Tcpdump-pcap-无法在端口5984上嗅探数据包
[英]Tcpdump - pcap - Cannot sniff packets on port 5984
问题描述
Sorry if this a lame question. 
抱歉,这是一个la脚的问题。 I'm new to tcpdump and pcap. 我是tcpdump和pcap的新手。 I am using the pcap static lib to develop and application which listens to TCP data on a specified port. 我正在使用pcap静态库来开发和应用程序,以侦听指定端口上的TCP数据。 I have a small prototype built up and it works well when sniffing tcp packets sent over port 80 (the default from HTTP). 我建立了一个小型原型,当嗅探通过端口80(HTTP的默认端口)发送的tcp数据包时,它可以很好地工作。 However I would like to view HTTP packets to and from port 5984 (this is the default port that CouchDB uses). 但是,我想查看往返端口5984(这是CouchDB使用的默认端口)的HTTP数据包。 My application does not notice/sniff/see any packets on this port for some reason. 由于某种原因,我的应用程序没有注意到/嗅探/看到此端口上的任何数据包。 Being that I am not a seasoned network developer I am probably missing something fundamental. 由于我不是经验丰富的网络开发人员,所以我可能缺少一些基本知识。
I don't want to paste the whole application here but I can add any code that is necessary to find the problem. 我不想将整个应用程序粘贴到这里,但是我可以添加发现问题所需的任何代码。 Please just let me know. 请让我知道。
This is the my pcap filter expression: 这是我的pcap过滤器表达式:
char filter_exp[] = "tcp port 5984";/* The filter expression */
The filter compiles and is set on the pcap session without a problem. 过滤器可以编译并在pcap会话上设置,没有问题。 The session is set to run in promiscuous mode. 会话设置为以混杂模式运行。
//get a pcap session
//args device, # of packets to capture, promisc mode, timeout, err buff
handle = pcap_open_live(dev, BUFSIZ, 1, 1000, errbuf);
if (handle == NULL) {
fprintf(stderr, "Couldn't open device %s: %s\n", dev, errbuf);
return(2);
//compile our filter
if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) {
fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp, pcap_geterr(handle));
return(2);
}
//set the filter
if (pcap_setfilter(handle, &fp) == -1) {
fprintf(stderr, "Couldn't install filter %s: %s\n", filter_exp, pcap_geterr(handle));
return(2);
}
//begin sniffing packets. cnt -1: keep sniffing until err occurs
//last arg is optional. It can be used to pass additonal information to callback
pcap_loop(handle, -1, got_packet, NULL);
'got_packet' is my callback function. “ got_packet”是我的回调函数。 This is called many times using the same filter but with port 80 in place of 5984. 使用相同的过滤器多次调用它,但是使用端口80代替5984。
Using Curl I have tried: $ curl http://localhost:5984/test 我尝试使用Curl: $ curl http://localhost:5984/test
Just for the hell of it I have trying using the loopback: $ curl http://127.0.0.1:5984/test 只是为了它的地狱,我尝试使用环回: $ curl http://127.0.0.1:5984/test
These both go unnoticed by my pcap application. 我的pcap应用程序都没有注意到这些。 However if I change my filter to listen on port 80 and do a $ curl http://www.google.com 但是,如果我更改过滤器以监听端口80并执行$ curl http://www.google.com
I can see the packets coming through. 我可以看到数据包通过了。 What am I overlooking or not understanding? 我忽略或不了解什么?
Thanks a lot! 非常感谢!
-Nick -缺口
1 个解决方案
解决方案1
1 已采纳
If the packets are going from your Mac to the same Mac - for example, if you're communicating with "localhost" or 127.0.0.1 (which are the same thing - "localhost" resolves to 127.0.0.1), capture on lo0 , not on en0 or en1 . 如果数据包从Mac传输到同一Mac,例如,如果您正在与“ localhost”或127.0.0.1通信(这是同一件事-“ localhost”解析为127.0.0.1),请在lo0捕获,不在en0或en1 。 Traffic to 127.0.0.1 doesn't get sent on any real network, it gets looped back internally to your machine, so you have to look on the "loopback" network and the "loopback" interface for it. 到127.0.0.1的流量不会在任何实际网络上发送,它会在内部循环回到您的计算机,因此您必须查看“回送”网络和“回送”接口。
(Similar answers apply for other UN*Xes, except that on Linux, the loopback interface is called just lo , not lo0 . There's no equivalent on Windows, and on some versions of UN*X, such as Solaris 10 and earlier, you can't capture on the loopback interface.) (类似的答案适用于其他UN * Xes,除了在Linux上,回送接口仅称为lo而不是lo0 。在Windows上没有等效的接口,在某些UN * X版本上,例如Solaris 10和更早的版本,不能在环回接口上捕获。)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.