At the end of the university graduation design, Wireless LAN remote security monitoring strategy
Then the clutch is the basis of this system design.
Used to know with WinPcap, and now search the Internet, useful C # package, very good
Here are a few of these uses
Homepage of this class library author: http://www.tamirgal.com/home/default.aspx
Pcapopen () There are several methods
- Pcapopen ()
- Pcapopen (bool Promiscuous_mode)
- Pcapopen (bool promiscuous_mode, int read_timeout)
Promiscuous_mode: In normal crawl mode, we crawl only those packets that are destined for the target network, while at Promiscuous_mode, we crawl all the packages, including the packets that are forwarded. We usually start with this pattern.
Here's an example:
//Extract A device from the listPcapdevice Device=Devices[i];//Register Our handler function to the//' Packet Arrival ' eventdevice. Pcaponpacketarrival+=Newsharppcap.packetarrivalevent (device_pcaponpacketarrival);//Open the device for capturing//true--means promiscuous mode//--means a read wait of 1000msdevice. Pcapopen (true, +); Console.WriteLine ("--listenning on {0}, hits ' Enter ' to stop ...", device. pcapdescription);//Start the capturing processdevice. Pcapstartcapture ();//Wait for ' Enter ' from the user.console.readline ();//Stop the capturing processdevice. Pcapstopcapture ();//Close the PCAP deviceDevice. Pcapclose ();
PcapStartCapture()
对应PcapStopCapture()
使用PcapCapture(
Int packetCount)
时我们可以使用
SharpPcap.INFINITE,
来达到持续抓包的功能
Note: Usually the CRC data is not in the packet, because usually the wrong CRC packet is discarded automatically.
上面的需要注册一个event handle,这在很多时候是不可行的,所以我们推荐使用下面这个方法PcapGetNextPacket()
//Extract A device from the listPcapdevice Device=Devices[i];//Open the device for capturing//true--means promiscuous mode//--means a read wait of 1000msDevice. Pcapopen (true, +); Console.WriteLine (); Console.WriteLine ("--listenning on {0} ...", device. Pcapdescription); Packet Packet=NULL;//Keep capture packets using Pcapgetnextpacket () while(Packet=device. Pcapgetnextpacket ())! =NULL ){ //Prints the time and length of each received packetDateTime Time=packet. Pcapheader.date; intLen =packet. Pcapheader.packetlength; Console.WriteLine ("{0}:{1}:{2},{3} len={4}", time. Hour, time. Minute, time. Second, Time.millisecond, Len);}//Close the PCAP devicedevice. Pcapclose (); Console.WriteLine ("--Capture stopped, device closed.");
PcapSetFilter()
设置过滤条件
String filter = "IP and TCP";
Device. Pcapsetfilter (filter);
The following example fetches TCP packets, outputting their time, length, source IP, source port, destination IP, destination port
/// <SUMMARY>///Prints The time, length, src IP,///src port, DST IP and DST Port///For each TCP/IP packet received on the network/// </SUMMARY>Private Static voidDevice_pcaponpacketarrival (Objectsender, Packet Packet) { if(Packet istcppacket) {DateTime time=packet. Timeval.date; intLen =packet. Pcapheader.len; Tcppacket TCP=(tcppacket) packet; stringSrcip =TCP. sourceaddress; stringDstip =TCP. destinationaddress; intSrcport =TCP. Sourceport; intDstport =TCP. Destinationport; Console.WriteLine ("{0}:{1}:{2}, {3} len={4} {5}:{6}, {7}:{8}", Time . Hour, time. Minute, time. Second, Time.millisecond, Len, Srcip, Srcport, Dstip, dstport); } }
Using Sharppcap for network capture under C #