使用libpcap获取数据包的uid
[英]Get uid of packet with libpcap
问题描述
Is it possible to get the effective uid of a captured tcp packet with libpcap? 
是否可以使用libpcap获取捕获的tcp数据包的有效uid? In other words, can I use libpcap to get the user id of whomever created said packet? 换句话说,我可以使用libpcap来获取创建该数据包的用户的用户ID吗?
2 个解决方案
解决方案1
2 2012-01-24 21:38:23
不,UID信息(如果有开头)不会通过pcap使用的AF_PACKET通道传播。
解决方案2
1 已采纳
If the packet was sent from another computer, there is no guarantee that whoever sent the packet has a user ID - it might have, for example, been sent by a small embedded operating system that has no notion of user IDs. 如果数据包是从另一台计算机发送的,则不能保证发送数据包的人都有用户ID-例如,它可能是由没有用户ID概念的小型嵌入式操作系统发送的。
If the packet was sent from your computer, libpcap can't, by itself, tell you the user ID of who sent it. 如果数据包是从您的计算机发送的,则libpcap本身无法告诉您发送数据包的用户ID。 However, if you parse the TCP packet, you can get the source IP address and port number of the packet and, depending on the operating system on which you're running, you might be able to get a table of all active TCP connections on your machine, perhaps with a process ID or user ID associated with it. 但是,如果您解析TCP数据包,则可以获取数据包的源IP地址和端口号,并且,根据运行的操作系统,您可能可以获取所有活动TCP连接的表。您的计算机,可能带有与之关联的进程ID或用户ID。 (Note, however, that, for example, on a UN*X system, a given file descriptor for a given TCP connection can be shared by multiple processes running with different effective or real user IDs, in which case if all you have is the transmitted packet as captured using libpcap, you wouldn't have enough information to determine the user ID, effective or real, of the process that sent the packet, as you wouldn't know the process that sent the packet.) (但是请注意,例如,在UN * X系统上,给定TCP连接的给定文件描述符可以由运行具有不同有效或真实用户ID的多个进程共享,在这种情况下,传输使用libpcap捕获的数据包,您将没有足够的信息来确定发送数据包的进程的用户ID(有效或真实),因为您不知道发送数据包的进程。)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.