What is a packet capture tool?
A packet capture tool is software that intercepts and views the contents of network packets. The main features are as follows:
1. Provide a packet analysis function similar to Sniffer, detailed split IP structure content, one-to-one marking of the IP structure items and the original binary data, to bring you a deeper understanding of the TCP/IP protocol, is a good network protocol analysis learning tool.
2. Analyze ports and communications for games, stock software, chat software, and more.
3. Find the IP packets you want from a large number of IP packets. Tracknet packet capture part provides a wealth of filtering options, the user by its flexible settings, can intercept all kinds of sensitive data packets.
What does a packet grabber tool do
The packet grabber tool is software that intercepts the contents of packets viewing the network.
How to use
The following according to the network virus have to scan the network address of the characteristics of the introduction of a very practical method: use the grab bag tool to find the source of the virus.
1. Install the packet grabber tool. The purpose is to use it to analyze the contents of network packets. Find a free or trial version of the packet capture tool is not difficult, Sniffer, wireshark, WinNetCap.WinSockExpert are currently popular packet capture tool, I used a packet capture tool called SpyNet3.12, very small, running speed is also very fast. After installation, we have a packet capture host. You can use SpyNet to set the type of packet capture, such as whether to capture IP packets or ARP packets, you can also set more detailed filtering parameters according to the different destination address.
2. Configure network routing. Does your router have a default gateway? If so, where does it point to? Pointing the default gateway to another router during a virus outbreak is dangerous (unless you want to paralyze that router). In some enterprise networks, it is common to only point to routes within the network address segment without a default route, so point the default route to the packet-catching host (if it doesn’t go to hell, who will?). Of course, the performance of this host had better be a little higher, otherwise it is easy to die by the impact of the virus). This will allow the vast majority of scans sent out by those virus hosts to be automatically delivered to your door. Or image the network’s egress to a packet-catching host, and all externally-accessed network packets will be analyzed.
3. Start the packet capture. The capture host has been set up and the packets have been sent over from the network, so let’s see what is actually being transmitted over the network. Open SpyNet click Capture you will see a lot of data is displayed, these are the captured packets (Figure).
The main window in the figure shows the packets captured. It lists the serial number, time, source-destination MAC address, source-destination IP address, protocol type, and source-destination port number of the captured packet. It is easy to see that the host with IP address 10.32.20.71 has sent access requests to a large number of different hosts within a very short period of time, and the destination ports are all 445.
4. Identify the infected host. From the packet captures, host 10.32.20.71 is suspect. First of all, let’s look at the destination IP address. Do these addresses exist in our network? It is very likely that the network does not have these network segments. Secondly, is it possible for an accessing host to initiate so many access requests in such a short period of time under normal circumstances? Is it normal to make dozens or even hundreds of connection requests in a millisecond? Obviously there must be something wrong with this 10.32.20.71 host. Further confirming our judgment by understanding the Microsoft-DS protocol, which is vulnerable to denial-of-service attacks, the connection port is 445. This made it easy to find the IP address of the infected host. The only thing left to do is to patch the host operating system to kill the virus.
What is the role of the packet capturer
Packet capture (packetcapture) is the network transmission of sent and received packets for interception, retransmission, editing, dumping and other operations, but also used to check network security. So what is the role of packetcapture utility?
1, the real content of network communications;
2, network failure analysis;
3, program network interface analysis;
4, Trojan Horse communication data content.
The above is all about what role the packet grabber has.