wireshark 在哪里捕获数据包 [英] where does the wireshark capture the packets
问题描述
wireshark 在 linux 内核中在哪里捕获数据包?如果wireshark抓到一个输出包,这个包一定会通过相应的接口发出吗?换言之,wireshark 捕获的输出数据包是否可以在发送之前丢弃?
where does the wireshark capture the packets in the linux kernel? If an output packet is captured by wireshark , will the packet be sent out definitely through corresponding interface? In other words, could an output packet that captured by wireshark be dropped before it is sent out?
推荐答案
wireshark 在 linux 内核中在哪里捕获数据包?
where does the wireshark capture the packets in the linux kernel?
在 UN*Xes 上,它使用 libpcap,在 Linux 上,它使用 AF_PACKET 套接字.(在 Windows 上,它使用 WinPcap,它是一个驱动程序加上一个 libpcap 端口来使用该驱动程序.)
On UN*Xes, it uses libpcap, which, on Linux, uses AF_PACKET sockets. (On Windows, it uses WinPcap, which is a driver plus a port of libpcap to use the driver.)
如果一个输出包被wireshark抓到了,这个包一定会通过相应的接口发送出去吗?
If an output packet is captured by wireshark , will the packet be sent out definitely through corresponding interface?
没有.网络堆栈将数据包交给适当的 AF_PACKET 套接字和驱动程序;即使数据包已传送到 AF_PACKET 套接字,驱动程序也可能会丢弃数据包(例如,如果在以太网上发生多次冲突并放弃).
No. The networking stack hands the packet to the appropriate AF_PACKET sockets and to the driver; the driver might drop the packet (for example, if, on an Ethernet, it got multiple collisions and gave up) even though the packet was delivered to the AF_PACKET socket.
换句话说,wireshark 捕获的输出数据包是否可以在发送之前丢弃?
In other words, could an output packet that captured by wireshark be dropped before it is sent out?
是的.见上文.
这篇关于wireshark 在哪里捕获数据包的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!