在 Linux 上捕获网络流量
问:我有一台 Windows 笔记本电脑、一台 Linux 笔记本电脑和一个无线路由器。
现在我想“研究”hotmail/windows live 协议。 我想要做的是将网络流量从Windows笔记本电脑通过以太网路由到Linux笔记本电脑,在Linux计算机上捕获它,将其无线转发到路由器,从Linux计算机上的路由器接收hotmail响应并将其转发到视窗计算机。
我该怎么做? 本质上,是在 Windows 笔记本电脑和路由器之间切换 Linux 笔记本电脑,以捕获网络流量?
哪个程序最适合捕获/分析? 请注意,无论出于何种原因,在 Windows 计算机上使用 winpcap 进行数据包捕获不起作用......
Question: I have one Windows laptop, one Linux laptop and a wireless router.
Now I want to "investigate" the hotmail/windows live protocol.
What I want to do is route network traffic from the windows laptop via ethernet to the linux laptop, capture it on the Linux computer, forward it wirelessly to the router, receive the hotmail response from the router on the linux computer and forward it to the windows computer.
How do I do that?
In essence, switching the Linux laptop between the Windows laptop and the router, to capture network traffic ?
Which program is best for capturing/analysing ?
Please note that for whatever reason, packet capturing with winpcap on the windows computer doesn't work...
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
当然可以这样做,看看wireshark
Of course you can do this, take a look at wireshark
man tcpdump
在我的 Mac 上,我这样做:
sudo tcpdump -ien1 -s0 -xX -vvv
我不知道跨平台的 tcpdump 选项有多相似......
请注意,tcpdump 还允许您捕获到 pcap 文件,然后将其导入到 Wireshark 或其他 GUI 工具中。
man tcpdump
On my Mac, I do it like this:
sudo tcpdump -ien1 -s0 -xX -vvv
I don't know how similar tcpdump options are across platforms...
Note, tcpdump also allows you to capture to a pcap file that could then be imported to Wireshark and maybe other gui tools.
正如其他人提到的,您可以使用wireshark(了解如何使用过滤器删除日志中不必要的数据包)。如果您的 Windows 和 Linux 机器位于同一网络上,则不需要该设置来嗅探数据包。除非您使用 ndiswrapper,否则您可能可以将 Linux 机器上的无线网络设备设置为“监视模式”,它会嗅探 LAN 上的所有数据包。如果您的设备不支持该模式,您可以尝试将两个盒子物理连接到路由器。这将帮助您避免问题中描述的路由。
As others have mentioned, you can use wireshark (find out how to use filters to remove unnecessary packets in your log). If your Windows and Linux box are on the same network, you do not need that setup to sniff packets. Unless you are using ndiswrapper, you would probably be able to set the wireless network device on the Linux box to "monitor mode" and it will sniff all packets on your LAN. If your device does not support that mode, you can try connecting both boxes to your router physically. That will help you avoid the routing you described in your question.