环回中的嗅探是否捕获外部流量?
Does sniffing in loopback capture outside traffic?
我在某个端口上有一个游戏服务器 运行。
我学会了在环回上嗅探数据包。因此,如果我从同一台计算机连接到它,就会捕获数据包。
但是有人可以从其他计算机连接并且数据包不会被嗅探。
来自某台计算机的数据包必须通过我的接口之一。那么我是否也应该嗅探该接口以获取来自我的计算机和其他计算机的数据包?
这是我的程序
#define IP_HL(ip) (((ip)->ip_vhl) & 0x0f)
#define IP_V(ip) (((ip)->ip_vhl) >> 4)
#define _WINSOCK_DEPRECATED_NO_WARNINGS
#include <stdio.h>
#include <pcap.h>
#include <WS2tcpip.h>
#pragma comment(lib, "Ws2_32.lib")
void
got_packet(u_char* args, const struct pcap_pkthdr* header, const u_char* packet)
{
for (int i = 0; i < (*header).len; i++)
{
printf("%d ", (unsigned char)packet[i]);
}
printf("\n");
return;
}
int main(int argc, char* argv[])
{
char* dev, errbuf[PCAP_ERRBUF_SIZE];
pcap_if_t* interfaces, * temp;
pcap_if_t* loopback = NULL;
int i= pcap_findalldevs(&interfaces,errbuf);
if (i == -1) {
fprintf(stderr, "Couldn't find default device: %s\n", errbuf);
return(2);
}
for (temp = interfaces; temp; temp = temp->next)
{
printf("%d ", temp->flags);
printf("Name: %s with ", temp->name);
printf(" %s \n", temp->description);
if (temp->flags % 2 == 1)
{
printf("Loopback device found\n");
loopback = temp;
}
}
if (loopback == NULL)
{
printf("No loopback device found.\n Install npcap from nmap.org/npcap / ");
return 0;
}
struct bpf_program fp; /* The compiled filter expression */
pcap_t* handle;
char filter_exp[] = "port 8192"; /* The filter expression */
bpf_u_int32 net = NULL; /* The IP of our sniffing device */
struct pcap_pkthdr header; /* The header that pcap gives us */
const u_char* packet; /* The actual packet */
handle = pcap_open_live(loopback->name, BUFSIZ, 1, 5000, errbuf);
if (handle == NULL) {
fprintf(stderr, "Couldn't open device %s: %s\n", loopback->name, errbuf);
return(2);
}
if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) {
fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp, pcap_geterr(handle));
return(2);
}
if (pcap_setfilter(handle, &fp) == -1) {
fprintf(stderr, "Couldn't install filter %s: %s\n", filter_exp, pcap_geterr(handle));
return(2);
}
pcap_loop(handle, -1, got_packet, NULL);
pcap_close(handle);
return(0);
}
So should i sniff on that interface too inorder to get packets coming from both my computer and other computers?
是的,您可以这样做 - 或者,如果您在 Linux 上 运行,您可以在 "any" 上捕获设备,它应该捕获所有接口上的流量。
我在某个端口上有一个游戏服务器 运行。 我学会了在环回上嗅探数据包。因此,如果我从同一台计算机连接到它,就会捕获数据包。
但是有人可以从其他计算机连接并且数据包不会被嗅探。
来自某台计算机的数据包必须通过我的接口之一。那么我是否也应该嗅探该接口以获取来自我的计算机和其他计算机的数据包?
这是我的程序
#define IP_HL(ip) (((ip)->ip_vhl) & 0x0f)
#define IP_V(ip) (((ip)->ip_vhl) >> 4)
#define _WINSOCK_DEPRECATED_NO_WARNINGS
#include <stdio.h>
#include <pcap.h>
#include <WS2tcpip.h>
#pragma comment(lib, "Ws2_32.lib")
void
got_packet(u_char* args, const struct pcap_pkthdr* header, const u_char* packet)
{
for (int i = 0; i < (*header).len; i++)
{
printf("%d ", (unsigned char)packet[i]);
}
printf("\n");
return;
}
int main(int argc, char* argv[])
{
char* dev, errbuf[PCAP_ERRBUF_SIZE];
pcap_if_t* interfaces, * temp;
pcap_if_t* loopback = NULL;
int i= pcap_findalldevs(&interfaces,errbuf);
if (i == -1) {
fprintf(stderr, "Couldn't find default device: %s\n", errbuf);
return(2);
}
for (temp = interfaces; temp; temp = temp->next)
{
printf("%d ", temp->flags);
printf("Name: %s with ", temp->name);
printf(" %s \n", temp->description);
if (temp->flags % 2 == 1)
{
printf("Loopback device found\n");
loopback = temp;
}
}
if (loopback == NULL)
{
printf("No loopback device found.\n Install npcap from nmap.org/npcap / ");
return 0;
}
struct bpf_program fp; /* The compiled filter expression */
pcap_t* handle;
char filter_exp[] = "port 8192"; /* The filter expression */
bpf_u_int32 net = NULL; /* The IP of our sniffing device */
struct pcap_pkthdr header; /* The header that pcap gives us */
const u_char* packet; /* The actual packet */
handle = pcap_open_live(loopback->name, BUFSIZ, 1, 5000, errbuf);
if (handle == NULL) {
fprintf(stderr, "Couldn't open device %s: %s\n", loopback->name, errbuf);
return(2);
}
if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) {
fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp, pcap_geterr(handle));
return(2);
}
if (pcap_setfilter(handle, &fp) == -1) {
fprintf(stderr, "Couldn't install filter %s: %s\n", filter_exp, pcap_geterr(handle));
return(2);
}
pcap_loop(handle, -1, got_packet, NULL);
pcap_close(handle);
return(0);
}
So should i sniff on that interface too inorder to get packets coming from both my computer and other computers?
是的,您可以这样做 - 或者,如果您在 Linux 上 运行,您可以在 "any" 上捕获设备,它应该捕获所有接口上的流量。