Okay, I won't let your asynchronous port smoke. I am not saying that nmcap must be simple and easy to use. In fact, it is not difficult to use. however, any command line tool has its shortcomings. isn't the GUI invented to make up for this deficiency?
Nmcap makes automatic crawling easier. also, it allows you to provide scripts to others, which is easier than teaching a person how to use them. I don't know how many people have tried to instruct their parents, friends, or customers by phone or email, but I certainly understand the difficulty of teaching others. "double-click it faster, mom... oh, no, it's not there. Click on something that looks a little spider! "
Nmcap is a tool running in the command line. It allows you to set various options, how to start, how to close, what to catch, where to catch, and various other variables. this allows you to write scripts and get exactly what you want when others capture packets.
Nmcap is...
How can I stop my trace at the end of my process?
======================================
Another nmcap makes it easy to useProgramIs automation. you often want to start or end a trace under certain conditions. because you cannot directly communicate with nmcap, you need to tell it to start or end when a certain condition occurs. this means that you can ping an address to make the result trigger your capture stop action. this is the key to automated crawling background technology.
Scenario: You need to start a capture, run your test, and stop capture.
-------------------------------------
Now, we want your application to call blah.exe. this task requires two different processes. run nmcap to capture the trace and find the conditions for stopping the capture. The other process is your testing application. our batch file looks like this.
Start nmcap/Network */capture/file T. CAP/stopwhen/frame (ipv4.address = ipconfig. local1_4address) and (ipv4.destinationaddress = 1.2.3.4)
Sleep 5
Blah.exe
Ping 1.2.3.4
We enable the running of nmcap by using the start command, so that nmcap runs in another process in another window (we can use/BParameters to make it run in the same window ).
The following parameter ,"/Network *"Tell NMCP to crawl on all NICs. You can also use numbers to select a specific network adapter. To list network adapter ing, you can enter the command"Nmcap/displaynetworks"
Parameters/Capture/file T. CapThis section describes where information is stored and how to use our capture filter. Here, we do not have a capture filter. If we want to provide one, we can/CaptureAdd a filter next to the parameter.
The last part ,"/Stopwhen/frame..."It is determined that the appropriate nmcap can be stopped. When used"/Frame"Parameter, this allows you to stop when a filter condition is met.
Once we see that a frame has passed the filter constraint, we will stop crawling and leave nmcap. we are looking for a filter. The sending IP address of this filter satisfies the local ipvr address, and the IPv4 destination address is 1.2.3.4.
The next line of the batch file is simply waiting for 5 seconds to ensure that nmcap can be started and prepared to capture packets. once five seconds are over, we call the application that wants to capture the Network Package for it. then, we issue the ping command waiting for nmcap to tell it to stop capturing.
It doesn't matter whether the ping address exists or not. at least on Windows machines, the ping command will be sent whether your target is valid or not. but you can still modify the packets you want to use to stop capturing. there is not only one way to generate the network communication packets you want to use as triggers.
Basic examples:
================================
Let's take a moment to take a look at some of the most basic and simple examples. The following command captures traces on all NICs without adding any filters.
Nmcap/Network */capture/file test. Cap
Now let's use the above command to add a filter to it. I want to exclude any communication on port 3389 because I know that my Terminal Server session runs on this port, and I don't want to see any such communication records in my trace.
Nmcap/Network */capture "! (TCP. Port = 3389) "/file test. Cap
You can use any complicated filter here. You can reference all protocols with parser. Unlike netmon2.x, you can only use part of the Protocol.
Stop and enable
================================
The default stop condition is to stop capturing when you press Ctrl + C or Ctrl + break. You can use the Parameter"/Stopwhen/keypress x"Or any other letter to stop capturing when the character is entered.
There are many enabling and stopping conditions. you can simply enable a network event to start the capture of nmcap. you can enable or stop crawling after a certain period of time by specifying"/Timeafter"Parameter. In this case, you provide a value and unit, for example"/Timeafter 30 mintues". Or use a time period instead, you can specify the absolute time, for example,"/time 10:30:00 am 9/10/2006 ". The time format depends on your region settings.
Capture file output, creating chained captures
==================================
When you use"/File"The parameter specifies the name of the file to be crawled. You will tell nmcap what typeFile FormatTo store the information you crawled. if you use ". cap "suffix, then we will store the captured data in a separate captured file, and the size of the file is limited to 20 mb. however, if you add a colon and a file size after the file name, you modify the default size settings. for example ,"/File T. Cap: 50 m", The maximum file size is 50 MB. once we reach the size limit, we will continue to crawl, but the file size will not grow (the previous capture will be lost ).
However, if you want to capture the link, you can use". CHN"Suffix. similarly, you can specify the size of each chain file by adding a colon and a number. when you use a chain to capture a file, their names will enclose a number in brackets to tell it the serial number in the captured file. for example ,"/File T. CHN: 1 m", Will create T (1). CHN and T (2). CHN and so on. Each file will be as large as 1 MB.
The cool nmcap trick is to use another capture file as the input source.
==================================
Nmcap also allows you to accept another capture file as input. this is very useful for clearing them before they are used. or you can only resolve the network communication on different ports or IP addresses. in the following example, test. the messages in the CAP file are sent to the network communication 10.0.0.1 and put in the c1.cap file.
Nmcap/inputcapture test. CAP/capture ipv4.address = 10.0.0.1/file c1.cap
Seeing more examples
==================================
Nmcap also accepts"/Examples"As a parameter, it will show you more examples to help you better understand different parameters. with so many capture options, you can meet your crawling needs.
Nmcap: the easy way to automate capturing
Http://blogs.technet.com/netmon/archive/2006/10/24/nmcap-the-easy-way-to-automate-capturing.aspx
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
