c# 使用sharppcap实现 网络抓包
2012-10-25 10:48
337 查看
sharppcap的dll下载地址:
http://sourceforge.net/directory/os:windows/?q=sharppcap
详细用法:
http://www.codeproject.com/KB/IP/sharppcap.aspx
为了进一步说明使用方式,在此分享一个我写的wrapper类。
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.IO;
using System.Threading;
using SharpPcap;
using PacketDotNet;
using SharpPcap.LibPcap;
namespace ServerToolV0._1.Capture
{
public class WinCapHelper
{
private static object syncObj = new object();
private static WinCapHelper _capInstance;
public static WinCapHelper WinCapInstance
{
get
{
if (null == _capInstance)
{
lock (syncObj)
{
if (null == _capInstance)
{
_capInstance = new WinCapHelper();
}
}
}
return _capInstance;
}
}
private Thread _thread;
/// <summary>
/// when get pocket,callback
/// </summary>
public Action<string> _logAction;
/// <summary>
/// 过滤条件关键字
/// </summary>
public string filter;
private WinCapHelper()
{
}
public void Listen()
{
if (_thread != null && _thread.IsAlive)
{
return;
}
_thread = new Thread(new ThreadStart(() =>
{
////遍历网卡
foreach (PcapDevice device in SharpPcap.CaptureDeviceList.Instance)
{
////分别启动监听,指定包的处理函数
device.OnPacketArrival +=
new PacketArrivalEventHandler(device_OnPacketArrival);
device.Open(DeviceMode.Normal, 1000);
device.Capture(500);
//device.StartCapture();
}
}));
_thread.Start();
}
/// <summary>
/// 打印包信息,组合包太复杂了,所以直接把hex字符串打出来了
/// </summary>
/// <param name="str"></param>
/// <param name="p"></param>
private void PrintPacket(ref string str, Packet p)
{
if (p != null)
{
string s = p.ToString();
if (!string.IsNullOrEmpty(filter) && !s.Contains(filter))
{
return;
}
str += "\r\n" + s + "\r\n";
////尝试创建新的TCP/IP数据包对象,
////第一个参数为以太头长度,第二个为数据包数据块
str += p.PrintHex() + "\r\n";
}
}
/// <summary>
/// 接收到包的处理函数
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
private void device_OnPacketArrival(object sender, CaptureEventArgs e)
{
////解析出基本包
var packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
////协议类别
// var dlPacket = PacketDotNet.DataLinkPacket.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
//var ethernetPacket = PacketDotNet.EthernetPacket.GetEncapsulated(packet);
//var internetLinkPacket = PacketDotNet.InternetLinkLayerPacket.Parse(packet.BytesHighPerformance.Bytes);
//var internetPacket = PacketDotNet.InternetPacket.Parse(packet.BytesHighPerformance.Bytes);
//var sessionPacket = PacketDotNet.SessionPacket.Parse(packet.BytesHighPerformance.Bytes);
//var appPacket = PacketDotNet.ApplicationPacket.Parse(packet.BytesHighPerformance.Bytes);
//var pppoePacket = PacketDotNet.PPPoEPacket.Parse(packet.BytesHighPerformance.Bytes);
//var arpPacket = PacketDotNet.ARPPacket.GetEncapsulated(packet);
//var ipPacket = PacketDotNet.IpPacket.GetEncapsulated(packet); //ip包
//var udpPacket = PacketDotNet.UdpPacket.GetEncapsulated(packet);
//var tcpPacket = PacketDotNet.TcpPacket.GetEncapsulated(packet);
string ret = "";
PrintPacket(ref ret, packet);
//ParsePacket(ref ret, ethernetPacket);
//ParsePacket(ref ret, internetLinkPacket);
//ParsePacket(ref ret, internetPacket);
//ParsePacket(ref ret, sessionPacket);
//ParsePacket(ref ret, appPacket);
//ParsePacket(ref ret, pppoePacket);
//ParsePacket(ref ret, arpPacket);
//ParsePacket(ref ret, ipPacket);
//ParsePacket(ref ret, udpPacket);
//ParsePacket(ref ret, tcpPacket);
if (!string.IsNullOrEmpty(ret))
{
string rlt = "\r\n时间 : " +
DateTime.Now.ToLongTimeString() +
"\r\n数据包: \r\n" + ret;
_logAction(rlt);
}
}
public void StopAll()
{
foreach (PcapDevice device in SharpPcap.CaptureDeviceList.Instance)
{
if (device.Opened)
{
Thread.Sleep(500);
device.StopCapture();
}
_logAction("device : " + device.Description + " stoped.\r\n");
}
_thread.Abort();
}
}
}
http://sourceforge.net/directory/os:windows/?q=sharppcap
详细用法:
http://www.codeproject.com/KB/IP/sharppcap.aspx
为了进一步说明使用方式,在此分享一个我写的wrapper类。
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.IO;
using System.Threading;
using SharpPcap;
using PacketDotNet;
using SharpPcap.LibPcap;
namespace ServerToolV0._1.Capture
{
public class WinCapHelper
{
private static object syncObj = new object();
private static WinCapHelper _capInstance;
public static WinCapHelper WinCapInstance
{
get
{
if (null == _capInstance)
{
lock (syncObj)
{
if (null == _capInstance)
{
_capInstance = new WinCapHelper();
}
}
}
return _capInstance;
}
}
private Thread _thread;
/// <summary>
/// when get pocket,callback
/// </summary>
public Action<string> _logAction;
/// <summary>
/// 过滤条件关键字
/// </summary>
public string filter;
private WinCapHelper()
{
}
public void Listen()
{
if (_thread != null && _thread.IsAlive)
{
return;
}
_thread = new Thread(new ThreadStart(() =>
{
////遍历网卡
foreach (PcapDevice device in SharpPcap.CaptureDeviceList.Instance)
{
////分别启动监听,指定包的处理函数
device.OnPacketArrival +=
new PacketArrivalEventHandler(device_OnPacketArrival);
device.Open(DeviceMode.Normal, 1000);
device.Capture(500);
//device.StartCapture();
}
}));
_thread.Start();
}
/// <summary>
/// 打印包信息,组合包太复杂了,所以直接把hex字符串打出来了
/// </summary>
/// <param name="str"></param>
/// <param name="p"></param>
private void PrintPacket(ref string str, Packet p)
{
if (p != null)
{
string s = p.ToString();
if (!string.IsNullOrEmpty(filter) && !s.Contains(filter))
{
return;
}
str += "\r\n" + s + "\r\n";
////尝试创建新的TCP/IP数据包对象,
////第一个参数为以太头长度,第二个为数据包数据块
str += p.PrintHex() + "\r\n";
}
}
/// <summary>
/// 接收到包的处理函数
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
private void device_OnPacketArrival(object sender, CaptureEventArgs e)
{
////解析出基本包
var packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
////协议类别
// var dlPacket = PacketDotNet.DataLinkPacket.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
//var ethernetPacket = PacketDotNet.EthernetPacket.GetEncapsulated(packet);
//var internetLinkPacket = PacketDotNet.InternetLinkLayerPacket.Parse(packet.BytesHighPerformance.Bytes);
//var internetPacket = PacketDotNet.InternetPacket.Parse(packet.BytesHighPerformance.Bytes);
//var sessionPacket = PacketDotNet.SessionPacket.Parse(packet.BytesHighPerformance.Bytes);
//var appPacket = PacketDotNet.ApplicationPacket.Parse(packet.BytesHighPerformance.Bytes);
//var pppoePacket = PacketDotNet.PPPoEPacket.Parse(packet.BytesHighPerformance.Bytes);
//var arpPacket = PacketDotNet.ARPPacket.GetEncapsulated(packet);
//var ipPacket = PacketDotNet.IpPacket.GetEncapsulated(packet); //ip包
//var udpPacket = PacketDotNet.UdpPacket.GetEncapsulated(packet);
//var tcpPacket = PacketDotNet.TcpPacket.GetEncapsulated(packet);
string ret = "";
PrintPacket(ref ret, packet);
//ParsePacket(ref ret, ethernetPacket);
//ParsePacket(ref ret, internetLinkPacket);
//ParsePacket(ref ret, internetPacket);
//ParsePacket(ref ret, sessionPacket);
//ParsePacket(ref ret, appPacket);
//ParsePacket(ref ret, pppoePacket);
//ParsePacket(ref ret, arpPacket);
//ParsePacket(ref ret, ipPacket);
//ParsePacket(ref ret, udpPacket);
//ParsePacket(ref ret, tcpPacket);
if (!string.IsNullOrEmpty(ret))
{
string rlt = "\r\n时间 : " +
DateTime.Now.ToLongTimeString() +
"\r\n数据包: \r\n" + ret;
_logAction(rlt);
}
}
public void StopAll()
{
foreach (PcapDevice device in SharpPcap.CaptureDeviceList.Instance)
{
if (device.Opened)
{
Thread.Sleep(500);
device.StopCapture();
}
_logAction("device : " + device.Description + " stoped.\r\n");
}
_thread.Abort();
}
}
}
相关文章推荐
- C#使用sharppcap实现网络抓包-----2
- C#使用sharppcap实现网络抓包
- C#使用sharppcap实现网络抓包-----2
- c# 使用sharppcap实现 网络抓包
- C#使用sharppcap实现网络抓包
- c# 使用sharppcap实现 网络抓包
- c# 使用sharppcap实现 网络抓包
- 使用SharpPCap在C#下进行网络抓包
- 使用SharpPCap在C#下进行网络抓包
- 使用SharpPCap在C#下进行网络抓包
- 使用C#实现网络抓包与分析
- 使用SharpPCap在C#下进行网络抓包
- 在C#中使用异步Socket编程实现TCP网络服务的C/S的通讯构架(二)----使用方法
- 字符串相似度计算的方法,使用SQL以及C#实现,本文非原创摘自网络(.NET SQL技术交流群入群206656202需注明博客园)
- 在C#中使用异步Socket编程实现TCP网络服务的C/S的通讯构架(二)
- 使用C#实现网络时间同步功能
- 使用C#实现网络时间同步功能
- Midapex网络开发库v2.2(更新主题:使用C#实现的FTP客户端)
- C#使用多线程实现网络爬虫,并且通过网络传输,传到另外的服务器数据库存储
- [转载]在C#中使用异步Socket编程实现TCP网络服务的C/S的通讯构架(一)----基础类库部分 .