问题
I have a socket created with socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL)), and I've set it into promiscuous mode using:
struct ifreq ifr;
strncpy((char*)ifr.ifr_name, interface, IF_NAMESIZE);
if(ioctl(sock, SIOCGIFINDEX, &ifr)<0) fail(2);
struct packet_mreq mr;
memset(&mr, 0, sizeof(mr));
mr.mr_ifindex = ifr.ifr_ifindex;
mr.mr_type = PACKET_MR_PROMISC;
if(setsockopt(sock, SOL_PACKET, PACKET_ADD_MEMBERSHIP, &mr, sizeof(mr)) < 0) fail(2);
The problem is that when I do a read() from the socket, it only returns data that's going from or coming to my computer.
How can I get it to read and process all packets on the network?
Wireshark shows all the packets fine, so I know it isn't my computer or NIC. ifconfig reports that it's PROMISC when it is running.
回答1:
Along with Rob Jones' suggestion, try a tool like Wireshark to make sure that you're receiving the packets that you expect at the interface. At least that will confirm (or deny) that you have a problem with your code.
Also need to make sure that the interface itself is set to promiscuous mode. If not then you can use the ioctl() to set it:
ifr.ifr_flags |= IFF_PROMISC;
if( ioctl(sock, SIOCSIFFLAGS, &ifr) != 0 )
{
// handle error here
}
While your application is running, make sure that ifconfig reports the PROMISC flag for that interface.
Note that this will need to be executed as a privileged user.
Tried out the code as presented. Works for me. Of course (due to the test on line 102) this will only print details for TCP traffic.
回答2:
Try using SOCK_PACKET as the second argument to socket(), rather than SOCK_RAW.
If you're on a switch you will probably only see packets destined to, or originating from your computer. Try a hub.
回答3:
Your switch port also needs to be configured appropriately (SPAN port in Cisco world). See here for more details:
http://www.winpcap.org/misc/faq.htm#Q-22
And here is the info from Cisco regarding how SPAN ports work:
http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a008015c612.shtml
回答4:
This is likely not a software problem.
You're likely using the wrong hardware. Your computer is probably hooked up to a Switch. Switches are smart enough to "learn" which computers are on which ports, and route traffic only to where it needs to go. Hence, the switch is filtering your packets for you.
To fix this, you need to get a Hub. Although Hubs and Switches appear very similar, they work differently. The Hub is dumb, and will route all traffic to all ports, enabling you to see other traffic in promiscuous mode.
Note that even if you replace the device that your computer connects to, it is likely connected to more switches up-stream, which will also limit traffic. Hence, you won't be able to sniff traffic from much further away than your own hub or test-lab setup.
来源:https://stackoverflow.com/questions/1325378/packet-socket-in-promiscuous-mode-only-receiving-local-traffic