如何獲取遠程IP的mac地址
思路分析
- 由於java本身沒有相關的jar包進行獲取,所以這里介紹從其他的方面進行入手和實踐
使用的工具對比:
- tcpdump
- tshark
- pcap4j
都可以達到抓包的效果,通過抓包和ping服務器達到服務器之間的通訊也就是tcp連接,進而拿到請求里面寫到的網卡地址(mac)
三種方式對比
都是很老的項目,在GitHub上面發現最近更新三年前,實現起來也很復雜,動態庫編譯 jar編譯,操作耗時又費力
新的思路分析
由上面三種方式的實際操作和共同的實現原理,改造而來的一種獲取遠程主機mac的地址的實現方式
- 獲取遠程IP的mac地址最主要的操作就是通過抓包獲取請求里面攜帶的網卡信息,然后分析得到其中的Dst和Src信息格式如下
Ethernet II, Src: f8:ff:c2:48:3d:6d (f8:ff:c2:48:3d:6d), Dst: Hangzhou_54:80:02 (38:97:d6:54:80:02)
要想抓包得到結構就必須要有一步服務器之間要有通訊,就是在抓包開始的那個時間開始服務器之間要有至少一次的通訊才可以,也就是說 抓包->ping host->抓包結束->得到結果這樣一個步驟
由於抓包的得到的結構都是.cap后綴 直接讀取的話是一堆亂碼經過分析之后可以得到mac地址分別為:
fa 16 3e c8 fe 8f
fa 16 3e b5 33 2f但是不好區分,其他的字符也不確定是什么意思,估計是轉碼的時候格式不一樣吧
d4 c3 b2 a1 2 0 4 0 0 0 0 0 0 0 0 0 0 0 4 0 1 0 0 0 ad d4 bd 5f 15 9a 2 0 62 0 0 0 62 0 0 0 fa 16 3e c8 fe 8f fa 16 3e b5 33 2f 8 0 45 0 0 54 de 1b 40 0 40 1 d4 e0 c0 a8 0 5 81 cc 45 33 8 0 c3 9e f bf 0 1 ad d4 bd 5f 0 0 0 0 f8 99 2 0 0 0 0 0 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37轉碼的方法為:
private static String byteReadStr(byte[] mac) { StringBuffer sb = new StringBuffer(""); StringBuffer sbby = new StringBuffer(""); for(int i=0; i<mac.length; i++) { sbby.append(mac[i]+" "); if(i!=0) { sb.append(" "); } //字節轉換為整數 int temp = mac[i]&0xff; String str = Integer.toHexString(temp); System.out.print(str+" "); if(str.length()==1) { sb.append("0"+str); }else { sb.append(str); } } return sb.toString().toUpperCase(); }
- 后來我經過研究之后又發現了一種操作方式 就是借助第三方工具tshark進行分析.cap的抓包文件,可以得到如下信息
Frame 1: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) Encapsulation type: Ethernet (1) Arrival Time: Nov 25, 2020 11:51:09.170517000 CST [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1606276269.170517000 seconds [Time delta from previous captured frame: 0.000000000 seconds] [Time delta from previous displayed frame: 0.000000000 seconds] [Time since reference or first frame: 0.000000000 seconds] Frame Number: 1 Frame Length: 98 bytes (784 bits) Capture Length: 98 bytes (784 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:icmp:data] Ethernet II, Src: fa:16:3e:b5:33:2f (fa:16:3e:b5:33:2f), Dst: fa:16:3e:c8:fe:8f (fa:16:3e:c8:fe:8f) Destination: fa:16:3e:c8:fe:8f (fa:16:3e:c8:fe:8f) Address: fa:16:3e:c8:fe:8f (fa:16:3e:c8:fe:8f) .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: fa:16:3e:b5:33:2f (fa:16:3e:b5:33:2f) Address: fa:16:3e:b5:33:2f (fa:16:3e:b5:33:2f) .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 192.168.0.5, Dst: 12.21.69.51 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 84 Identification: 0xde1b (56859) Flags: 0x4000, Don't fragment 0... .... .... .... = Reserved bit: Not set .1.. .... .... .... = Don't fragment: Set ..0. .... .... .... = More fragments: Not set ...0 0000 0000 0000 = Fragment offset: 0 Time to live: 64 Protocol: ICMP (1) Header checksum: 0xd4e0 [validation disabled] [Header checksum status: Unverified] Source: 192.168.0.5 Destination: 129.204.69.51 Internet Control Message Protocol Type: 8 (Echo (ping) request) Code: 0 Checksum: 0xc39e [correct] [Checksum Status: Good] Identifier (BE): 4031 (0x0fbf) Identifier (LE): 48911 (0xbf0f) Sequence number (BE): 1 (0x0001) Sequence number (LE): 256 (0x0100) Timestamp from icmp data: Nov 25, 2020 11:51:09.000000000 CST [Timestamp from icmp data (relative): 0.170517000 seconds] Data (48 bytes) 0000 f8 99 02 00 00 00 00 00 10 11 12 13 14 15 16 17 ................ 0010 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 ........ !"#$%&' 0020 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37 ()*+,-./01234567 Data: f899020000000000101112131415161718191a1b1c1d1e1f… [Length: 48]
- 進行過濾之后可以得到 ~~~Ethernet II, Src: fa:16:3e:b5:33:2f (fa:16:3e:b5:33:2f), Dst: fa:16:3e:c8:fe:8f (fa:16:3e:c8:fe:8f)~~~
完整思路如下:
開始抓包 -> ping host -> 抓包結束輸出結果到指定文件夾 ->利用tshark 分析文件得到結果
思路整理完成開始整合到代碼里面進行資源mac地址監控操作,后續會放到github里面
*代碼部分后續更新