.net 可以捕获环回流量的 Windows 数据包嗅探器?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/46376/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Windows packet sniffer that can capture loopback traffic?
提问by McKenzieG1
(This is a followup to my previous questionabout measuring .NET remoting traffic.)
(这是我之前关于测量 .NET 远程处理流量的问题的后续。)
When I am testing our Windows service / service controller GUI combination, it is often most convenient to run both pieces on my development box. With this setup, the remoting traffic between the two is via loopback, not through the Ethernet card.
当我测试我们的 Windows 服务/服务控制器 GUI 组合时,在我的开发箱上运行这两个部分通常是最方便的。通过这种设置,两者之间的远程流量是通过环回,而不是通过以太网卡。
Are there any software packet sniffers that can capture loopback traffic on a WinXP machine? Wiresharkis a great package, but it can only capture external traffic on a Windows machine, not loopback.
是否有任何软件数据包嗅探器可以捕获 WinXP 机器上的环回流量?Wireshark是一个很棒的软件包,但它只能捕获 Windows 机器上的外部流量,不能捕获环回。
回答by Erik
What you should do is to run RawCap, which is a sniffer that can capture traffic to/from the loopback interface in Windows. Just start it with "RawCap.exe 127.0.0.1 loopback.pcap".
您应该做的是运行 RawCap,它是一个嗅探器,可以捕获进出 Windows 环回接口的流量。只需使用“RawCap.exe 127.0.0.1 loopback.pcap”启动它。
You can then open up loopback.pcap in Wireshark or NetworkMinerto look at the network traffic.
然后你可以在 Wireshark 或NetworkMiner 中打开 loopback.pcap来查看网络流量。
You can find RawCap here: http://www.netresec.com/?page=RawCap
您可以在这里找到 RawCap:http: //www.netresec.com/?page=RawCap
Good Luck!
祝你好运!
回答by Peter K.
I second the Microsoft Network Monitor(though this link works better at the time of writing) suggestion from Thomas Owens. Also, this postsuggests that to get the loopback address, try doing:
我支持来自 Thomas Owens的Microsoft 网络监视器(尽管此链接在撰写本文时效果更好)建议。另外,这篇文章建议要获取环回地址,请尝试执行以下操作:
route add <Your Machine's IP> <Your Router's IP>
route add <你的机器的IP> <你的路由器的IP>
This takes locally-generated packets for the local interface and sends them off to your router... which sends them back.
这会为本地接口获取本地生成的数据包,并将它们发送到您的路由器……路由器将它们发回。
NOTE:To get your machine back to normal operation, make sure you delete the route when you're finished using:
注意:要使您的机器恢复正常运行,请确保在完成使用后删除路由:
route delete <Your Machine's IP>
route delete <你机器的IP>
回答by Eric Z Beard
回答by Thomas Owens
I'm not sure if it can or not, but have you looked at Microsoft Network Monitor? It mightbe an option.
我不确定它是否可以,但是您是否看过Microsoft Network Monitor?这可能是一个选择。
回答by SilverViper
Did you try to install the MS Loopback Adapter and try sniffing on that adapter with you favorite sniffing application?
您是否尝试安装 MS Loopback Adapter 并尝试使用您最喜欢的嗅探应用程序嗅探该适配器?
Also if I remember correctluy NAI Sniffer linkdid use to have loopback sniffing capabilities, but it's been a while I used either solution...
另外,如果我记得正确的 NAI Sniffer链接确实用于具有环回嗅探功能,但是我已经有一段时间使用了任何一种解决方案......
回答by andrecarlucci
回答by Yang Luo
You should definitely try Npcap, it works perfectly with Wireshark to capture loopback traffic in Windows, see here: https://wiki.wireshark.org/CaptureSetup/Loopback
您绝对应该尝试 Npcap,它与 Wireshark 完美配合以捕获 Windows 中的环回流量,请参见此处:https://wiki.wireshark.org/CaptureSetup/Loopback
