在FWPM_LAYER_INBOUND_IPPACKET设置过滤器,它可以捕获正在转发的数据包吗? [英] set filter at FWPM_LAYER_INBOUND_IPPACKET, can it capture packets being forwarded?
问题描述
或注册过滤器 FWPM_LAYER_IPFORWARD是必须的?
这取决于。 通常答案是否定的,您必须坐在FWPM_LAYER_IPFORWARD以查看前向路径上的数据包。虽然前进路径有两种情况。
最常见的情况是路由。这是一个从接口A进入并离开接口B的数据包。 该数据包的目的地不是通过它转发的机器。
第二种情况适用于弱主机型号。 这是数据包进入接口A的位置,但是发往接口B. 在这种情况下,您会在IPFORWARD和IPPACKET上看到它,因为它是发往本地计算机的。 为了使这个
工作,必须启用weakhost(默认的强主机模型)
http://technet.microsoft.com/en-us/magazine/2007.09.cableguy.aspx
or register a filter at FWPM_LAYER_IPFORWARD is a must?
This depends. Generally the answer is no, you must sit at FWPM_LAYER_IPFORWARD to see packets on the forward path. There are 2 cases for the forward path though.
The most commonly thought of case is routing. This is a packet that comes in from interface A and leaves interface B. The packet is not destined for the machine it is being forwarded through.
The second case is for weak host models. This is where a packet enters interface A, but is destined for interface B. in this case, you would see it at both IPFORWARD and IPPACKET, as it is destined for the local machine. In order for this to work though, weakhost must be enabled (strong host model is the default) http://technet.microsoft.com/en-us/magazine/2007.09.cableguy.aspx
这篇关于在FWPM_LAYER_INBOUND_IPPACKET设置过滤器,它可以捕获正在转发的数据包吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!