有没有办法选择从此列表中自动发送http流量的工作设备?
List<NetworkInterface> Interfaces = new List<NetworkInterface>();
foreach (var nic in NetworkInterface.GetAllNetworkInterfaces())
{
if (nic.OperationalStatus == OperationalStatus.Up)
{
Interfaces.Add(nic);
}
}
另外如何嗅探URL而不是IP?对不起,我是PcapDotNet的新手。
private static void PacketHandler(Packet packet)
{
// print timestamp and length of the packet
Console.WriteLine(packet.Timestamp.ToString("yyyy-MM-dd hh:mm:ss.fff") + " length:" + packet.Length);
IpV4Datagram ip = packet.Ethernet.IpV4;
UdpDatagram udp = ip.Udp;
// print ip addresses and udp ports
Console.WriteLine(ip.Source + ":" + udp.SourcePort + " -> " + ip.Destination + ":" + udp.DestinationPort);
}
答案 0 :(得分:1)
您是否在尝试查找有关特定NIC的更多信息?如果您尝试从单个界面隔离流量,请先找出它是哪一个。下面的代码将帮助您枚举可用的接口:
var nics = from NetworkInterface a
in NetworkInterface.GetAllNetworkInterfaces()
where a.NetworkInterfaceType == NetworkInterfaceType.Ethernet &&
a.Supports(NetworkInterfaceComponent.IPv4)
select a;
if (nics.Any())
{
var nic = nics.First();
adapter = new NetworkAdapter();
adapter.Name = nic.Name;
adapter.Description = nic.Description;
adapter.Id = nic.Id;
var props = nic.GetIPProperties();
var ipAddresses = from UnicastIPAddressInformation info
in props.UnicastAddresses
where info.PrefixOrigin == PrefixOrigin.Manual
select info;
adapter.GatewayAddressList = nic.GetIPProperties().GatewayAddresses;
adapter.Available = (nic.OperationalStatus == OperationalStatus.Up);
}
此外,如果您尝试嗅探URL,则必须查看DNS数据包。 DNS有助于将URL转换为IP。查看DNS。 DNS搜索将在任何连接之前进行。
编辑:这是我用来枚举适配器ID的实用工具方法:
DLL int GetAvailableAdapters()
{
pcap_if_t *alldevs;
pcap_if_t *devs;
char msgBuffer[LOG_SIZE];
int index = 0;
char* fullname;
int namePtr;
char* shortname;
struct in_addr ip;
// Retrieve the device list on the local machine
if (-1 == pcap_findalldevs_ex(PCAP_SRC_IF_STRING, NULL, &alldevs, msgBuffer))
{
//error
return 0;
}
// Cycle List, and make sure adapters are available/visable
for(devs = alldevs; devs != NULL; devs = devs->next)
{
++index;
//
// Print adapter description
//
sprintf(msgBuffer, " [%d]: %s", index, devs->description);
gblLog(INFO, msgBuffer);
//
// Parse and Print adapters network info in dot-decimal notation
//
/*ip = ((struct sockaddr_in *)(devs->addresses->addr))->sin_addr;
sprintf(msgBuffer, " IPAddr: %s ", inet_ntoa(ip));
gblLog(INFO, msgBuffer);
*/
//
// Print the Registry Key Value from the substring of adapter name
//
fullname = devs->name;
namePtr = strlen(fullname);
shortname = fullname + namePtr;
while(0 < namePtr && fullname[--namePtr] != '_');
if(fullname[namePtr] == '_')
{
// Key is the string after "_" char, get the substring starting at that index.
shortname = fullname + namePtr + 1;
fullname[namePtr] = '\0';
sprintf(msgBuffer, " KeyVal: %s\n", shortname);
gblLog(INFO, msgBuffer);
}
else
{
// Print full name if the "_" char was not found (odd formating...)
sprintf(msgBuffer, " KeyVal: %s\n", fullname);
gblLog(INFO, msgBuffer);
}
}
if(index == 0)
{
gblLog(INFO, "FindAllDevs() returned null devices. No network adapters found!");
}
return index; // Total num of adapters enum
}
使用此方法以及NetworkInterface,您应该能够通过其reg键将适配器与索引相关联。找到合适的适配器后,使用该索引打开pcap设备:
if (pcap_findalldevs_ex(PCAP_SRC_IF_STRING, NULL, &alldevs, errbuf) == -1)
{
return -1; // error
}
// Cycle the devs until we reach the appropriate index
for(d = alldevs, i = 0; (i < (index- 1)); d = d->next, i++);
// Open the device
if ( (adhandle= pcap_open(d->name, // HW name of the network device.
65536, // Portion of the packet to capture. 65536 max packet
adapterFlags, // See adapterFlags above
1000, // 1sec timeout on idle. (We check for exit at this interval)
NULL, // No authentication,
errbuf // Error buffer
)) == NULL)
{
//error opening
pcap_freealldevs(alldevs); // Free the device list
return -1;
}