首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全工具>嗅探器>软件详细 软件名称： 　packetStorm1.2.rar 文件类型： 　 界面语言： 　简体中文 软件类型： 　国产软件 运行环境： 　WinNT/2K/Xp 授权方式： 　共享软件 软件大小： 　27K 软件等级： 　★★★★☆ 发布时间： 　2006-02-08 官方网址： shanleiguang@he.chinamobile.co 作者：vitter 演示网址： 软件说明：   简单的协议分析脚本，可用于学习TCP/IP协议和Perl编程。       //--\\       //           __          //--\      //   //      //   /==    //           //___/     //---//\ /-- //== /-- =/= \\__ =/= /-/ /\\   /\/\     /    //-\\__// \_/__  /_     ///__/_/_/  \\_//\/\\   _/                         ___//             //    \\ #帮助菜单 C:\Perl\scripts\Packetstorm>packetStorm.pl -?     >>packetStorm.pl, V1.3         -?|-h|--help        print help #打印帮助         -l|--list_device    list supported device #列出系统支持的设备         -v|--verbose        print more information #打印更多数据         -p|--promisc        enable promisc #使用混杂模式         -n|--counter        capture counter #抓包数量         -t|--pretty_table   enable pretty table #使用文本表格方式打印结果         -d|--device         select device #选择抓包设备         -e|--eth_type       eth_type, arp or ip(default) #设置帧协议类型，arp 或ip         -i|--ip_proto       ip_proto, icmp udp or tcp(default) #设置三层协议类型            --arp_spa        ARP, source protocol address #以下为各协议支持的Caputer Filters            --arp_tpa        ARP, target protocol address            --arp_pa         ARP, src/target protocol address            --arp_opcode     ARP, opcode, 1(Request) 2(Reply)            --src_ip         IP, source ip            --dest_ip        IP, destination ip            --host           IP, src/dest ip            --icmp_type      ICMP, icmp type            --src_port       TCP/UDP, source port            --dest_port      TCP/UDP, destination port            --port           TCP/UDP, src/dest port            --tcp_flag       TCP, tcp flag                 by shanleiguang@he.chinamobile.com, 2006/01 #列出当前系统支持的网络设备 C:\Perl\scripts\Packetstorm>packetStorm.pl -l     +-----------------------------------------------------------------------------------+     | Supported Devices                                                                 |     +---+------+------------------------------------------------------------------------+     | 1 | dev  | \Device\NPF_GenericDialupAdapter                                       |     +---+------+------------------------------------------------------------------------+     |   | desc | Generic dialup adapter                                                 |     +---+------+------------------------------------------------------------------------+     | 2 | dev  | \Device\NPF_{5981D162-D83C-4E2E-9057-3C1420D0D650}                     |     +---+------+------------------------------------------------------------------------+     |   | desc | Intel(R) PRO/100 VE Network Connection (Microsoft's Packet Scheduler)  |     +---+------+------------------------------------------------------------------------+ #选择2号设备，分析ARP协议包 C:\Perl\scripts\Packetstorm>packetStorm.pl -d 2 --eth_type arp     +-----------------------------------------------------------------------------------+     | Selected Device                                                                   |     +---+------+------------------------------------------------------------------------+     | 2 | dev  | \Device\NPF_{5981D162-D83C-4E2E-9057-3C1420D0D650}                     |     +---+------+------------------------------------------------------------------------+     |   | desc | Intel(R) PRO/100 VE Network Connection (Microsoft's Packet Scheduler)  |     +---+------+------------------------------------------------------------------------+ 2006/02/07 11:14:44 , packets are storming... [1]. 00:E0:FC:47:85:45->00:00:00:00:00:00, xxx.xxx.xxx.33->xxx.xxx.xxx.58, ARP_REQUEST [2]. 00:E0:FC:47:85:45->00:00:00:00:00:00, xxx.xxx.xxx.33->xxx.xxx.xxx.40, ARP_REQUEST [3]. 08:00:46:CD:DE:A3->00:00:00:00:00:00, xxx.xxx.xxx.60->xxx.xxx.xxx.34, ARP_REQUEST [4]. 00:11:F9:C8:59:F1->08:00:46:CD:DE:A3, xxx.xxx.xxx.34->xxx.xxx.xxx.60, ARP_REPLY #选择2号设备，将设备设置到promisc模式，分析ARP协议包，打印更多数据、采用表格方式输出 C:\Perl\scripts\Packetstorm>packetStorm.pl -d 2 -vpt --eth_type arp     +-----------------------------------------------------------------------------------+     | Selected Device                                                                   |     +---+------+------------------------------------------------------------------------+     | 2 | dev  | \Device\NPF_{5981D162-D83C-4E2E-9057-3C1420D0D650}                     |     +---+------+------------------------------------------------------------------------+     |   | desc | Intel(R) PRO/100 VE Network Connection (Microsoft's Packet Scheduler)  |     +---+------+------------------------------------------------------------------------+ 2006/02/07 11:31:08 , packets are storming... =No.1===========================================================================     +----------------------------------------------+     | Ethernet Frame Header                        |     +-------------------+-------------------+------+     | src_mac           | dest_mac          | type |     +-------------------+-------------------+------+     | 00:E0:FC:47:85:45 | FF:FF:FF:FF:FF:FF | 2054 |     +-------------------+-------------------+------+     +------------------------------------------------------+     | ARP Header                                           |     +--------+-------------------+-----+-------------------+     | sha    | 00:E0:FC:47:85:45 | tha | 00:00:00:00:00:00 |     +--------+-------------------+-----+-------------------+     | spa    | xxx.xxx.xxx.33    | tpa | xxx.xxx.xxx.40    |     +--------+-------------------+-----+-------------------+     | opcode | ARP_REQUEST       | -   | -                 |     +--------+-------------------+-----+-------------------+ ... .... #设置抓包总数为4，打印源地址或目的地址为xxx.xxx.xxx.33的ICMP消息 C:\Perl\scripts\Packetstorm>packetStorm.pl -d 2 -n 4 -vp --ip_proto icmp host xxx.xxx.xxx.33     +-----------------------------------------------------------------------------------+     | Selected Device                                                                   |     +---+------+------------------------------------------------------------------------+     | 2 | dev  | \Device\NPF_{5981D162-D83C-4E2E-9057-3C1420D0D650}                     |     +---+------+------------------------------------------------------------------------+     |   | desc | Intel(R) PRO/100 VE Network Connection (Microsoft's Packet Scheduler)  |     +---+------+------------------------------------------------------------------------+ 2006/02/07 11:31:52 , packets are storming... [1]. xxx.xxx.xxx.60->xxx.xxx.xxx.33, proto:1(ICMP), type:8(Echo) code:0      data:abcdefghijklmnopqrstuvwabcdefghi [2]. xxx.xxx.xxx.33->xxx.xxx.xxx.60, proto:1(ICMP), type:0(Echo Reply) code:0      data:abcdefghijklmnopqrstuvwabcdefghi [3]. xxx.xxx.xxx.60->xxx.xxx.xxx.33, proto:1(ICMP), type:8(Echo) code:0      data:abcdefghijklmnopqrstuvwabcdefghi [4]. xxx.xxx.xxx.33->xxx.xxx.xxx.60, proto:1(ICMP), type:0(Echo Reply) code:0      data:abcdefghijklmnopqrstuvwabcdefghi #分析端口为80有关的TCP数据包，并解析HTTP请求和响应 C:\Perl\scripts\Packetstorm>packetStorm.pl -d 2 -vp --port 80     +-----------------------------------------------------------------------------------+     | Selected Device                                                                   |     +---+------+------------------------------------------------------------------------+     | 2 | dev  | \Device\NPF_{5981D162-D83C-4E2E-9057-3C1420D0D650}                     |     +---+------+------------------------------------------------------------------------+     |   | desc | Intel(R) PRO/100 VE Network Connection (Microsoft's Packet Scheduler)  |     +---+------+------------------------------------------------------------------------+ 2006/02/07 11:32:28 , packets are storming... [1]. xxx.xxx.xxx.60:1461->64.233.189.104:80, proto:6(TCP)      flags:2(SYN), seq:1803756956, ack:0 [2]. 64.233.189.104:80->xxx.xxx.xxx.60:1461, proto:6(TCP)      flags:18(ACK|SYN), seq:3270740938, ack:1803756957      ? (Unknown code) [3]. xxx.xxx.xxx.60:1461->64.233.189.104:80, proto:6(TCP)      flags:16(ACK), seq:1803756957, ack:3270740939 [4]. xxx.xxx.xxx.60:1461->64.233.189.104:80, proto:6(TCP)      flags:24(ACK|PSH), seq:1803756957, ack:3270740939      GET /intl/zh-CN/ HTTP/1.1      Connection: Keep-Alive      Accept: */*      Accept-Encoding: gzip, deflate      Accept-Language: zh-cn      Host: www.google.com      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)      Cookie: rememberme=true; SID=DQAAAG0AAABo695dhiPsrgNSPcjGe5QC9Lu9zghZ2fYaqGluOEgt-hDchwjTLWd80w kzmIS0laQfP2lHARL07ftgnlJWGB3QcekxL2me_RYeTS5bYVA9Oy3icUWk3eMrZFkkKhi9jY8IvTwO2QRqgOenSwxi6Z0C; PREF =ID=c169eba93e0c57bd:NW=1:TM=1139126941:LM=1139126941:GM=1:S=1N_Yf11M0uzWcd6J #分析目的端口为23的TCP数据包，并使用Telnet协议进行解析和打印（注意用户名和密码！） C:\Perl\scripts\Packetstorm>packetStorm.pl -d 2 -vp --dest_port 23 .... By shanleiguang@he.chinamobile.com, 2006/01 下载地址： 进入下载地址列表 下载说明： ☉推荐使用网际快车下载本站软件，使用 WinRAR v3.10 以上版本解压本站软件。 ☉如果这个软件总是不能下载的请点击报告错误,谢谢合作!! ☉下载本站资源，如果服务器暂不能下载请过一段时间重试！ ☉如果遇到什么问题，请到本站论坛去咨寻，我们将在那里提供更多 、更好的资源！ ☉本站提供的一些商业软件是供学习研究之用，如用于商业用途，请购买正版。 [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热门软件 ·可以说是最好的嗅探器——Sniffe ·libpcap-0.8.3.tar.gz ·arpspoof.3.1.src.zip ·ARPSniffer ·SQLServerSniffer.rar ·arpspoof.2.1.zip ·scripts 2 exe.rar ·Iris4.00.2 ·arpsniffer.c.txt ·packetStorm.rar ·tcpdump-3.8.3.tar.tar   相关软件 ·arpspoof.2.1.zip ·packetStorm.rar ·libpcap-0.8.3.tar.gz ·tcpdump-3.8.3.tar.tar ·arpsniffer.c.txt ·Iris4.00.2 ·SQLServerSniffer.rar ·可以说是最好的嗅探器——Sniffe ·ARPSniffer ·arpspoof.3.1.src.zip ·scripts 2 exe.rar     推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved