问题描述

我正在尝试使用 RawCap 来嗅探 Windows 本地主机.然而，与它的计费能力相反，它不起作用.我是这样开始的:

I am attempting to use RawCap to sniff Windows localhost. However, contrary to its billed ability to do so, it is not working. I am starting it as follows:

rawcap 127.0.0.1 echo.pcap

rawcap 127.0.0.1 echo.pcap

然后我运行了一个我编写的 echo TCP 客户端/服务器测试应用程序.我使用客户端通过 127.0.0.1 发送一些数据，它确实在服务器上打印并发送回客户端，在那里它也被打印.但是抓包文件是空的.

I then run a little echo TCP client / server test app I wrote. I use the client to send some data over 127.0.0.1, and it indeed gets printed on the server and sent back to the client, where it is also printed. Howver, the packet capture file is empty.

我在 Windows XP SP3 下运行.

I am running under Windows XP, SP3.

是否有人知道我需要采取任何其他步骤才能使其正常工作?

Is anybody aware of any other steps I need to take to get this to work?

2011 年 7 月 20 日添加的其他信息:我联系了生产 RawCap 的公司，他们建议确保我具有管理员权限，我尝试嗅探 ping 127.0.0.1，并尝试启用 telnet 并嗅探 telnet127.0.0.1.我确实有管理员权限，RawCap 看到 ping 数据包，但没有看到 telnet 数据包.我还尝试在另一台机器上嗅探 127.0.0.1，但也失败了.

Additional information added on 7/20/2011: I contacted the company that produces RawCap, and they suggested making sure that I have administrator privilege, that I try sniffing ping 127.0.0.1, and that I try enabling telnet and sniffing telnet 127.0.0.1. I do indeed have administrator privilege, RawCap sees ping packets, but it did not see telnet packets. I also tried sniffing 127.0.0.1 on another machine, and I failed there also.

最好的，戴夫

推荐答案

联系了 RawCap 的作者，他说我发现了一个 bug，Windows XP SP 3 无法嗅探 localhost 上的 TCP.他似乎不希望他能解决这个问题.如果有更多有用的信息出现，为了帮助社区，我会对此答案发表评论.

I've been in contact with the author of RawCap, and he indicated that I found a bug where Windows XP SP 3 can't sniff TCP on localhost. He does not seem hopeful that he can fix it. If any more useful information comes along, I will, in an attempt to help the community, comment on this answer.

这篇关于在 Windows XP、SP3 上使用 RawCap 嗅探本地主机的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！