wireshark 检查指定程序的网络信息

  1. 获取程序的PID

  2. CMD查看

>netstat -aon | findstr 10796
  TCP    192.168.1.8:4407       203.208.40.70:443      ESTABLISHED     10796
  TCP    192.168.1.8:4409       203.208.40.70:443      ESTABLISHED     10796
  TCP    [2409:8a62:77:1040:f50c:295a:7425:cc42]:4404  [2606:4700:20::681a:17c]:443  ESTABLISHED     10796
  TCP    [2409:8a62:77:1040:f50c:295a:7425:cc42]:4405  [2606:4700:20::681a:17c]:443  ESTABLISHED     10796
  1. 打开wireshark编写过滤器

  • 使用端口过滤: tcp.port >=4407 and tcp.port<=4409

  • 使用IP地址过滤:ip.src==192.168.1.8

  • tcp.len>0 过掉没有data的请求

将wireshark保存位.pcap文件,可以使用WireEdit编辑

posted @ 2020-09-15 17:30  Ajanuw  阅读(1132)  评论(0编辑  收藏  举报