如何通过中间人手段阻止/拦截/编辑所有发往单个有线设备和服务器的网络流量

我需要完全阻止、拦截和更改两个设备之间传输的所有数据包。可能我需要隔离一个设备并阻止/拦截/编辑全部如果我无法在设备之间的数据包中找到原因，那么流量就会来回流动。编辑 - 记不住这个术语了。我需要成为问题设备和服务器之间的中间人。

怎么做？只要有一个基本的概述就好了。一些关于从哪里开始的指示。

我需要能够精确控制其中一台机器所看到的内容，以诊断其确切的连接问题。这两台设备是运行我们的 PACS 程序的典型 Windows 服务器和一台超声波机器。超声波机器一直无法连接以将图像上传到服务器，因为它一直向服务器发送关闭连接请求。我有另一台同品牌但不同型号的超声波机器，连接时没有问题，其他放射学机器也没有这个问题。

我在服务器上运行 wireshark，并可以获得管理员访问权限，这就是我诊断出超声波机器突然发送关闭连接请求的原因。我几乎无法控制超声波机器，它在功能上是一个黑匣子，被 GE 锁定在一种 Kiosk 模式下，我们与他们没有支持合同。我可以更改超声波机器发送图像的位置、ip 设置和其他字段的数量，但我受到 Kiosked GUI 的限制。

据我所知，之间的连接正常工作，直到超声波机器在从服务器接收到 dicom ACK 后突然立即发送关闭 DICOM 连接请求。我们的 PACS 供应商认为也许是他们的 DICOM ack 数据包中存在某些东西导致超声波机器出错，所以我想拦截并编辑消息。

如果我能通过 wireshark 完成所有这些操作那就太好了。如果这不起作用，我将不得不学习在超声波机器上进行数据包嗅探并以某种方式拦截其所有流量。

可用资源

• 管理员可以访问除超声波机器之外的所有设备
• 有一位网络管理员，但我不想打扰他。
• 备用思科交换机、笔记本电脑等，基本上是我们整个 IT 部门的备件
• 非常有帮助的 PAC 供应商

对于那些没有“医疗设备”经验的人来说，需要进一步了解信息，超声波机器是严格锁定的。我在其 Kiosked GUI 中拥有管理员权限，但根本无权访问操作系统。

编辑，制作了一个非常基本的网络模型

问题设备<------->网络墙上插孔<------->放射科子网<--->墙上插孔<---->放射科服务器

放射科服务器正在运行 wireshark

就个人而言这是我向第 4 个 metastack 发过这个问题。所有其他的 metastack 都表示这个问题超出了范围、偏离了主题、违反了发帖指南或违反了软件/硬件推荐的限制。软件推荐 stack 则表示，该 stack 是“推荐软件，而不是资产或资源，如操作指南、手册/教程、代码片段等”。我甚至在被 stack overflow 推荐到网络工程后，也把它发到了那里，心想“是的，他们肯定知道如何做到这一点。”不，不能推荐东西。如果我需要修改这个问题，请告诉我需要修改什么才能让它起作用

我希望改变的部分在 DICOM、A-ASSOCIATE 接受 VIVIDS70-200360 <-- DICOMSTORAGESCP 元素中，特别是演示上下文部分

    Frame 7: 372 bytes on wire (2976 bits), 372 bytes captured (2976 bits) on interface \Device\NPF_{95DCA5B3-EB26-4EA8-A80B-38B3AC886B9E}, id 0
    Interface id: 0 (\Device\NPF_{95DCA5B3-EB26-4EA8-A80B-38B3AC886B9E})
        Interface name: \Device\NPF_{95DCA5B3-EB26-4EA8-A80B-38B3AC886B9E}
    Encapsulation type: Ethernet (1)
    Arrival Time: Dec 16, 2019 12:42:47.470112000 Mountain Standard Time
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1576525367.470112000 seconds
    [Time delta from previous captured frame: 0.007570000 seconds]
    [Time delta from previous displayed frame: 0.007570000 seconds]
    [Time since reference or first frame: 0.309372000 seconds]
    Frame Number: 7
    Frame Length: 372 bytes (2976 bits)
    Capture Length: 372 bytes (2976 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ip:tcp:dicom]
    [Coloring Rule Name: TCP]
    [Coloring Rule String: tcp]
Ethernet II, Src: Dell_dc:33:54 (b8:2a:72:dc:33:54), Dst: All-HSRP-routers_50 (00:00:0c:07:ac:50)
    Destination: All-HSRP-routers_50 (00:00:0c:07:ac:50)
        Address: All-HSRP-routers_50 (00:00:0c:07:ac:50)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Source: Dell_dc:33:54 (b8:2a:72:dc:33:54)
        Address: Dell_dc:33:54 (b8:2a:72:dc:33:54)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.101.50.7, Dst: 10.250.120.61
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
        0000 00.. = Differentiated Services Codepoint: Default (0)
        .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
    Total Length: 358
    Identification: 0x4a86 (19078)
    Flags: 0x4000, Don't fragment
        0... .... .... .... = Reserved bit: Not set
        .1.. .... .... .... = Don't fragment: Set
        ..0. .... .... .... = More fragments: Not set
    ...0 0000 0000 0000 = Fragment offset: 0
    Time to live: 128
    Protocol: TCP (6)
    Header checksum: 0x0000 [validation disabled]
    [Header checksum status: Unverified]
    Source: 10.101.50.7
    Destination: 10.250.120.61
Transmission Control Protocol, Src Port: 104, Dst Port: 49268, Seq: 1, Ack: 471, Len: 318
    Source Port: 104
    Destination Port: 49268
    [Stream index: 0]
    [TCP Segment Len: 318]
    Sequence number: 1    (relative sequence number)
    Sequence number (raw): 3548356980
    [Next sequence number: 319    (relative sequence number)]
    Acknowledgment number: 471    (relative ack number)
    Acknowledgment number (raw): 2364032816
    0101 .... = Header Length: 20 bytes (5)
    Flags: 0x018 (PSH, ACK)
        000. .... .... = Reserved: Not set
        ...0 .... .... = Nonce: Not set
        .... 0... .... = Congestion Window Reduced (CWR): Not set
        .... .0.. .... = ECN-Echo: Not set
        .... ..0. .... = Urgent: Not set
        .... ...1 .... = Acknowledgment: Set
        .... .... 1... = Push: Set
        .... .... .0.. = Reset: Not set
        .... .... ..0. = Syn: Not set
        .... .... ...0 = Fin: Not set
        [TCP Flags: ·······AP···]
    Window size value: 512
    [Calculated window size: 131072]
    [Window size scaling factor: 256]
    Checksum: 0xc0fb [unverified]
    [Checksum Status: Unverified]
    Urgent pointer: 0
    [SEQ/ACK analysis]
        [iRTT: 0.000194000 seconds]
        [Bytes in flight: 318]
        [Bytes sent since last PSH flag: 318]
    [Timestamps]
        [Time since first frame in this TCP stream: 0.309372000 seconds]
        [Time since previous frame in this TCP stream: 0.007570000 seconds]
    TCP payload (318 bytes)
DICOM, A-ASSOCIATE accept  VIVIDS70-200360 <-- DICOMSTORAGESCP
    PDU Type: ASSOC Accept (0x02)
    PDU Length: 312
    A-ASSOCIATE accept  VIVIDS70-200360 <-- DICOMSTORAGESCP
        Protocol Version: 1
        Called  AE Title: DICOMSTORAGESCP 
        Calling AE Title: VIVIDS70-200360 
        Application Context: DICOM Application Context Name (1.2.840.10008.3.1.1.1)
            Item Type: Application Context (0x10)
            Item Length: 21
            Application Context: DICOM Application Context Name (1.2.840.10008.3.1.1.1)
        Presentation Context: ID 0x01, Accept, JPEG Baseline (Process 1): Default Transfer Syntax for Lossy JPEG 8 Bit Image Compression, Secondary Capture Image Storage
            Item Type: Presentation Context Reply (0x21)
            Item Length: 30
            Context ID: 0x01
            Result: Accept (0x0)
            Transfer Syntax: JPEG Baseline (Process 1): Default Transfer Syntax for Lossy JPEG 8 Bit Image Compression (1.2.840.10008.1.2.4.50)
                Item Type: Transfer Syntax (0x40)
                Item Length: 22
                Transfer Syntax: JPEG Baseline (Process 1): Default Transfer Syntax for Lossy JPEG 8 Bit Image Compression (1.2.840.10008.1.2.4.50)
        Presentation Context: ID 0x03, Accept, JPEG Baseline (Process 1): Default Transfer Syntax for Lossy JPEG 8 Bit Image Compression, Ultrasound Image Storage
            Item Type: Presentation Context Reply (0x21)
            Item Length: 30
            Context ID: 0x03
            Result: Accept (0x0)
            Transfer Syntax: JPEG Baseline (Process 1): Default Transfer Syntax for Lossy JPEG 8 Bit Image Compression (1.2.840.10008.1.2.4.50)
                Item Type: Transfer Syntax (0x40)
                Item Length: 22
                Transfer Syntax: JPEG Baseline (Process 1): Default Transfer Syntax for Lossy JPEG 8 Bit Image Compression (1.2.840.10008.1.2.4.50)
        Presentation Context: ID 0x05, Accept, JPEG Baseline (Process 1): Default Transfer Syntax for Lossy JPEG 8 Bit Image Compression, Ultrasound Multi-frame Image Storage
            Item Type: Presentation Context Reply (0x21)
            Item Length: 30
            Context ID: 0x05
            Result: Accept (0x0)
            Transfer Syntax: JPEG Baseline (Process 1): Default Transfer Syntax for Lossy JPEG 8 Bit Image Compression (1.2.840.10008.1.2.4.50)
                Item Type: Transfer Syntax (0x40)
                Item Length: 22
                Transfer Syntax: JPEG Baseline (Process 1): Default Transfer Syntax for Lossy JPEG 8 Bit Image Compression (1.2.840.10008.1.2.4.50)
        Presentation Context: ID 0x07, Accept, JPEG Baseline (Process 1): Default Transfer Syntax for Lossy JPEG 8 Bit Image Compression, Ultrasound Image Storage (Retired)
            Item Type: Presentation Context Reply (0x21)
            Item Length: 30
            Context ID: 0x07
            Result: Accept (0x0)
            Transfer Syntax: JPEG Baseline (Process 1): Default Transfer Syntax for Lossy JPEG 8 Bit Image Compression (1.2.840.10008.1.2.4.50)
                Item Type: Transfer Syntax (0x40)
                Item Length: 22
                Transfer Syntax: JPEG Baseline (Process 1): Default Transfer Syntax for Lossy JPEG 8 Bit Image Compression (1.2.840.10008.1.2.4.50)
        Presentation Context: ID 0x09, Accept, JPEG Baseline (Process 1): Default Transfer Syntax for Lossy JPEG 8 Bit Image Compression, Ultrasound Multi-frame Image Storage (Retired)
            Item Type: Presentation Context Reply (0x21)
            Item Length: 30
            Context ID: 0x09
            Result: Accept (0x0)
            Transfer Syntax: JPEG Baseline (Process 1): Default Transfer Syntax for Lossy JPEG 8 Bit Image Compression (1.2.840.10008.1.2.4.50)
                Item Type: Transfer Syntax (0x40)
                Item Length: 22
                Transfer Syntax: JPEG Baseline (Process 1): Default Transfer Syntax for Lossy JPEG 8 Bit Image Compression (1.2.840.10008.1.2.4.50)
        User Info: Max PDU Length 131072, Implementation UID 1.2.840.114051.6.0, Version NovaRad 6.0
            Item Type: User Info (0x50)
            Item Length: 45
            Max PDU Length: 131072
                Item Type: Max Length (0x51)
                Item Length: 4
                Max PDU Length: 131072
            Implementation UID: 1.2.840.114051.6.0
                Item Type: Implementation Class UID (0x52)
                Item Length: 18
                Implementation Class UID: 1.2.840.114051.6.0
            Implementation Version: NovaRad 6.0
                Item Type: Implementation Version (0x55)
                Item Length: 11
                Implementation Version: NovaRad 6.0