Problem Description
When using the windump -i 1 -n -s 0 -w arp.cap arp and host 192.168.xxx.xxx command
The following conditions were found: 0 packets captured, 0 packets received by filter, 0 packets dropped by kernel.
As shown below:
Try methods
I tried more than thirty times and spent several days without success. At first, I couldn’t understand the meaning of this string of code.
After checking how to use windump, emmmm, there is a lot of text and I can’t quite understand it. I still recommend everyone to learn it here. Don’t be lazy! !
Since I'm lazy and don't want to read so many methods, I can only try it slowly! Thinking about mathematics, we have learned something called the controlled variable method. You can try it
So, after a long process of controlling variables and not wanting to consult the manual, I finally gave up. (In short, I blame myself for being too lazy and unable to find a solution) (Manual dog head)
Solution
I found such an article by accident, and I would like to thank this blogger for helping me solve the problem.
Windows WinDump CAP packet capture practice
After opening the command line. Enter the WinDump.exe -D command to view a list similar to 'Network Card Driver' (ps: I don't know what it is, I guessed it myself).
Then select the number that can be used to capture the data, mine is 2. If you don’t know, you can use the following command to test;
WinDump.exe -i 2
The number 2 corresponds to 2.\Device*** in the above list.
Then we can see the scrolling data. If it doesn't work, try switching the number.
- It can be executed no matter which directory it is in
Follow the instructions above and proceed step by step.
The windump.exe -D here means displaying all available network cards in the current system.
I have 4 network cards available on my computer. Although the first one is from Microsoft, I don’t know why it doesn’t work. There are also some computers with virtual machines installed, the first one may be VMWare. So you need to select by the number after -i.
Let’s go back and take a look at how to use windump. -i turns out to be monitoring the specified network card. Because it is specified, there are numbers at the end to select the network card.
Through windump.exe -i 1 or windump.exe -i 2... try one by one. If it is connected to the network, there will always be one that can have data. If there are many network cards, Microsoft's is preferred.
This network card number is the number after -i.
Finally, the long-standing problem was solved.
windump -i 1 -n -s 0 -w arp.cap arp and host 192.168.xxx.xxx命令
Change 1 here to 2
and the problem will be solved!