NetXRay is a software developed by Cinco Networks for advanced packet error detection, which is very powerful. IP Address Query Tool
Main Function: Monitor network status and provide information for optimizing network performance: long-term capture, analysis of network performance based on statistical values.
Capture and decode packets in the network for fault analysis: Set the capture rules as accurately as possible for accurate analysis
NetXray is a commonly used sniffer and a powerful one. Software, he has a common sniffing function, and is easy to use. Let's take a look at his specific usage and steps:
1, the overall outline
Because NetXray is in English, it is a headache for friends who hate E-text. So it's necessary to understand the general rack: NetXray's main interface:
The menu bar has six options, namely file, capture, packet, and tool ( Tools), windows, and help.
Its toolbar contains most of the functions, in order: Open, Save, Print, Abort, Back to the first package (First Packet), Previous (Previous), Next (Next), Last Packet, Dashboard, Capture Panel, Packet Generator, Display Host Table, etc.
Most of NetXray's features can be implemented using the buttons in the toolbar.
2, determine the target
Click: Capture Filter Setting in the Capture menu, click Profilems to select New, enter the following dialog (Figure 2), enter First in the New Profile Name, to Default Select OK for the template, then select Done, enter First in the New Profile Name, select OK with Default as the template, and then Done.
Set to filter all the packets whose destination IP is xxx.xxx.xxx.xxx, that is, point to Any input: xxx.xxx.xxx.xxx, you can start capturing packets now, and use IE to log in. The IP will find that the pointer in the NetXray window is moving. When he prompts you to filter the packet, you can stop capturing the packet.
Select a packet whose destination IP is xxx.xxx.xxx, select Packetà Edit Display Filte in the menu bar, select "Data Pattern", select "Add Pattern", and select 8080 in the TCP layer. For the target port, use the mouse to select "set data" and enter "TCP" in the name. Click OK, OK, and then select "Apply Display Filter" in the Packet. In the future, filtering with the proxy rule will filter only the packets whose destination IP address is xxx.xxx.xxx.xxx and the destination port is 8080.
3, set the conditions (ports)
Determine the target, first set the conditions for sniffing: select: Filter Settingà Data Pattern, for example: Filtering Bbs (port 2323) IP package, first select the first line, adjust to OR with Toggle AND/OR, select Edit Pattern as shown below (Figure 3), set in the pop-up dialog box: Packet 34 2 Hex System), fill in 0913 from the beginning (because the decimal 2323 corresponds to hexadecimal 0x0913), while the IP packet uses the network byte order and the high byte is at the low address. Named beginbbs, click OK, select Edit Pattern again, Packet 36 2 Hex Start from the top 09 13 named endbbs, click OK. So there are two leaves under the outermost OR, corresponding to two Patterns.
4, the actual start
NetXray's so-called advanced protocol filtering is actually port filtering, using the method described above to specify the source port and target port are filtered 0x00 0x17 (23), you can reach The same effect as specifying telnet filtering. Because telnet is port 23, if you want to capture a non-standard telnet communication, you must specify port filtering yourself.
If you are analyzing the telnet protocol and restoring the screen display, you only need to capture the data from the server to the client. Because the password is not echoed, the password cannot be captured under this filtering rule. Use NetXray to grab the client to server package and specify the PASS keyword.
The setting method is as follows: First specify the IP filtering rule, Captureà Capture Filter Setting… set to any <--> any to capture the password as much as possible. Then add a filter mode, Packet 54 4 Hex 0x50 41 53 53, add another filter mode, Packet 54 4 Hex 0x70 61 73 73. Both are or modes because this keyword is not case sensitive in network transmission. The rest is waiting for the password to come.
Note that you don't have to specify a specific advanced protocol to filter. You can specify the filtering IP protocol family directly. In this way, the ftp/pop3 password is easy to see.
As we all know, the main program of IE browser is Iexplore.exe, and like many software, we can also
With the increase of user awareness, MyIE2 this multi-page browser has gradually entered the ranks o
1 after downloading the other does not need to change, are the system default. Press and hold F2 whi
Love fast soft routing is a free soft routing software, it has higher hardware requirements! However
How to solve the problem that the brand machine can't GHOST system
Why can't the webpage be opened? Reasons and solutions for the webpage not being able to open
After the uninstallation of Jinshan Express, the encrypted disk error solution
WeChat phone book free call how to call free
How does BT download software penetrate firewall
Baidu map picking coordinate system how to use
Outlook mail picture can not be displayed how to do
Five strokes to get Outlook 2003 group mail function
Where is the WeChat sound lock? How to set up WeChat sound lock login settings tutorial
Use IE8 browser to use multiple users to access
Children's health online has a coup Win8 control Internet settings tutorial
Where is the win7 graphics hardware acceleration set?
360 browser is hijacked how to do 360 browser hijacked solution
It is not recommended to use landscaping software in Win7 system
WinXP disk can not access and free space 0 bytes how to solve
Replace Vista? Windows 7 Preview Edition full trial