Iptool How to use

first, set the bag option

1, choose a good catch packet network card, left there are some other bag conditions to choose from, if the selected network card does not support the miscellaneous receive feature, the system prompts the appropriate information, and when this occurs, you will not be able to obtain a packet that is not related to this network card, in other words, you cannot get the communication packets between the other computers, so it is recommended that you replace the network card. "Miscellaneous receive" network cards are not supported, mostly as part of the wireless network card and a few dedicated server/notebook network adapters.

2. Protocol filtering

Typically, this is not a choice unless you are familiar with the protocol type.

3, set the bag buffer

The size of the trap buffer is 1M, if you want to track the size of the network, you can appropriately adjust the value; In addition, if the tracking host CPU processing capacity is not enough, you need to increase the buffer, otherwise, the situation may be lost packet.

4, IP filter

IP filter can set the IP address that wants to catch a package or set to exclude the IP address and so on information.

5. Port Filtration

Port filter filter can set the port that want to catch the package or set to exclude filtering port and so on information.

　　Second, the experience of "capture package analysis"

1, set the bag filter

Here the filter and "Tracking task" filter settings are separate, please do not confuse, the optional content of more. Click the "Filter" button.

The most complex of these options is the "Data Block matching" section, which will appear in the section below, where you only need to configure the correct network adapter, and the other options do not have any settings.

2, start the capture, click the "Start" button.

With these steps, you can basically experience the most basic features of the product.

　　Third, IP packet playback

The purpose of IP packet playback is to:

1, to help understand the original packet communication geographical distribution.

2, through the IP packet playback to the network card, simulation of the original IP packet transmission on the Internet, but also for the same kind of capture package software acquisition analysis.

　　Iv. Analysis of communication protocols

Catch Bag Preparation

Capture Analysis Toolbar:

Before starting the bag, the user needs to filter the settings, including the following options:

Select Network card

If you have more than one network card, you need to select the network card that catches the desired data.

Protocol filtering

For the Internet Communications Section, the common IP packet types are: tcp/udp/icmp. The vast majority of TCP connections, such as HTTP (s)/smtp/pop3/ftp/telnet, and so on, part of the chat software in addition to the use of TCP communication methods, but also used the transmission of UDP, such as Qq/skype; The common ICMP packets are generated by a customer ping. The Setup interface is as follows:

IP filtering

"IP Filtering" is the most common use of packet filtering, IP matching is mainly divided into two categories: one is not with the direction of communication, pure is the scope of the match, such as the "from:to" type in the above, the other is a one-to-one matching with the direction of communication, such as the "<->" type, not only match the IP address, Also matches the direction of the source IP and destination IP of the communication.

Port filtering

Port filtering is only for two types of DOD-IP packages: TCP/UDP.

Data area Size

The "Data area Size" match is for all DOD-IP type packages, but it should be explained that the IP data area of the TCP/UDP is calculated at the actual data area location, while the other types use the part immediately following the IP header as the data area.

　　V. Data block Matching

"Data block matching" is more complex, but it is very useful, and the Setup interface is as follows:

Here, users can enter text, you can enter binary, you can select a specific location of the match, you can choose any location matching, in short, this setting is very flexible and easy to use.

End condition

The following figure, by default, automatically stops when a captured packet takes up more than 10M of space.

Ending at a point in time means the deadline for a bag to be caught.

　　Vi. Analysis of Capture kits

After the user presses the Start button to start the Capture function, the list box automatically displays the eligible packets with simple parsing. Right click on the content, pop-up the following picture of the menu:

Select "Analyze" to show the following screen:

In the illustration above, the left and the lower-right sections are the results of the analysis, and the upper right is the original binary, and when you select an item on the left, the color block on the right binary area corresponds to its one by one.