因爲須要調試pc服務器打印膠片和設備上直接打印膠片之間的區別,研發要求我抓包分析2者之間的差異,可是很快面臨一個問題,我沒有權限動交換機的權限,他們也沒有在交換機上配置端口鏡像,因而只好去找小HUB,淘汰了塊10幾年的集線器,這個幾乎快被遺忘的網絡設備,因爲他是共享網絡,容易形成網絡事故,不少場地上是禁止使用的,可是他是網絡抓包的好工具。。。我找遍每個角落,都找不到小hub,因而乎讓北京的同事給我快遞一個過來,惋惜EMS再次發揚國企的老大做風,都4天了,我等到花兒都謝了,個人快遞還沒到,沒辦法,只好另想辦法。。。服務器
- C:\Program Files\WinPcap>rpcapd.exe -h
- USAGE:
- rpcapd [-b <address>] [-p <port>] [-6] [-l <host_list>] [-a <host,port>]
- [-n] [-v] [-d] [-s <file>] [-f <file>]
- -b <address>: the address to bind to (either numeric or literal).
- Default: it binds to all local IPv4 addresses
- -p <port>: the port to bind to. Default: it binds to port 2002
- -4: use only IPv4 (default both IPv4 and IPv6 waiting sockets are used)
- -l <host_list>: a file that keeps the list of the hosts which are allowed
- to connect to this server (if more than one, list them one per line).
- We suggest to use literal names (instead of numeric ones) in order to
- avoid problems with different address families
- -n: permit NULL authentication (usually used with '-l')
- -a <host,port>: run in active mode when connecting to 'host' on port 'port'
- In case 'port' is omitted, the default port (2003) is used
- -v: run in active mode only (default: if '-a' is specified, it accepts
- passive connections as well
- -d: run in daemon mode (UNIX only) or as a service (Win32 only)
- Warning (Win32): this switch is provided automatically when the service
- is started from the control panel
- -s <file>: save the current configuration to file
- -f <file>: load the current configuration from file; all the switches
- specified from the command line are ignored
- -h: print this help screen
咱們點擊「Add Remote Interface」,彈出添加遠程接口的窗口:網絡
咱們在host裏面填入remote端的IP,端口時2002,若是不知道能夠從rcapd的參數裏面看到服務的端口號,若是你在開remote端的服務沒有加-n參數的話,這裏須要輸入用戶名和密碼,而後點擊"OK"就能夠了,最後的頁面應該是這樣的:socket
上面能夠看到3塊網卡,由於我這裏的remote端由2個網卡,本機一塊網卡,因此有3快,我吧要抓包的那塊網卡勾上,而後點擊下面的start按鈕,就能夠開始抓包了。。。ide
呵呵,抓包配置基本到此爲止,最後附上一張抓到包後的截圖作爲收尾:工具