Im am wondering how 开发者_JS百科wireshark functions. What would be the design of an application that could listen to the traffic on all ports of a given machine? What is the kind of overheard that such an application generates? What would be a good way to go about writing an app that monitors traffic?
Thanks
Wireshark leverages libpcap on unix platforms and its port WinPcap on Windows. This library provides an API to capture packets (Wireshark is also able to capture frames but I haven't found in pcap docs that pcap is able to do that).
How the library does that is platform-specific, that's why a good way would be to use the library to do the heavy lifting for you; libpcap or tcpdump on unix (depending on how low-level you need it to be) and WinPcap or Windows Filtering Platform on Windows.
Documentation: http://www.tcpdump.org/pcap3_man.html http://www.winpcap.org/docs/docs_412/html/main.html
One way would be to use the Windows Filtering Platform (this is for Vista+, but a similar feature was possible in XP- - the WFP just makes things easier). The WFP lets you listen to "callouts" in the driver that call your code at various points in the packet-processing stack so that you can capture, filter, and even modify the data as it moves around.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论