Shulou(Shulou.com)06/01 Report--

Today, I would like to share with you the relevant knowledge points of Microsoft Network Monitor case analysis. The content is detailed and the logic is clear. I believe most people still know too much about this knowledge, so share this article for your reference. I hope you can get something after reading this article. Let's take a look at it.

Microsoft Network Monitor

Embedded development engineer development environment generally uses Windows, because many professional packet grabbing tools under Windows need specific wireless network card and driver support to achieve hybrid mode 802.11 data capture. In some scenarios, these professional bag grabbing tools may not necessarily be carried with them. So first introduce a lightweight package grabbing tool Microsoft Network Monitor provided by Microsoft under Windows.

Microsoft Network Monitor is a free network protocol data analysis tool provided by Microsoft officially, which can not only grab packets, but also do some simple data analysis based on packet capture results. The latest version of Microsoft Network Monitor, which supports both 32-bit and 64-bit systems, is available for free download from Microsoft at https://www.microsoft.com/en-us/download/details.aspx?id=4865. The system I use is a Win10_64 bit system, and the Nic driver of my computer does not support hybrid mode. Tests have found that hybrid mode can be realized with external 360USBWiFi.

The software installation process is relatively simple, there is no need to pay special attention to. It should be noted that the computer needs to be restarted after the installation is complete, otherwise the software may not display the current network list correctly.

Running Microsoft Network Monitor 3.4as an administrator will display all current network cards correctly in "Select Networks". You can find the network card we want to grab through Friendly Name and Description.

1. General mode

Microsoft Network Monitor defaults to "Local Mode". In this mode, the software can only capture the data sent and received by the currently selected network card, but cannot capture the data that has not passed through the network card.

After selecting the network card, click "New Capture", and select "Start" in the pop-up page to start grabbing the package.

You can click "Pause" to pause the current grab, click "Stop" to stop the current capture, and "Start" after "Stop" will clear the currently captured data.

In the "Frame Summary" box, you can find that the software supports capturing WiFi management frames, TCP, UDP and other data packets. At the same time, the software can also display "Process Name", "Source", "Destination" and other network information.

By analyzing the above data, we can find that the data currently captured are the data sent and received by the current network card, and even if the 802.11 management frame is sent to the router by the current network card.

Second, hybrid mode

In the process of WiFi development, we usually need to capture the communication data between the router and other WiFi devices through the wireless network card, which is not captured by the software in normal mode. Microsoft Network Monitor supports wireless network cards to enter "Monitor Mode", which is a promiscuous mode, in which communication packets between the router and other WiFi devices can be captured.

Click "Capture Settings" to enter the settings page and you can see the currently selected wireless card.

-double-click the wireless card that needs to be set "Monitor Mode", and click "Scanning Options"

On the "WiFi Scanning Options" page, select "Switch to Monitor Mode", and then continue to select channel scan mode. The software supports two channel switching modes, fixed channel mode and channel scan mode. In the channel scanning mode, each channel stays for a while, and according to the time slice order, each channel begins to grab packets, which needs to be set up according to the actual needs.

When the setting is complete, click "Apply", and you need to keep the page open and cannot be closed, otherwise the wireless network card automatically exits "Monitor Mode".

Return to the main screen and click "Start" again to start the capture under "Monitor Mode".

From "Frame Summary", you can see that various 802.11 management frames are captured, and many packets that are different from "Source" and "Destination" are captured at the same time.

Select the packet that needs specific analysis, and you can view the detailed packet data in "Frame Details" and "Hex Details".

Click "File" and select "Save As" to save the current captured data as ".cap", which can be analyzed by "wireshark", "Omnipeek" and other tools.

These are all the contents of the article "Microsoft Network Monitor case Analysis". Thank you for reading! I believe you will gain a lot after reading this article. The editor will update different knowledge for you every day. If you want to learn more knowledge, please pay attention to the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.