Board logo

标题: windows命令行抓包tcpdump netsh [打印本页]

作者: linda    时间: 2021-6-9 19:35     标题: windows命令行抓包tcpdump netsh

netsh trace start capture=yes report=disabled
。。。
netsh trace stop

etl2pcapng.exe "C:\Users\yfhu\AppData\Local\Temp\NetTraces\NetTrace.etl" 1.pcap


https://github.com/microsoft/etl2pcapng
https://www.sonicwall.com/support/knowledge-base/how-can-i-perform-a-packet-capture-in-windows-with-built-in-utility/170905204545360/

==============
Microolap TCPDUMP for Windows — Download
https://www.microolap.com/products/network/tcpdump/download/

以管理员身份运行:
tcpdump

列出全部网卡:
tcpdump -D

1.\Device\{2B90FA51-0A1A-43FF-B4C9-D6F595DDEA05} (Realtek RTL8822BE 802.11ac PCIe Adapter)
2.\Device\{4E029346-F271-4953-BBC8-E72AD49C0A48} (Microsoft Wi-Fi Direct Virtual Adapter)
3.\Device\{968BB362-A609-4346-A84E-A4C983CDF7DF} (Realtek PCIe GbE Family Controller)
4.\Device\{94214CFD-26E2-49CD-982C-E4829693647D} (Microsoft Wi-Fi Direct Virtual Adapter)

指定网卡抓包:
tcpdump -nnn -i 3 host 233.6.6.6 and udp

[ 本帖最后由 linda 于 2021-8-13 17:15 编辑 ]




欢迎光临 中神通公司技术论坛 (http://trustcomputing.com.cn/bbs/) Powered by Discuz! 6.0.0