分析从我的计算机发出的数据包 [英] Analyse packets going out of my computer

问题描述

每当我在浏览器中打开一个网站时，我都希望看到从我的计算机发出的数据包.我想这样做是为了检查浏览器上的代理扩展程序如何加密信息.

Whenever I open a website in my browser, I want to see the packet that is going out of my computer. I want to do this to check how the proxy extension on my browser is encrypting the information.

有没有办法检查从我的 NIC 发出的数据包?

Is there a way to check the packet that is going out of my NIC?

推荐答案

一些嗅探器工具，如 tcpdump 或 wireshark 可能会帮助你.

Some sniffer tool like tcpdump or wireshark may help you.

Wireshark 更容易，具有良好的 GUI 和易于学习的高级过滤规则，分析数据包各个级别的每个数据包，将数据包保存到外部文件中，从外部文件加载，过滤原型协议和更高级的用法.

Wireshark is easier, with a good GUI and easy to learn and advanced filtering rules, analyse each packet on all levels of the packet, save packets into external files, load from external files, filter prototyped protocols and more advanced usage.

tcpdump 快速且有用，但与wireshark GUI 相比，它需要更多的学习.但是，对于命令行来说，这是一个非常好的解决方案，随时可以使用.

tcpdump is fast and useful but it will require a little bit more learning than wireshark GUI. But, is a really good solution for command line, ready to use.

wirshark 的简单步骤:

A simple step-by-step for wirshark:

1. 安装wireshark
2. 使用 root/admin 权限打开它
3. 选择目标网卡
4. 单击开始"以启动数据包嗅探器
5. 在这个新窗口中，您将看到一个连续数据包的列表——通过选择的 NIC

6. 在此窗口的顶部，您有一个过滤字段.举个例子，你可以写下来:

1. Install wireshark
2. Open it with root/admin permissions
3. Choose the target NIC
4. Click on 'Start' for start packet sniffer
5. On this new window, you will see a list of continous packets passing--through chosen NIC

6. On the top of this window, you have a filtering field. By example, you can write down on it:

tcp.port == 443 和 ip.addr = 10.0.0.106

tcp.port == 443 and ip.addr = 10.0.0.106

然后，只显示符合此规则的数据包

Then, only packets matching this rule will be shown

在这个例子中，我们过滤了所有通过 TCP 端口 443 (SSL) 的流量，甚至在地址 10.0.0.106 下有目标(请求)和源(响应)主机.

On this example, we are filtering all traffic passing by TCP port 443 (SSL) and have even target (request) and source (response) host under address 10.0.0.106.

可以通过mac-addresses过滤，每个数据包下有很多参数，协议特定参数等等.

It is possible filter by mac-addresses, and a lot of parameters under each packet, protocol specific parameters, and a lot of things.

这篇关于分析从我的计算机发出的数据包的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！