1、简介
首先要在我们需要被抓包的remote机器上确保安装了WinPcap,尽量找最新的版本,安装路径按默认即可。在remote端,进入命令行模式下,切换到winpcap的路径下:C:\Program Files\WinPcap,运行rpcapd -h,可以看到各个参数的用法,下面列出参数的用法:
C:\Program Files\WinPcap>rpcapd.exe -h
USAGE:
rpcapd [-b <address>] [-p <port>] [-6] [-l <host_list>] [-a <host,port>]
[-n] [-v] [-d] [-s <file>] [-f <file>]
-b <address>: the address to bind to (either numeric or literal).
Default: it binds to all local IPv4 addresses
-p <port>: the port to bind to. Default: it binds to port 2002
-4: use only IPv4 (default both IPv4 and IPv6 waiting sockets are used)
-l <host_list>: a file that keeps the list of the hosts which are allowed
to connec