一些嵌入式设备无法修改固件或者配置,但又想分析其网络访问,就不得不在路由器上抓包。
本文已openwrt为例,配合pc端wireshark软件,说明抓包过程
opkg update opkg install libc opkg install libpcap opkg install tcpdumpopkg update opkg install libc opkg install libpcap opkg install tcpdumpopkg update opkg install libc opkg install libpcap opkg install tcpdump
wireshark就不说了,没有特殊的,正常下载安装即可,绿色版本的也可以
putty建议安装正常安装版,不要找绿色版本,因为要用到里面的plink程序
在命令行下执行如下代码:
plink.exe -batch -ssh -pw your_password root@192.168.1.1 "tcpdump -i br-lan host 192.168.1.165 -s 0 -w -" | "D:\ToolsDev\Wireshark\Wireshark.exe" -k -i -plink.exe -batch -ssh -pw your_password root@192.168.1.1 "tcpdump -i br-lan host 192.168.1.165 -s 0 -w -" | "D:\ToolsDev\Wireshark\Wireshark.exe" -k -i -plink.exe -batch -ssh -pw your_password root@192.168.1.1 "tcpdump -i br-lan host 192.168.1.165 -s 0 -w -" | "D:\ToolsDev\Wireshark\Wireshark.exe" -k -i -
其中plink是putty安装后新增的可执行文件,需要把putty所在目录添加到windows的path环境变量中
your_password是路由器root用户的密码
192.168.1.1是路由器的IP地址
192.168.1.165是待抓包的设备
D:\ToolsDev\Wireshark\Wireshark.exe 是wireshark安装目录
执行上述代码后,windows上就自动打开wireshark的窗口,可以实时对网络流进行分析
注意:
如果出现FATAL ERROR: Cannot confirm a host key in batch mode的错误,可以尝试取消-batch参数再连接,会出现确认界面,输入y确定。输入y之后重新运行带batch参数的连接命令即可
教程记录结束,enjoy
原文链接:https://blog.csdn.net/obana/article/details/135320499?ops_request_misc=%257B%2522request%255Fid%2522%253A%2522171836740016800225512489%2522%252C%2522scm%2522%253A%252220140713.130102334.pc%255Fblog.%2522%257D&request_id=171836740016800225512489&biz_id=0&utm_medium=distribute.pc_search_result.none-task-blog-2~blog~first_rank_ecpm_v1~times_rank-27-135320499-null-null.nonecase&utm_term=%E8%B7%AF%E7%94%B1%E5%99%A8%E3%80%81openwrt
