如何捕获非组播数据包? [英] How to capture non-multicast packets?

问题描述

我的应用程序不能捕获多播数据包(源或目标地址是多播地址的数据包).

My application must not capture the multicast packet (the packet which the source or destination address is multicast address).

我的应用程序同时支持Microsoft Network Monitor API库和WinPcap库.它使用户可以选择要使用的库.

My application support both Microsoft Network Monitor API library and WinPcap library. It lets users to choose which library to use.

那么，Microsoft Network Monitor库中可以使用什么捕获过滤器?

So, what are the capture filter that can be used in Microsoft Network Monitor library?

在WinPcap库中，我只需要添加"not multicast"(不多播)即可.过滤器.我确实希望，如果我使用Microsoft Network Monitor API，则使我的应用程序不包括多播数据包，就像使用WinPcap库一样容易.

In WinPcap library, I just need to add "not multicast" to the filter. I do hope that if I use Microsoft Network Monitor API, making my application excluding multicast packet will be just easy rlike using WinPcap library.

推荐答案

我们没有捷径，但是您可以使用此过滤器来摆脱IPv4组播:

We dont' have a shortcut, but you can get rid of IPv4 Multicasts with this filter:

！(((ipv4.DestinationAddress& 0xFF000000)> = 224.0.0.0 AND(ipv4.DestinationAddress& 0xFF000000)< = 239.0.0.0)

!((ipv4.DestinationAddress&0xFF000000) >= 224.0.0.0 AND (ipv4.DestinationAddress&0xFF000000) <= 239.0.0.0)

如果您需要API中的高性能捕获过滤器，则必须使用新功能.如果您需要有关此方面的信息，请告诉我，因为它不是那么简单，但是功能非常强大.

If you need a high performance capture filter in the API, you'd have to use the new feature.  If you need info on that, please let me know as it's not as straight forward, but very powerful.

谢谢

保罗

 

这篇关于如何捕获非组播数据包?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！