求助一下 用什么抓包工具可以抓到下载者的下载地址?

nullily 2012-6-17 08:55 9784
基本上常用的抓包工具用了十来个 都抓不到 不知道是不是方法用的不对
我想得到下载者下载的IP地址或者域名

下载者实现是用最简单常用的URLDownloadToFileA

谢谢各位指导
最新回复 (13)
cleverelie 2012-6-17 12:01
2
试试Wireshark抓包工具
nullily 2012-6-17 17:53
3
测试的时候用过 不过不知道是不是方法不对 抓不到啊
炸鸡大侠 2012-6-20 16:59
4
UrlDownloadToFileA可以看到地址吧?如果不行你可以用WPE找它的进程抓它的数据包分析,一般的下载者应该都是可以跟到下载地址的.
小熊出山 2012-6-23 19:21
5
传上来,让大牛帮你抓下看
gott 2012-6-25 11:13
6
其实没什么必要这么复杂  
安装了防火墙软件
然后让日志记录全部信息  
就行了

============
补充  一般木马是开机运行的 一联网 就下载
建议是先拔网线
冰河之刃 2012-7-3 07:50
7
SmartSniff v1.32
Copyright (c) 2004 - 2007 Nir Sofer
Web site: http://www.nirsoft.net (访问此网站获取最新版)

Description
===========

SmartSniff allows you to capture TCP/IP packets that pass through your
network adapter, and view the captured data as sequence of conversations
between clients and servers. You can view the TCP/IP conversations in
Ascii mode (for text-based protocols, like HTTP, SMTP, POP3 and FTP.) or
as hex dump. (for non-text base protocols, like DNS)
SmartSniff provides 3 methods for capturing TCP/IP packets :
1. Raw Sockets (Only for Windows 2000/XP or greater): Allows you to
   capture TCP/IP packets on your network without installing a capture
   driver. This method has some limitations and problems.
2. WinPcap Capture Driver: Allows you to capture TCP/IP packets on all
   Windows operating systems. (Windows 98/ME/NT/2000/XP/2003/Vista) In
   order to use it, you have to download and install WinPcap Capture
   Driver from this Web site. (WinPcap is a free open-source capture
   driver.)
   This method is generally the preferred way to capture TCP/IP packets
   with SmartSniff, and it works better than the Raw Sockets method.
3. Microsoft Network Monitor Driver (Only for Windows 2000/XP/2003):
   Microsoft provides a free capture driver under Windows 2000/XP/2003
   that can be used by SmartSniff, but this driver is not installed by
   default, and you have to manually install it, by using one of the
   following options:
   * Option 1: Install it from the CD-ROM of Windows 2000/XP
     according to the instructions in Microsoft Web site
   * Option 2 (XP Only) : Download and install the Windows XP
     Service Pack 2 Support Tools. One of the tools in this package is
     netcap.exe. When you run this tool in the first time, the Network
     Monitor Driver will automatically be installed on your system.

   Notice: If WinPcap is installed on your system, and you want to use
   the Microsoft Network Monitor Driver method, it's recommended to run
   SmartSniff with /NoCapDriver, because the Microsoft Network Monitor
   Driver may not work properly when WinPcap is loaded too.
小鸟 2012-7-10 20:41
8
这是我用的。。。
上传的附件:
liuweilie 2012-9-14 16:35
9
不用抓包,知道是哪个进程,用iceworld看一下进程信息就行
小小酥 2012-9-19 10:21
10
别告诉我你是连哪个进程都不知道
leaveme 2012-9-21 23:22
11
什么意思?你在服务器端?
caskywz 2012-10-2 17:48
12
还有进程? 木有注入  然后销毁么?..然后用KAD技术

木有进程 ...至于IP  一大堆

在然后一堆悲剧.......
爱末流 2012-10-2 17:51
13
顶!!!!!!
nullily 2013-9-16 18:39
14
以前忘记结贴了 到今天才看到  结贴
不过这见证了曾经发的小白帖的人的成长。。
谢谢楼上各位!!!
返回