好吧,我正在研究 Java 项目。为了制作一个可以捕获我局域网中所有数据包并能够查看 HTTP 流量的应用程序。我目前正在使用 Jnetpcap API,我成功列出接口并进行实时捕获并提取 HTTP 数据包。我遇到的问题是我只捕获我自己机器的流量。我已经在 google 中查找过这个。到目前为止我发现的唯一解决方案是启用混杂模式,我使用 ifconfig cmd 做到了,不幸的是问题仍然存在。我不知道如何解决。任何解决方案..??
问问题
900 次
2 回答
0
You can only ever capture traffic that is actually passing through the box you are listening on. Promiscuous mode only means that if traffic happens to arrive at your box but is not addressed to it, it would read that traffic. You are only going to get into that situation if you are using a network hub however. On a switched network, only traffic actually intended for your machine ever gets to your machine.
You would need to use a switch that has a SPAN port in order to monitor all the traffic going through that switch, or run your monitoring program on a system that all your network traffic passes through (a machine on the border of your network, for example).
于 2014-04-01T02:29:39.817 回答
0
我使用 winpcap(不是 Jnetpcap),但我认为有些东西是恒定的。
无论您是否在操作系统中启用混杂模式,您都必须在打开 tour 网络适配器时传递混杂模式标志。例如,在 winpcap 中,我们喜欢如下代码:
pcap_open(d->name, 65536, PCAP_OPENFLAG_PROMISCUOUS /* promiscuous mode */ , 1000, NULL, errbuf)
有关更多信息,请查看官方 winpcap 文档。
祝你好运
亚阿里。
于 2014-04-01T02:21:45.873 回答