winpcap和libpcap

winpcap

windows packet capture

WinPcap is the industry-standard tool for link-layer network access in Windows environments: it allows applications to capture and transmit network packets bypassing the protocol stack, and has additional useful features, including kernel-level packet filtering, a network statistics(统计) engine and support for remote packet capture.

WinPcap consists of a driver, that extends the operating system to provide low-level network access, and a library that is used to easily access the low-level network layers. This library also contains the Windows version of the well known libpcap Unix API.

Thanks to its set of features, WinPcap is the packet capture and filtering engine of many open source and commercial network tools, including protocol analyzers, network monitors, network intrusion detection systems, sniffers, traffic generators and network testers. Some of these networking tools, like Wireshark, Nmap, Snort, ntop are known and used throughout the networking community.

Winpcap.org is also the home of ??WinDump, the Windows version of the popular tcpdump tool??. WinDump can be used to watch, diagnose and save to disk network traffic according to various complex rules.

libpcap

libpcap, a portable(轻便的) C/C++ library for network traffic capture.

tcpdump

tcpdump, a powerful command-line packet analyzer

=====END=====

时间: 2024-09-20 16:24:23

winpcap和libpcap的相关文章

linux主机上编译安装rpcapd实现wireshark远程抓包功能

使用wireshark在远程linux系统抓包 简介 由于在做分布式HLR时,需要一边测试,一边抓取信令消息,而现在分布式HLR的系统都是采用linux,抓包可以使用tcpdump工具,不过感觉不是很方便.正好,之前的测试的同事,已经实现了使用笔记本上的wireshark远程抓包,而我以前对此没有做过了解,不是很懂,抽空在网上查了查资料,大概屡清楚了实现方法.实现远程抓包,主要借助winpacp这个软件中的rpcapd工具,这里就对在linux下的rpcapd工具的安装,使用和windows下的

win7远程抓包脚本

工作后日常的代码都是在linux服务器上运行,最近一遇到了很多https连接的问题,虽与机构沟通有https的各种细节,但总是会出现信息不对称的问题,因此https抓包是最有效的办法,握手流程就在那,更能方便说明问题.平时工作用的是Win7系统,只能利用工具远程抓包了,同时需要在linux服务器上安装一个抓包代理,rpcapd就是一个最佳的选择,可实现win7利用wireshark轻松抓包,直接上自动化脚本: #!/bin/bash install(){ echo "--------------

tcpreplay安装使用

#Author: ypguo#Data: 2010.4.23#Version:  1.2 增加了修改VLAN tag内容.                 1.1 修改了cygwin下安装的内容                 1.0 Initial Upload.[关键字]: tcpreplay, tcpprep, tcprewrite, libpcap, winpcap, linux, windows, cygwin[摘要]: 本文总结了tcpreplay的安装使用经验. 我是在cygwin

tcpreplay安装使用经验

tcpreplay安装使用经验 #Author: ypguo#Data: 2010.4.23#Version:  1.2 增加了修改VLAN tag内容.                 1.1 修改了cygwin下安装的内容                 1.0 Initial Upload.[关键字]: tcpreplay, tcpprep, tcprewrite, libpcap, winpcap, linux, windows, cygwin[摘要]: 本文总结了tcpreplay的安

网络包处理工具NetBee

What is NetBee? NetBee is a new library intended for several types of packet processing, such as packet sniffing and filtering, packet decoding, and traffic classification (not ready yet). NetBee provides a set of modules that can be used by applicat

wireshark抓取远程主机流量

    WireShark即能抓本地流量包,也可以抓取远程主机流量包[支持remote packet capture protocal(rpacapd)] 此篇讲解分别在基于Linux和Windows系统的主机上安装支持远程抓包的rpcapd服务,然后就可在本地电脑通过WireShark捕获远程主机流量了 一.Windows 上安装并启动rpcapd服务 (1)软件下载:https://www.winpcap.org/install/bin/WinPcap_4_1_3.exe,双击安装即可 (2

win10下wireshark监听远程服务器

1.官网下载wireshark默认安装即可(官网下载就是中文版) https://www.wireshark.org/download.html 2.Linux上安装WpcapSrc wget http://www.winpcap.org/install/bin/WpcapSrc_4_1_2.zip unzip WpcapSrc_4_1_2.zip cd winpcap/wpcap/libpcap chmod +x configure runlex.sh CFLAGS=-static ./con

网络报文抓取研究

1     引言 网络报文抓取是指通过对主机网络设备的探测,实现获取该网络当前传输的所有信息,并根据信息的源主机.目标主机.服务协议和端口等信息简单过滤掉不关心数据,然后提交给上层应用程序进行进一步处理. 2     网络数据包捕获原理 一个包捕获机制包含三个主要部分 1) 包捕获机制 不同的操作系统实现的底层包捕获机制可能是不一样的,但从形式上看大同小异.数据包常规的传输路径依次为网卡.设备驱动层.数据链路层.IP层.传输层.最后到达应用程序.而包捕获机制是在数据链路层增加一个旁路处理,对发送

Wireshark对远程Linux主机抓包

https://blog.csdn.net/a610786189/article/details/80436582 01 Linux rpcapd服务的安装yum install glibc-static gcc flex byacc -ywget http://www.winpcap.org/install/bin/WpcapSrc_4_1_2.zipunzip WpcapSrc_4_1_2.zipcd winpcap/wpcap/libpcapchmod +x configure runle