昨天在抓虾的时候,有个博主推荐了好软件:Microsoft Network Monitor 3.1,听说是很好用,于是今天在微软官方网站上下了一个,装上一看,不会用(以前没用过之类的软件),于是点击help,一看,全是英文,虽然小弟我英语学得还不赖,但是这些都是专业词汇啊,没办法,查:
帮助原文如下:
How to Capture Network Traffic with Network Monitor
The information in this article applies to:
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Datacenter Server
Microsoft Windows NT Server 3.1
Microsoft Windows NT Server 3.5
Microsoft Windows NT Server 3.51
Microsoft Windows NT Server 4.0
Microsoft Windows NT Workstation 3.1
Microsoft Windows NT Workstation 3.5
Microsoft Windows NT Workstation 3.51
Microsoft Windows NT Workstation 4.0
Microsoft Windows NT Advanced Server 3.1
Microsoft Windows 95
Microsoft Windows 98
Microsoft SNA Server for Windows NT 2.1
Microsoft SNA Server for Windows NT 2.11
Microsoft LAN Manager to Windows NT Advanced Server Upgrade
Microsoft Systems Management Server 1.0
Microsoft Systems Management Server 1.1
Microsoft Systems Management Server 1.2
Microsoft LAN Manager 2.x
Microsoft TCP/IP-32 for Windows for Workgroups 3.11
Microsoft TCP/IP-32 for Windows for Workgroups 3.11a
Microsoft TCP/IP-32 for Windows for Workgroups 3.11b
Microsoft Windows for Workgroups 3.11
Microsoft Internet Information Server 1.0
This article was previously published under Q148942
SUMMARY
The purpose of this article is to provide you with the information needed to capture network traffic from a local area network using Microsoft's Network Monitor. The text of this article comes directly from the Network Monitor's Help file and should be referenced for more detailed instructions.
MORE INFORMATION
Network Monitor is a network diagnostic tool that monitors local area networks and provides a graphical display of network statistics. Network administrators can use these statistics to perform routine trouble- shooting tasks, such as locating a server that is down, or that is receiving a disproportionate number of work requests. While collecting information from the network's data stream, Network Monitor displays the following types of information:
The source address of the computer that sent a frame onto the network. (This address is a unique hexadecimal (or base-16) number that identifies that computer on the network.)
The destination address of the computer that received the frame.
The protocols used to send the frame.
The data, or a portion of the message being sent.
The process by which Network Monitor collects this information is called capturing. By default, Network Monitor gathers statistics on all the frames it detects on the network into a capture buffer, which is a reserved storage area in memory. To capture statistics on only a specific subset of frames, you can single out these frames by designing a capture filter. When you have finished capturing information, you can design a display filter to specify how much of the information that you have captured will be displayed in Network Monitor's Frame Viewer window.
To use Network Monitor, your computer must have a network card that supports promiscuous mode. If you are using Network Monitor on a remote machine, the local workstation does not need a network adapter card that supports promiscuous mode, but the remote computer does.
To capture across networks, or to preserve local resources, use the Network Monitor Agent to capture information using a remote Windows NT computer. When you capture remotely, the Network Monitor Agent gathers statistics from a remote computer, and then sends these statistics to your local computer, where they are displayed in a local Network Monitor window.
Once data has been captured either locally or remotely, the data can be saved to a text or a capture file, and can be opened and examined at a later time.
NOTE: The core functionality of Network Monitor, described in Help, is supported by Microsoft Product Support Services. Network-dependent tasks, such as interpreting data that you capture from your network, are not supported. The Network Monitor Agent is supported for Windows NT, but is unsupported on Windows 3.1 and Windows for Workgroups workstations.
Creating an Address List
To use address pairs in a Capture filter, you should first build an address database. Once this database is built, you can use the addresses listed in the database to specify address pairs in a capture filter.
To create an address list, follow these steps:
From the Capture menu, select Start. Optionally, open a .cap file in the Frame Viewer window.
When you have finished capturing, select Stop and View from the Capture menu to display the Frame Viewer window.
From the Display menu, select Find All Names. Network Monitor processes the frames, then adds them to the address database.
Close the Frame Viewer window, and display the Capture window.
From the Capture menu, select Filter to display the Capture filter dialog box.
In the Capture Filter dialog box, double-click on the Address Pairs line. Or, choose Address in the Add groupbox.
Network Monitor displays the address database you have created. You can use the names in this database to specify address pairs in the Capture filter.
Capturing Data Between Two Computers
To monitor traffic between two computers, follow these steps:
From the Capture menu, choose Filter to display the Capture Filter dialog box.
Double-click on the ANYANY line to display the Address Expression dialog box.
In the left window of the Address Expression dialog box, select the address of a computer.
In the right window of the Address Expression dialog box, select the address of a computer.
When you have done this, choose the Next button at the top of this window for more instructions.
In the Direction window, of the dialog box, choose one of the symbols:
Choose the symbol to monitor the traffic that passes in either direction between the addresses that you have selected.
Choose the --> symbol to monitor only the traffic that passes from the address selected in the left window to the address selected in the right window.
Choose OK.
In the Capture Filter dialog box, choose OK.
From the Capture menu, choose Start.
Saving Captured Data
Use the Save As command to save capture statistics to a capture file or to save changes to capture files that you have modified. Later, to view frames saved to file, you can open this file and display the statistics in Network Monitor's Frame Viewer window.
To save the captured frames to a capture file or text file:
Do one of the following:
On the Toolbar, click the File Save button.
-or-
From the File menu, choose Save As.
Do one the following:
To save the file to the current drive and directory, in the File Name box, specify a file name and an extension. If you are saving a file that you have modified, you cannot save it under its original name in the same directory.
To save the file to a network share to which you are not connected, choose the Network button, and then use the Connect Network Drive dialog box to establish the connection.
To save the file to a different drive or directory, do the following:
In the Drives box, select a new drive.
In the Directories box, select a new directory.
Type the file name.
To save only those frame statistics that meet the specifications of the current display filter, choose Filtered.
This option is available only if you are saving data from the Frame Viewer window.
To save a particular range of frames, type the beginning and ending frame numbers in the From and To boxes.
Choose OK.
NOTE: When a range of frames is saved to a capture file, the numbers associated with the frames are changed; in a capture file, frame numbers always begin with 1, regardless of the number associated with the original frame. Similarly, if you apply a display filter, and then save the filtered frames, the frame numbers in the capture file begin with 1. If, however, you use the Print to File option in the Print dialog box, the original frame numbers associated with the frames are preserved.
Tracing in a WAN Environment
Sometimes, you may be asked to make a capture of network traffic between two specific computers that are separated by one or more routers. In these cases, the support professional may want to analyze all network traffic between the first computer and its nearest router, and all network traffic between the second computer and its nearest router. Most of the time, this is done to check whether or not network packets are being lost or corrupted somewhere between the routers. To make these traces consistent and to be able to read these traces simultaneously, the system clocks must be synchronized between the two computers prior to making the trace. Use the following steps to synchronize time between two computers:
Choose the computer against which to synchronize the time.
From the other computer, type the command
net time \\ComputerName /set /yes
where ComputerName is the name of the computer from step 1.
Verify the computers have the same time by typing TIME at each one.
Proceed with the trace.
Finding Media Access Control Addresses
If the computer to be monitored is running:
An MS-DOS-based network client, run MSD at that computer.
Windows for Workgroups 3.11 (running TCP/IP), type IPCONFIG /ALL from the command line.
Windows 95, run WINIPCFG from the command line at the local workstation.
MacOS, Open Appletalk Control Panel. Select User Mode from Edit Menu, change mode to Advanced. Appletalk Control Panel now reveals Info button. Click this button to obtain the MAC address
Windows NT, at the local console, use one of these options:
NET CONFIG SERVER from the command line
IPCONFIG /ALL from the command line
IPXROUTE config from the command line
arp -a from the command line
Getmac.exe from the Windows NT Resource Kit
WinMSD
Windows NT, remotely, run Getmac.exe from the Windows NT Resource Kit
翻译如下:该如何用网络显示器取得网络流量
在这一个制品的信息适用于:
微软公司 Windows 2000 服务器
微软公司 Windows 2000 高阶服务器
微软公司 Windows 2000 职业的
微软公司 Windows 2000 资料处理中心服务器
微软公司视窗 NT 服务器 3.1
微软公司视窗 NT 服务器 3.5
微软公司视窗 NT 服务器 3.51
微软公司视窗 NT 服务器 4.0
微软公司视窗 NT 工作站 3.1
微软公司视窗 NT 工作站 3.5
微软公司视窗 NT 工作站 3.51
微软公司视窗 NT 工作站 4.0
微软公司视窗 NT 增加了服务器 3.1
微软公司 Windows 95
微软公司 Windows 98
微软公司 SNA 服务器作为视窗 NT 2.1
微软公司 SNA 服务器作为视窗 NT 2.11
微软公司区域网络经理对视窗 NT 高阶服务器升级
微软公司系统管理服务器 1.0
微软公司系统管理服务器 1.1
微软公司系统管理服务器 1.2
微软公司区域网络经理 2. x
微软公司传输控制协议/IP-32 作为 Windows for Workgroups 3.11
微软公司传输控制协议/IP-32 为 Windows for Workgroups 3.11 一
微软公司传输控制协议/IP-32 作为 Windows for Workgroups 3.11 b
微软公司 Windows for Workgroups 3.11
微软公司英特网信息服务器 1.0
The information in this article applies to:
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Datacenter Server
Microsoft Windows NT Server 3.1
Microsoft Windows NT Server 3.5
Microsoft Windows NT Server 3.51
Microsoft Windows NT Server 4.0
Microsoft Windows NT Workstation 3.1
Microsoft Windows NT Workstation 3.5
Microsoft Windows NT Workstation 3.51
Microsoft Windows NT Workstation 4.0
Microsoft Windows NT Advanced Server 3.1
Microsoft Windows 95
Microsoft Windows 98
Microsoft SNA Server for Windows NT 2.1
Microsoft SNA Server for Windows NT 2.11
Microsoft LAN Manager to Windows NT Advanced Server Upgrade
Microsoft Systems Management Server 1.0
Microsoft Systems Management Server 1.1
Microsoft Systems Management Server 1.2
Microsoft LAN Manager 2.x
Microsoft TCP/IP-32 for Windows for Workgroups 3.11
Microsoft TCP/IP-32 for Windows for Workgroups 3.11a
Microsoft TCP/IP-32 for Windows for Workgroups 3.11b
Microsoft Windows for Workgroups 3.11
Microsoft Internet Information Server 1.0
This article was previously published under Q148942
SUMMARY
The purpose of this article is to provide you with the information needed to capture network traffic from a local area network using Microsoft's Network Monitor. The text of this article comes directly from the Network Monitor's Help file and should be referenced for more detailed instructions.
MORE INFORMATION
Network Monitor is a network diagnostic tool that monitors local area networks and provides a graphical display of network statistics. Network administrators can use these statistics to perform routine trouble- shooting tasks, such as locating a server that is down, or that is receiving a disproportionate number of work requests. While collecting information from the network's data stream, Network Monitor displays the following types of information:
The source address of the computer that sent a frame onto the network. (This address is a unique hexadecimal (or base-16) number that identifies that computer on the network.)
The destination address of the computer that received the frame.
The protocols used to send the frame.
The data, or a portion of the message being sent.
The process by which Network Monitor collects this information is called capturing. By default, Network Monitor gathers statistics on all the frames it detects on the network into a capture buffer, which is a reserved storage area in memory. To capture statistics on only a specific subset of frames, you can single out these frames by designing a capture filter. When you have finished capturing information, you can design a display filter to specify how much of the information that you have captured will be displayed in Network Monitor's Frame Viewer window.
To use Network Monitor, your computer must have a network card that supports promiscuous mode. If you are using Network Monitor on a remote machine, the local workstation does not need a network adapter card that supports promiscuous mode, but the remote computer does.
To capture across networks, or to preserve local resources, use the Network Monitor Agent to capture information using a remote Windows NT computer. When you capture remotely, the Network Monitor Agent gathers statistics from a remote computer, and then sends these statistics to your local computer, where they are displayed in a local Network Monitor window.
Once data has been captured either locally or remotely, the data can be saved to a text or a capture file, and can be opened and examined at a later time.
NOTE: The core functionality of Network Monitor, described in Help, is supported by Microsoft Product Support Services. Network-dependent tasks, such as interpreting data that you capture from your network, are not supported. The Network Monitor Agent is supported for Windows NT, but is unsupported on Windows 3.1 and Windows for Workgroups workstations.
Creating an Address List
To use address pairs in a Capture filter, you should first build an address database. Once this database is built, you can use the addresses listed in the database to specify address pairs in a capture filter.
To create an address list, follow these steps:
From the Capture menu, select Start. Optionally, open a .cap file in the Frame Viewer window.
When you have finished capturing, select Stop and View from the Capture menu to display the Frame Viewer window.
From the Display menu, select Find All Names. Network Monitor processes the frames, then adds them to the address database.
Close the Frame Viewer window, and display the Capture window.
From the Capture menu, select Filter to display the Capture filter dialog box.
In the Capture Filter dialog box, double-click on the Address Pairs line. Or, choose Address in the Add groupbox.
Network Monitor displays the address database you have created. You can use the names in this database to specify address pairs in the Capture filter.
Capturing Data Between Two Computers
To monitor traffic between two computers, follow these steps:
From the Capture menu, choose Filter to display the Capture Filter dialog box.
Double-click on the ANYANY line to display the Address Expression dialog box.
In the left window of the Address Expression dialog box, select the address of a computer.
In the right window of the Address Expression dialog box, select the address of a computer.
When you have done this, choose the Next button at the top of this window for more instructions.
In the Direction window, of the dialog box, choose one of the symbols:
Choose the symbol to monitor the traffic that passes in either direction between the addresses that you have selected.
Choose the --> symbol to monitor only the traffic that passes from the address selected in the left window to the address selected in the right window.
Choose OK.
In the Capture Filter dialog box, choose OK.
From the Capture menu, choose Start.
Saving Captured Data
Use the Save As command to save capture statistics to a capture file or to save changes to capture files that you have modified. Later, to view frames saved to file, you can open this file and display the statistics in Network Monitor's Frame Viewer window.
To save the captured frames to a capture file or text file:
Do one of the following:
On the Toolbar, click the File Save button.
-or-
From the File menu, choose Save As.
Do one the following:
To save the file to the current drive and directory, in the File Name box, specify a file name and an extension. If you are saving a file that you have modified, you cannot save it under its original name in the same directory.
To save the file to a network share to which you are not connected, choose the Network button, and then use the Connect Network Drive dialog box to establish the connection.
To save the file to a different drive or directory, do the following:
In the Drives box, select a new drive.
In the Directories box, select a new directory.
Type the file name.
To save only those frame statistics that meet the specifications of the current display filter, choose Filtered.
This option is available only if you are saving data from the Frame Viewer window.
To save a particular range of frames, type the beginning and ending frame numbers in the From and To boxes.
Choose OK.
NOTE: When a range of frames is saved to a capture file, the numbers associated with the frames are changed; in a capture file, frame numbers always begin with 1, regardless of the number associated with the original frame. Similarly, if you apply a display filter, and then save the filtered frames, the frame numbers in the capture file begin with 1. If, however, you use the Print to File option in the Print dialog box, the original frame numbers associated with the frames are preserved.
Tracing in a WAN Environment
Sometimes, you may be asked to make a capture of network traffic between two specific computers that are separated by one or more routers. In these cases, the support professional may want to analyze all network traffic between the first computer and its nearest router, and all network traffic between the second computer and its nearest router. Most of the time, this is done to check whether or not network packets are being lost or corrupted somewhere between the routers. To make these traces consistent and to be able to read these traces simultaneously, the system clocks must be synchronized between the two computers prior to making the trace. Use the following steps to synchronize time between two computers:
Choose the computer against which to synchronize the time.
From the other computer, type the command
net time \\ComputerName /set /yes
where ComputerName is the name of the computer from step 1.
Verify the computers have the same time by typing TIME at each one.
Proceed with the trace.
Finding Media Access Control Addresses
If the computer to be monitored is running:
An MS-DOS-based network client, run MSD at that computer.
Windows for Workgroups 3.11 (running TCP/IP), type IPCONFIG /ALL from the command line.
Windows 95, run WINIPCFG from the command line at the local workstation.
MacOS, Open Appletalk Control Panel. Select User Mode from Edit Menu, change mode to Advanced. Appletalk Control Panel now reveals Info button. Click this button to obtain the MAC address
Windows NT, at the local console, use one of these options:
NET CONFIG SERVER from the command line
IPCONFIG /ALL from the command line
IPXROUTE config from the command line
arp -a from the command line
Getmac.exe from the Windows NT Resource Kit
WinMSD
Windows NT, remotely, run Getmac.exe from the Windows NT Resource Kit
翻译如下:该如何用网络显示器取得网络流量
在这一个制品的信息适用于:
微软公司 Windows 2000 服务器
微软公司 Windows 2000 高阶服务器
微软公司 Windows 2000 职业的
微软公司 Windows 2000 资料处理中心服务器
微软公司视窗 NT 服务器 3.1
微软公司视窗 NT 服务器 3.5
微软公司视窗 NT 服务器 3.51
微软公司视窗 NT 服务器 4.0
微软公司视窗 NT 工作站 3.1
微软公司视窗 NT 工作站 3.5
微软公司视窗 NT 工作站 3.51
微软公司视窗 NT 工作站 4.0
微软公司视窗 NT 增加了服务器 3.1
微软公司 Windows 95
微软公司 Windows 98
微软公司 SNA 服务器作为视窗 NT 2.1
微软公司 SNA 服务器作为视窗 NT 2.11
微软公司区域网络经理对视窗 NT 高阶服务器升级
微软公司系统管理服务器 1.0
微软公司系统管理服务器 1.1
微软公司系统管理服务器 1.2
微软公司区域网络经理 2. x
微软公司传输控制协议/IP-32 作为 Windows for Workgroups 3.11
微软公司传输控制协议/IP-32 为 Windows for Workgroups 3.11 一
微软公司传输控制协议/IP-32 作为 Windows for Workgroups 3.11 b
微软公司 Windows for Workgroups 3.11
微软公司英特网信息服务器 1.0
这一个制品先前依据 Q148942 规定被公布
一览
这一个制品的目的将提供不可或缺的使用微软公司的网络显示器取得来自一个区域网络的网络流量的信息给您。 这一个制品的主文直接地从网络被提出显示器的辅助文件而且应该是叁考的作为比较详细的指令。
较多的信息
网络显示器是监督区域网络,而且提供一个网络统计表的图解式显示装置的一个网络诊断的工具。 网络系统管理师能使用这些统计表执行例行的故障排除任务,像是设置下的一个服务器, 或那正在收到一个土木工程请求的不成比例数目。 当收来自网络的数据流的信息的时候, 网络监察显示器信息的下列类型:
在网络之上寄送了一个架框的计算机的根源位址。 (这位址是一个独特的十六进位 (或碱-16) 数目认明在网络上的那一部计算机.)
计算机的目标位址哪一收讫架框。
协定过去习惯于派遣架框。
数据, 或信息的一个嫁奁被寄送。
程序在哪一个之前网络显示器收这信息被呼叫捕获。 预先设定地,网络显示器在它进入一个捕获缓冲区,在存储器是一个用作储备的储存区之内在网络上发现的所有的架框上收集统计表。 为了要在只有一个架框的特定子集上取得统计表,您能藉由设计一个捕获滤波器选出这些架框。 当您已经最后加工取得信息的时候, 您能设计一个显示装置滤波器叙述多少信息,您已经取得遗嘱在网络被显示显示器的架框检视器窗囗。
一览
这一个制品的目的将提供不可或缺的使用微软公司的网络显示器取得来自一个区域网络的网络流量的信息给您。 这一个制品的主文直接地从网络被提出显示器的辅助文件而且应该是叁考的作为比较详细的指令。
较多的信息
网络显示器是监督区域网络,而且提供一个网络统计表的图解式显示装置的一个网络诊断的工具。 网络系统管理师能使用这些统计表执行例行的故障排除任务,像是设置下的一个服务器, 或那正在收到一个土木工程请求的不成比例数目。 当收来自网络的数据流的信息的时候, 网络监察显示器信息的下列类型:
在网络之上寄送了一个架框的计算机的根源位址。 (这位址是一个独特的十六进位 (或碱-16) 数目认明在网络上的那一部计算机.)
计算机的目标位址哪一收讫架框。
协定过去习惯于派遣架框。
数据, 或信息的一个嫁奁被寄送。
程序在哪一个之前网络显示器收这信息被呼叫捕获。 预先设定地,网络显示器在它进入一个捕获缓冲区,在存储器是一个用作储备的储存区之内在网络上发现的所有的架框上收集统计表。 为了要在只有一个架框的特定子集上取得统计表,您能藉由设计一个捕获滤波器选出这些架框。 当您已经最后加工取得信息的时候, 您能设计一个显示装置滤波器叙述多少信息,您已经取得遗嘱在网络被显示显示器的架框检视器窗囗。
为了要使用网络显示器,您的计算机一定有一个支援杂乱的模态的网络卡。 如果您正在一个间接的机器上使用网络显示器,局部的工作站不需要网络转接器支援杂乱的模态的卡,但是间接的计算机做。
在整个网络捕获, 或保护地方资源, 使用网络显示器代理程式使用一部间接的视窗 NT 计算机取得信息。 当您很远地捕获的时候,网络显示器代理程式收集来自一部间接的计算机的统计表, 然后将这些统计表派遣到他们在一个局部的网络显示器窗囗中被显示的您的局部计算机。
一经数据已经被地方性地或很远地取得,数据能被把一个主文或者一个捕获文件存档到, 而且能在稍后被开启而且审讯。
注意: 网络显示器的核心部官能性质,在辅助被描述,被微软公司产品支援服务支援。 网络-依赖的任务,像是解释您从您的网络捕获的数据,没被支援。 网络显示器代理程式为视窗 NT 被支援, 但是在 Windows 3.1 和 Windows for Workgroups 工作站上被不支持。
创造位址列表
为了要在一个捕获滤波器中使用位址对, 您应该第一建造一个位址数据库。 一经这一个数据库被建造,您能使用在数据库中的位址面市的在一个捕获滤波器中叙述位址对。
创造位址列表
为了要在一个捕获滤波器中使用位址对, 您应该第一建造一个位址数据库。 一经这一个数据库被建造,您能使用在数据库中的位址面市的在一个捕获滤波器中叙述位址对。
为了要产生一个位址列表, 遵从这些踏步:
从捕获画面,选择启动。 可选择地,开启一。在架框检视器窗囗中加帽于文件。
当您已经最后加工捕获的时候,选择从捕获画面阻塞而且检视显示架框检视器窗囗。
从显示装置画面,选择找所有的名字。 网络显示器处理架框,然后把他们加入位址数据库。
关闭架框检视器窗囗, 而且显示捕获窗囗。
从捕获画面,选择过滤显示捕获滤波器对话盒。
在捕获滤波器对话盒中,在位址对线上点两下。 或, 在添加 groupbox 中选择位址。
网络监察显示器位址您已经建立的数据库。 您能使用在这一个数据库中的名字在捕获滤波器中叙述位址对。
取得在二部计算机之间的数据
为了要监督在二部计算机之间的流量, 遵从这些踏步:
从捕获画面,选择滤波器显示捕获滤波器对话盒。
在 ANYANY 线上点两下显示位址展示语句对话盒。
在位址展示语句对话盒的左窗囗中,选择计算机的位址。
在位址展示语句对话盒的正确窗囗中,选择计算机的位址。
当您已经做这的时候,在这一个窗囗的顶选择最近的按钮作为较多的指令。
在对话盒的方向窗囗中选择符号之一:
选择符号监督在您已经选择的位址之间的任一方向通过的流量。
选择那 --> 符号只监督从对在右边的窗囗中被选择的位址在左窗囗中被选择的位址通过的流量。
选择全对。
在捕获滤波器对话盒中,选择好。
从捕获画面,选择开始。
储存取得了数据
当做指令使用节省把对一个捕获文件的捕获统计表存档而且把改变存档取得文件您已经修改。 稍后, 检视架框把锉存档, 您能在网络显示器架框检视器窗囗开启这一个文件而且显示统计表。
从捕获画面,选择启动。 可选择地,开启一。在架框检视器窗囗中加帽于文件。
当您已经最后加工捕获的时候,选择从捕获画面阻塞而且检视显示架框检视器窗囗。
从显示装置画面,选择找所有的名字。 网络显示器处理架框,然后把他们加入位址数据库。
关闭架框检视器窗囗, 而且显示捕获窗囗。
从捕获画面,选择过滤显示捕获滤波器对话盒。
在捕获滤波器对话盒中,在位址对线上点两下。 或, 在添加 groupbox 中选择位址。
网络监察显示器位址您已经建立的数据库。 您能使用在这一个数据库中的名字在捕获滤波器中叙述位址对。
取得在二部计算机之间的数据
为了要监督在二部计算机之间的流量, 遵从这些踏步:
从捕获画面,选择滤波器显示捕获滤波器对话盒。
在 ANYANY 线上点两下显示位址展示语句对话盒。
在位址展示语句对话盒的左窗囗中,选择计算机的位址。
在位址展示语句对话盒的正确窗囗中,选择计算机的位址。
当您已经做这的时候,在这一个窗囗的顶选择最近的按钮作为较多的指令。
在对话盒的方向窗囗中选择符号之一:
选择符号监督在您已经选择的位址之间的任一方向通过的流量。
选择那 --> 符号只监督从对在右边的窗囗中被选择的位址在左窗囗中被选择的位址通过的流量。
选择全对。
在捕获滤波器对话盒中,选择好。
从捕获画面,选择开始。
储存取得了数据
当做指令使用节省把对一个捕获文件的捕获统计表存档而且把改变存档取得文件您已经修改。 稍后, 检视架框把锉存档, 您能在网络显示器架框检视器窗囗开启这一个文件而且显示统计表。
把那存档取得了对一个捕获文件或文字档的架框:
做跟随之一:
在工具栏上,点一下文件节省按钮。
做跟随之一:
在工具栏上,点一下文件节省按钮。
-或-
从文件画面,选择节省当做。
做一跟随:
把对在文件名字方格的目前磁盘和目录的文件存档叙述一个文件名字和一个扩充。 如果您正在储存您已经修改的一个文件,您依据相同的目录它的原来名字规定不能够把它存档。
把对您不被连接到,选择网络按钮的一个网络股份的文件存档, 然后使用那连接网络磁盘对话盒创立联接。
为了要把对一个不同的磁盘或者目录的文件存档, 做跟随:
在磁盘方格中,选择一个新的磁盘。
在目录方格中,选择一个新的目录。
键入文件名字。
只把那些架框统计表存档哪一会目前显示装置滤波器的规范, 选择过滤。
只有当如果您正在储存来自架框检视器窗囗的数据,这选择项是有效的。
为了要把一个特定类型的架框存档, 键入开始和终止架框编号在那从和对方格。
选择全对。
注意: 当多种的架框被把一个捕获文件存档到的时候,与架框的非正式会员的数目被改变; 在一个捕获文件中,架框编号总是由 1 开始,不管与原来的架框一起非正式会员的数目。 同样地,如果您提出申请一个显示装置滤波器, 然后把被过滤的架框存档, 在捕获文件的架框编号由 1 开始. 如果, 然而,您使用纹在纹对话盒中锉选择项,与架框的非正式会员的原来的架框编号被保护。
为了要把一个特定类型的架框存档, 键入开始和终止架框编号在那从和对方格。
选择全对。
注意: 当多种的架框被把一个捕获文件存档到的时候,与架框的非正式会员的数目被改变; 在一个捕获文件中,架框编号总是由 1 开始,不管与原来的架框一起非正式会员的数目。 同样地,如果您提出申请一个显示装置滤波器, 然后把被过滤的架框存档, 在捕获文件的架框编号由 1 开始. 如果, 然而,您使用纹在纹对话盒中锉选择项,与架框的非正式会员的原来的架框编号被保护。
广域网环境的图底
有时,您可能被要求作在被一或较多路由器分开的二部特定的计算机之间的一个网络流量的捕获。 在这些情况,支援职业的可能想要分析第一部计算机和它最近的路由器、和第二部计算机和它最近的路由器之间的所有的网络流量之间的所有的网络流量。 大部份的时间, 这是完成了核对是否网络小包正在路由器之间被某处遗失或使腐化。 为了要使这些扫掠线一致和能够同时发生地读这些扫掠线,系统时钟在制造扫掠线之前一定在这二部计算机之间被同步化。 使用的下列步骤同步化在二部计算机之间的时间:
选择计算机防止哪一个同步化时间。
从另一个计算机,键入指令
有时,您可能被要求作在被一或较多路由器分开的二部特定的计算机之间的一个网络流量的捕获。 在这些情况,支援职业的可能想要分析第一部计算机和它最近的路由器、和第二部计算机和它最近的路由器之间的所有的网络流量之间的所有的网络流量。 大部份的时间, 这是完成了核对是否网络小包正在路由器之间被某处遗失或使腐化。 为了要使这些扫掠线一致和能够同时发生地读这些扫掠线,系统时钟在制造扫掠线之前一定在这二部计算机之间被同步化。 使用的下列步骤同步化在二部计算机之间的时间:
选择计算机防止哪一个同步化时间。
从另一个计算机,键入指令
净时间
\\ComputerName/组 /赞成票
在 ComputerName 是来自第 1 踏步的计算机的名字的地方。
确认计算机藉由在每一个打字时间有同一个时间。
继续扫掠线。
调查结果广告媒介使用控制位址
如果要监督的计算机正在运行:
一个以 MS-DOS 为基础的网络用户端,在那一部计算机运行 MSD 。
Windows for Workgroups 3.11(正在运行中的传输控制协议/IP), 键入 IPCONFIG/全部从指令行。
Windows 95,在局部的工作站运行来自指令行的 WINIPCFG 。
MacOS, 开启苹果电脑区域网路控制板。 来自编辑画面的选择从属模态, 改变模态到增加。 苹果电脑区域网路控制板现在揭露信息按钮。 点一下这一个按钮获得雨衣位址
在局部的控制台的视窗 NT 使用这些选择项之一:
来自指令行的网络配置服务器
IPCONFIG/所有的从指令行
来自指令行的 IPXROUTE 配置
arp-一从指令行
来自视窗 NT 资源套件的 Getmac.exe
WinMSD
视窗 NT ,很远地,运行来自视窗 NT 的 Getmac.exe 资源套件
现在再来慢慢使用~~~~
确认计算机藉由在每一个打字时间有同一个时间。
继续扫掠线。
调查结果广告媒介使用控制位址
如果要监督的计算机正在运行:
一个以 MS-DOS 为基础的网络用户端,在那一部计算机运行 MSD 。
Windows for Workgroups 3.11(正在运行中的传输控制协议/IP), 键入 IPCONFIG/全部从指令行。
Windows 95,在局部的工作站运行来自指令行的 WINIPCFG 。
MacOS, 开启苹果电脑区域网路控制板。 来自编辑画面的选择从属模态, 改变模态到增加。 苹果电脑区域网路控制板现在揭露信息按钮。 点一下这一个按钮获得雨衣位址
在局部的控制台的视窗 NT 使用这些选择项之一:
来自指令行的网络配置服务器
IPCONFIG/所有的从指令行
来自指令行的 IPXROUTE 配置
arp-一从指令行
来自视窗 NT 资源套件的 Getmac.exe
WinMSD
视窗 NT ,很远地,运行来自视窗 NT 的 Getmac.exe 资源套件
现在再来慢慢使用~~~~
本文转自 victoryan 51CTO博客,原文链接:http://blog.51cto.com/victoryan/33926
