简体繁体 English

来自同一网络上另一台计算机的C＃嗅探数据包

[英]C# Sniff Packets from another computer on the same Network

原文 2013-09-04 01:31:09 3 2 c#/ sockets/ networking/ packet/ sniffing

I've looked around at various C# Packet Sniffing tutorials and have built one that can parse packets sent to and from my computer. 我浏览了各种C＃Packet Sniffing教程，并构建了一个可以解析发送到计算机和从计算机发送的数据包的教程。 This is awesome, but I haven't found anything that relates to intercepting packets from another computer (obviously on the same network), eg from a different computer to a router. 这太棒了，但是我还没有发现任何与拦截来自另一台计算机（显然是在同一网络上）的数据包有关的信息，例如从另一台计算机到路由器的数据包。

Am I correct in thinking that any packets sent by a computer are visible to, not only the router, but any other computers on the same network? 我是否正确地认为计算机发送的任何数据包不仅对路由器而且对同一网络上的任何其他计算机都是可见的？ If this is the case, does that not mean that intercepting these packets is something we can do in C#? 如果是这种情况，这是否意味着我们可以在C＃中完成拦截这些数据包的工作？

To those who are desperately copying and pasting links to Wireshark etc. I appreciate your time but this is more of a learning experience for me, so I'd like answers relevant to C# if possible! 对于那些急切地复制和粘贴到Wireshark等链接的人。感谢您的宝贵时间，但这对我来说是一种学习的经验，因此，如果可能，我希望获得与C＃相关的答案！

In summary, how can I intercept packets in C# that don't concern my computer? 总之，如何在C＃中拦截与计算机无关的数据包？ Eg From my laptop to my router? 例如，从我的笔记本电脑到路由器？

2 个解决方案

Assuming you're in an ethernet switched network rather than something funky like a token ring: Even the great Wireshark is limited in what it is able to see because it runs in the same confines as what you're trying to build - its host PC. 假设您使用的是以太网交换网络，而不是像令牌环这样的时髦产品：即使是出色的Wireshark，它所能看到的内容也受到了限制，因为它的运行范围与您要构建的内容相同-它的主机PC 。

Unfortunately, your PC can only see the packets that hit its network interface. 不幸的是，您的PC仅能看到命中其网络接口的数据包。 This means that in a layer 3 routed network you're unlikely to see any packets that aren't intended for you, unless of course your PC is the router. 这意味着，在第3层路由网络中，除非您的PC当然是路由器，否则您不太可能看到不适合您的任何数据包。

You'll need to look into SOCKS5 proxies and the like to achieve the level of network transparency your question infers. 您需要研究SOCKS5代理等，才能达到问题所提示的网络透明性。 While implying a small bit of network and configuration overhead, a proxy will provide you the most visibility into the traffic you're after. 在暗示少量网络和配置开销的同时，代理将为您提供所要访问流量的最大可见性。

M.Babcock already mentioned in his answer that your computer in a switched network won't see the traffic between two other computer. M.Babcock在回答中已经提到，交换网络中的计算机将看不到其他两台计算机之间的通信。

Some (managed) switches and routers have the feature to send all traffic to a monitoring port. 某些（托管）交换机和路由器具有将所有流量发送到监视端口的功能。 On this port you can connect your computer and use wireshark/pcap etc. to see the all the traffic that is passing through the switch/router. 在此端口上，您可以连接计算机，并使用wireshark / pcap等查看通过交换机/路由器的所有流量。

Or, if you still have one reachable, put a Hub between Laptop and router and connect your pc to the hub. 或者，如果仍然可以访问，则在笔记本电脑和路由器之间放置一个集线器，然后将PC连接到集线器。 The Hub will forward all traffic to the other ports, as he doesn't care about the mac addresses. 集线器会将所有流量转发到其他端口，因为他不在乎mac地址。

So this is really not depending on any programming language but only on network management. 因此，这实际上并不取决于任何编程语言，而仅取决于网络管理。