使用SharpPCap在C#下進行網路抓包

標籤：

在做大學最後的畢業設計了,無線區域網路絡遠程安全監控策略
那麼抓包是這個系統設計的基礎
以前一直都是知道用winpcap的,現在網上搜了一下,有用C#封裝好了的,很好用
下面是其中的幾個用法
這個類庫作者的首頁:http://www.tamirgal.com/home/default.aspx

PcapOpen()有下面幾個方法

• PcapOpen()
• PcapOpen(bool promiscuous_mode)
• PcapOpen(bool promiscuous_mode, int read_timeout)

promiscuous_mode:在普通的抓模數式下,我們只抓取那些目的地為目標網路的包,而處於promiscuous_mode時,則抓取所有的包,包括轉寄的包.通常我們都是開啟這種模式的

下面是樣本:

//Extract a device from the listPcapDevice device = devices[i];//Register our handler function to the //‘packet arrival‘ eventdevice.PcapOnPacketArrival +=   new SharpPcap.PacketArrivalEvent(device_PcapOnPacketArrival);//Open the device for capturing   //true -- means promiscuous mode//1000 -- means a read wait of 1000msdevice.PcapOpen(true, 1000);Console.WriteLine(    "-- Listenning on {0}, hit ‘Enter‘ to stop...",    device.PcapDescription);//Start the capturing processdevice.PcapStartCapture();//Wait for ‘Enter‘ from the user.Console.ReadLine();//Stop the capturing processdevice.PcapStopCapture();//Close the pcap devicedevice.PcapClose();

PcapStartCapture()對應PcapStopCapture()

使用PcapCapture(int packetCount)時我們可以使用SharpPcap.INFINITE,來達到持續抓包的功能

 

Note:通常CRC的資料是不在資料包的中的,因為通常錯誤的CRC包會被自動丟棄.

 

上面的需要註冊一個event handle,這在很多時候是不可行的,所以我們推薦使用下面這個方法PcapGetNextPacket()

//Extract a device from the listPcapDevice device = devices[i];//Open the device for capturing//true -- means promiscuous mode//1000 -- means a read wait of 1000msdevice.PcapOpen(true, 1000);Console.WriteLine();Console.WriteLine("-- Listenning on {0}...",device.PcapDescription);Packet packet = null;//Keep capture packets using PcapGetNextPacket()while( (packet=device.PcapGetNextPacket()) != null ){    // Prints the time and length of each received packet     DateTime time = packet.PcapHeader.Date;    int len = packet.PcapHeader.PacketLength;    Console.WriteLine("{0}:{1}:{2},{3} Len={4}",               time.Hour, time.Minute, time.Second,               time.Millisecond, len);}//Close the pcap device device.PcapClose();Console.WriteLine("-- Capture stopped, device closed.");

PcapSetFilter() 設定過濾條件

 

string filter = "ip and tcp";

device.PcapSetFilter( filter );

 

 

 

下面這個例子通過抓取TCP包,輸出他們的時間,長度,源IP,源連接埠,目的IP,目的連接埠

/// <SUMMARY>/// Prints the time, length, src ip, /// src port, dst ip and dst port/// for each TCP/IP packet received on the network/// </SUMMARY>private static void device_PcapOnPacketArrival(                       object sender, Packet packet){                if(packet is TCPPacket)    {                        DateTime time = packet.Timeval.Date;        int len = packet.PcapHeader.len;         TCPPacket tcp = (TCPPacket)packet;        string srcIp = tcp.SourceAddress;        string dstIp = tcp.DestinationAddress;        int srcPort = tcp.SourcePort;        int dstPort = tcp.DestinationPort;         Console.WriteLine("{0}:{1}:{2},            {3} Len={4} {5}:{6} -> {7}:{8}",             time.Hour, time.Minute, time.Second,             time.Millisecond, len, srcIp, srcPort,             dstIp, dstPort);    } } 

 

使用SharpPCap在C#下進行網路抓包