C# 使用sharppcap实现 网络抓包
sharppcap的dll下载地址:
http://sourceforge.net/directory/os:windows/?q=sharppcap
详细用法:
http://www.codeproject.com/KB/IP/sharppcap.aspx
为了进一步说明使用方式,在此分享一个我写的wrapper类。
using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.IO; using System.Threading; using SharpPcap; using PacketDotNet; using SharpPcap.LibPcap; namespace ServerToolV0._1.Capture { public class WinCapHelper { private static object syncObj = new object(); private static WinCapHelper _capInstance; public static WinCapHelper WinCapInstance { get { if (null == _capInstance) { lock (syncObj) { if (null == _capInstance) { _capInstance = new WinCapHelper(); } } } return _capInstance; } } private Thread _thread; /// <summary> /// when get pocket,callback /// </summary> public Action<string> _logAction; /// <summary> /// 过滤条件关键字 /// </summary> public string filter; private WinCapHelper() { } public void Listen() { if (_thread != null && _thread.IsAlive) { return; } _thread = new Thread(new ThreadStart(() => { ////遍历网卡 foreach (PcapDevice device in SharpPcap.CaptureDeviceList.Instance) { ////分别启动监听,指定包的处理函数 device.OnPacketArrival += new PacketArrivalEventHandler(device_OnPacketArrival); device.Open(DeviceMode.Normal, 1000); device.Capture(500); //device.StartCapture(); } })); _thread.Start(); } /// <summary> /// 打印包信息,组合包太复杂了,所以直接把hex字符串打出来了 /// </summary> /// <param name="str"></param> /// <param name="p"></param> private void PrintPacket(ref string str, Packet p) { if (p != null) { string s = p.ToString(); if (!string.IsNullOrEmpty(filter) && !s.Contains(filter)) { return; } str += "\r\n" + s + "\r\n"; ////尝试创建新的TCP/IP数据包对象, ////第一个参数为以太头长度,第二个为数据包数据块 str += p.PrintHex() + "\r\n"; } } /// <summary> /// 接收到包的处理函数 /// </summary> /// <param name="sender"></param> /// <param name="e"></param> private void device_OnPacketArrival(object sender, CaptureEventArgs e) { ////解析出基本包 var packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data); ////协议类别 // var dlPacket = PacketDotNet.DataLinkPacket.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data); //var ethernetPacket = PacketDotNet.EthernetPacket.GetEncapsulated(packet); //var internetLinkPacket = PacketDotNet.InternetLinkLayerPacket.Parse(packet.BytesHighPerformance.Bytes); //var internetPacket = PacketDotNet.InternetPacket.Parse(packet.BytesHighPerformance.Bytes); //var sessionPacket = PacketDotNet.SessionPacket.Parse(packet.BytesHighPerformance.Bytes); //var appPacket = PacketDotNet.ApplicationPacket.Parse(packet.BytesHighPerformance.Bytes); //var pppoePacket = PacketDotNet.PPPoEPacket.Parse(packet.BytesHighPerformance.Bytes); //var arpPacket = PacketDotNet.ARPPacket.GetEncapsulated(packet); //var ipPacket = PacketDotNet.IpPacket.GetEncapsulated(packet); //ip包 //var udpPacket = PacketDotNet.UdpPacket.GetEncapsulated(packet); //var tcpPacket = PacketDotNet.TcpPacket.GetEncapsulated(packet); string ret = ""; PrintPacket(ref ret, packet); //ParsePacket(ref ret, ethernetPacket); //ParsePacket(ref ret, internetLinkPacket); //ParsePacket(ref ret, internetPacket); //ParsePacket(ref ret, sessionPacket); //ParsePacket(ref ret, appPacket); //ParsePacket(ref ret, pppoePacket); //ParsePacket(ref ret, arpPacket); //ParsePacket(ref ret, ipPacket); //ParsePacket(ref ret, udpPacket); //ParsePacket(ref ret, tcpPacket); if (!string.IsNullOrEmpty(ret)) { string rlt = "\r\n时间 : " + DateTime.Now.ToLongTimeString() + "\r\n数据包: \r\n" + ret; _logAction(rlt); } } public void StopAll() { foreach (PcapDevice device in SharpPcap.CaptureDeviceList.Instance) { if (device.Opened) { Thread.Sleep(500); device.StopCapture(); } _logAction("device : " + device.Description + " stoped.\r\n"); } _thread.Abort(); } } }
来自:http://blog.csdn.net/lan_liang/article/details/7206910
本文由用户 m47c 自行上传分享,仅供网友学习交流。所有权归原作者,若您的权利被侵害,请联系管理员。
转载本站原创文章,请注明出处,并保留原始链接、图片水印。
本站是一个以用户分享为主的开源技术平台,欢迎各类分享!