dll
TrackNet. dll
wlgx. dll
Instructions for use txt
tcpinfo. dat
office2007.cjstyles
IPAnalyse. exe
config
ETC
Iptool packet capturing tool)