0

I have installed npcap driver which supports loopback interface. I installed it because I need to inyect packets to loopback interface and read them from it. I can easily read packets in the loopback with "pcap_next_ex" as I can do in winpcap in ethernet interfaces, but when I want to inyect a packet to the loopback with "pcap_sendpacket" dosent work, and the function returns 0 (successfull).

I verified this by opening wireshark and watching the packets incoming to the interface, when I use pcap_sendpacket on ethernet interface I can watch the packets, but in the loopback they dont appear when I tried to inject them. Why? 

//The array which contains the data of the test package

UCHAR packet[] = "\x.."; 

//loopback adapter is already opened here

for (int i = 0; i < 100; i++)
    printf("%d ", pcap_sendpacket(loopbackAdapter, packet, sizeof(packet)));

I use this code on loopback interface and didnt work (but pcap_sendpacket returned always success), because in wireshark the packets didnt appear, but in ethernet interfaces the injection was successfull.

Does npcap support loopback packet inyection?

Thank you and regards!.

4

1 回答 1

0

您需要了解每个网络数据包(甚至是环回数据包)都有一个方向:发送路径 (Tx) 或接收路径 (Rx)。通常,当您向 发送数据包时Npcap Loopback Adapter,实际上是将其发送到 Windows TCP/IP 堆栈的 Tx 路径。当您发送 Tx 数据包时,您通常会等待 localhost 应用程序(或协议、驱动程序等)响应它们。

我不知道你为什么要inject packets to loopback interface and read them from it。这部分 Npcap 的低级逻辑只是不让当前会话(pcap_t)接收此会话注入的数据包。但是其他会话可以看到它们,这就是 Wireshark 可以看到您注入的数据包的原因。

我只是不知道你为什么要这样做。您似乎不希望任何其他应用程序响应这些数据包。但作为一种解决方法,我认为您可以通过将数据包注入 Rx 路径来获得所需的内容。通过向 Rx 发送数据包,意味着欺骗 Windows 相信这些数据包是从外部接收的。我不记得我是如何实现它的,但是同一个会话应该能够在 Rx 中看到这些数据包。

我们没有非常清楚地记录 Rx 功能。版本中只有一些描述:v0.05-r6v0.05-r7,这里有一个例子:https://github.com/hsluoyz/UserBridge。他们甚至应该在最新的 Npcap 中工作。

于 2017-03-05T14:32:57.633 回答