The following post from the WinPcap user list gives details on how to configure a Windows box to capture local traffic (i.e. traffic between two entities running on the same machine).
I have used this in a few scenarios and the instructions seem to work in a typical machine configuration. I am SURE there are lots of people who can benefit from this info, so I recommend it get added to the Windows-specific section of the FAQ.
The instructions can be simplified to:
------------------------------ Get your {IP} and {MAC} addresses from the command:
ipconfig /all
Using those two bits of info, use the following two commands to change your local routing rules to force packets "on to the wire" where Wireshark can sniff them:
route add {IP} {IP} arp -s {IP} {MAC}
For example:
c:/> ipconfig /all Ethernet adapter Local Area Connection:
本文介绍如何在Windows系统上配置捕获同一台计算机上两个实体之间的本地流量。通过使用ipconfig/all获取IP和MAC地址,并利用route和arp命令更改本地路由规则,使Wireshark等工具能够捕获这些通常不发送到网络接口的数据包。
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
