C# 使用sharppcap實現 網絡抓包
sharppcap的dll下載地址:
http://sourceforge.net/directory/os:windows/?q=sharppcap
詳細用法:
http://www.codeproject.com/KB/IP/sharppcap.aspx
為了進一步說明使用方式,在此分享一個我寫的wrapper類。
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.IO;
using System.Threading;
using SharpPcap;
using PacketDotNet;
using SharpPcap.LibPcap;namespace ServerToolV0._1.Capture { public class WinCapHelper { private static object syncObj = new object(); private static WinCapHelper _capInstance; public static WinCapHelper WinCapInstance { get { if (null == _capInstance) { lock (syncObj) { if (null == _capInstance) { _capInstance = new WinCapHelper(); } } } return _capInstance; } } private Thread _thread; /// <summary> /// when get pocket,callback /// </summary> public Action<string> _logAction; /// <summary> /// 過濾條件關鍵字 /// </summary> public string filter; private WinCapHelper() { } public void Listen() { if (_thread != null && _thread.IsAlive) { return; } _thread = new Thread(new ThreadStart(() => { ////遍歷網卡 foreach (PcapDevice device in SharpPcap.CaptureDeviceList.Instance) { ////分別啟動監聽,指定包的處理函數 device.OnPacketArrival += new PacketArrivalEventHandler(device_OnPacketArrival); device.Open(DeviceMode.Normal, 1000); device.Capture(500); //device.StartCapture(); } })); _thread.Start(); } /// <summary> /// 打印包信息,組合包太復雜了,所以直接把hex字符串打出來了 /// </summary> /// <param name="str"></param> /// <param name="p"></param> private void PrintPacket(ref string str, Packet p) { if (p != null) { string s = p.ToString(); if (!string.IsNullOrEmpty(filter) && !s.Contains(filter)) { return; } str += "\r\n" + s + "\r\n"; ////嘗試創建新的TCP/IP數據包對象, ////第一個參數為以太頭長度,第二個為數據包數據塊 str += p.PrintHex() + "\r\n"; } } /// <summary> /// 接收到包的處理函數 /// </summary> /// <param name="sender"></param> /// <param name="e"></param> private void device_OnPacketArrival(object sender, CaptureEventArgs e) { ////解析出基本包 var packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data); ////協議類別 // var dlPacket = PacketDotNet.DataLinkPacket.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data); //var ethernetPacket = PacketDotNet.EthernetPacket.GetEncapsulated(packet); //var internetLinkPacket = PacketDotNet.InternetLinkLayerPacket.Parse(packet.BytesHighPerformance.Bytes); //var internetPacket = PacketDotNet.InternetPacket.Parse(packet.BytesHighPerformance.Bytes); //var sessionPacket = PacketDotNet.SessionPacket.Parse(packet.BytesHighPerformance.Bytes); //var appPacket = PacketDotNet.ApplicationPacket.Parse(packet.BytesHighPerformance.Bytes); //var pppoePacket = PacketDotNet.PPPoEPacket.Parse(packet.BytesHighPerformance.Bytes); //var arpPacket = PacketDotNet.ARPPacket.GetEncapsulated(packet); //var ipPacket = PacketDotNet.IpPacket.GetEncapsulated(packet); //ip包 //var udpPacket = PacketDotNet.UdpPacket.GetEncapsulated(packet); //var tcpPacket = PacketDotNet.TcpPacket.GetEncapsulated(packet); string ret = ""; PrintPacket(ref ret, packet); //ParsePacket(ref ret, ethernetPacket); //ParsePacket(ref ret, internetLinkPacket); //ParsePacket(ref ret, internetPacket); //ParsePacket(ref ret, sessionPacket); //ParsePacket(ref ret, appPacket); //ParsePacket(ref ret, pppoePacket); //ParsePacket(ref ret, arpPacket); //ParsePacket(ref ret, ipPacket); //ParsePacket(ref ret, udpPacket); //ParsePacket(ref ret, tcpPacket); if (!string.IsNullOrEmpty(ret)) { string rlt = "\r\n時間 : " + DateTime.Now.ToLongTimeString() + "\r\n數據包: \r\n" + ret; _logAction(rlt); } } public void StopAll() { foreach (PcapDevice device in SharpPcap.CaptureDeviceList.Instance) { if (device.Opened) { Thread.Sleep(500); device.StopCapture(); } _logAction("device : " + device.Description + " stoped.\r\n"); } _thread.Abort(); } } } </pre><br />
本文由用戶 m47c 自行上傳分享,僅供網友學習交流。所有權歸原作者,若您的權利被侵害,請聯系管理員。
轉載本站原創文章,請注明出處,并保留原始鏈接、圖片水印。
本站是一個以用戶分享為主的開源技術平臺,歡迎各類分享!