问题描述
如何在Windows环境中,不安装第三方软件的情况下(使用Windows内置指令),如何抓取网络包呢?并且如何转换为Wireshark 格式呢?
操作步骤
1) 以管理员模式打开CMD,使用 netsh trace start capture=yes 命令开始抓取网络包,当需要停止时候,使用 netsh trace stop 指令。
## 开始抓取
netsh trace start capture=yes ## 停止抓取 netsh trace stop ####执行结果 C:\LBWorkSpace\tool\nettrace1\newworktrace>netsh trace start capture=yes Trace configuration: ------------------------------------------------------------------- Status: Running Trace File: C:\Users\xxxx\AppData\Local\Temp\NetTraces\NetTrace.etl Append: Off Circular: On Max Size: 512 MB Report: Off C:\LBWorkSpace\tool\nettrace1\newworktrace>netsh trace stop Merging traces ... done Generating data collection ... done The trace file and additional troubleshooting information have been compiled as "C:\Users\xxxx\AppData\Local\Temp\NetTraces\NetTrace.cab". File location = C:\Users\xxxx\AppData\Local\Temp\NetTraces\NetTrace.etl Tracing session was successfully stopped.
12-01 05:07