RawCap.exe --help
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
D:\rawcap>RawCap.exe --help NETRESEC RawCap version 0.1.5.0 http: //www .netresec.com
Usage: RawCap.exe [OPTIONS] <interface_nr> <target_pcap_file> OPTIONS: -f Flush data to file after each packet (no buffer)
-c <count> Stop sniffing after receiving <count> packets
-s <sec> Stop sniffing after <sec> seconds
INTERFACES: 0. IP : 192.168.1.103
NIC Name : 无线网络连接
NIC Type : Wireless80211
1. IP : 169.254.134.220
NIC Name : 本地连接 2
NIC Type : Ethernet
2. IP : 169.254.94.64
NIC Name : Bluetooth 网络连接
NIC Type : Ethernet
3. IP : 127.0.0.1
NIC Name : Loopback Pseudo-Interface 1
NIC Type : Loopback
Example: RawCap.exe 0 dumpfile.pcap |
使用RawCap监听本地回环接口
TCP, UDP and ICMP packets can, however, all be sniffed properly from localhost on newer operating systems like Windows Vista and Windows 7.
方式一:
1
2
3
4
5
|
D:\rawcap>RawCap.exe 3 localhost_capture.pcap Unable to enter promiscuous mode (RCVALL_ON), using RCVALL_SOCKETLEVELONLY. Sniffing IP : 127.0.0.1 File : localhost_capture.pcap Packets : 0 |
方式二:
1
2
3
4
5
|
D:\rawcap>RawCap.exe 127.0.0.1 localhost_capture.pcap Unable to enter promiscuous mode (RCVALL_ON), using RCVALL_SOCKETLEVELONLY. Sniffing IP : 127.0.0.1 File : localhost_capture.pcap Packets : 0 |
方式三:
1
2
3
4
5
6
7
8
9
10
11
12
|
D:\rawcap>RawCap.exe Interfaces: 0. 192.168.1.103 无线网络连接 Wireless80211
1. 169.254.134.220 本地连接 2 Ethernet
2. 169.254.94.64 Bluetooth 网络连接 Ethernet
3. 127.0.0.1 Loopback Pseudo-Interface 1 Loopback
Select interface to sniff [default '0' ]: 3
Output path or filename [default 'dumpfile.pcap' ]: localhost_capture.pcap
Unable to enter promiscuous mode (RCVALL_ON), using RCVALL_SOCKETLEVELONLY. Sniffing IP : 127.0.0.1 File : localhost_capture.pcap Packets : 0 |
Unable to enter promiscuous mode
通过上面的结果,可以看到这个提示Unable to enter promiscuous mode (RCVALL_ON), using RCVALL_SOCKETLEVELONLY.
根据我的测试也不能监听localhost。就是因为Unable to enter promiscuous mode (RCVALL_ON), using RCVALL_SOCKETLEVELONLY.这个原因。
看网上说cmd不是以管理员身份运行的,但我以管理员身份运行后还是不能有这个提示,并不能监听到localhost。
暂时无解。。。。。。。。