使用SharpPCap在C#下進行網路抓包
阿新 • • 發佈:2019-01-26
在做大學最後的畢業設計了,無線區域網絡遠端安全監控策略
那麼抓包是這個系統設計的基礎
以前一直都是知道用winpcap的,現在網上搜了一下,有用C#封裝好了的,很好用
下面是其中的幾個用法
這個類庫作者的主頁:http://www.tamirgal.com/home/default.aspx
PcapDevice device = devices[i];
//Register our handler function to the
//'packet arrival' event
device.PcapOnPacketArrival +=
new SharpPcap.PacketArrivalEvent(device_PcapOnPacketArrival);
//Open the device for capturing
//true -- means promiscuous mode
//1000 -- means a read wait of 1000ms
device.PcapOpen(true, 1000);
Console.WriteLine(
"-- Listenning on {0}, hit 'Enter' to stop...",
device.PcapDescription);
//Start the capturing process
device.PcapStartCapture();
//Wait for 'Enter' from the user.
Console.ReadLine();
//Stop the capturing process
device.PcapStopCapture();
//Close the pcap device
device.PcapClose();
PcapDevice device = devices[i];
//Open the device for capturing
//true -- means promiscuous mode
//1000 -- means a read wait of 1000ms
device.PcapOpen(true, 1000);
Console.WriteLine();
Console.WriteLine("-- Listenning on {0}...",
device.PcapDescription);
Packet packet = null;
//Keep capture packets using PcapGetNextPacket()
while( (packet=device.PcapGetNextPacket()) != null )
{
// Prints the time and length of each received packet
DateTime time = packet.PcapHeader.Date;
int len = packet.PcapHeader.PacketLength;
Console.WriteLine("{0}:{1}:{2},{3} Len={4}",
time.Hour, time.Minute, time.Second,
time.Millisecond, len);
}
//Close the pcap device
device.PcapClose();
Console.WriteLine("-- Capture stopped, device closed.");
/// Prints the time, length, src ip,
/// src port, dst ip and dst port
/// for each TCP/IP packet received on the network
/// </SUMMARY>
private static void device_PcapOnPacketArrival(
object sender, Packet packet)
{
if(packet is TCPPacket)
{
DateTime time = packet.Timeval.Date;
int len = packet.PcapHeader.len;
TCPPacket tcp = (TCPPacket)packet;
string srcIp = tcp.SourceAddress;
string dstIp = tcp.DestinationAddress;
int srcPort = tcp.SourcePort;
int dstPort = tcp.DestinationPort;
Console.WriteLine("{0}:{1}:{2},
{3} Len={4} {5}:{6} -> {7}:{8}",
time.Hour, time.Minute, time.Second,
time.Millisecond, len, srcIp, srcPort,
dstIp, dstPort);
}
那麼抓包是這個系統設計的基礎
以前一直都是知道用winpcap的,現在網上搜了一下,有用C#封裝好了的,很好用
下面是其中的幾個用法
這個類庫作者的主頁:http://www.tamirgal.com/home/default.aspx
PcapOpen()有下面幾個方法
- PcapOpen()
- PcapOpen(bool promiscuous_mode)
- PcapOpen(bool promiscuous_mode, int read_timeout)
promiscuous_mode:在普通的抓取模式下,我們只抓取那些目的地為目標網路的包,而處於promiscuous_mode時,則抓取所有的包,包括轉發的包.通常我們都是開啟這種模式的
下面是示例:
//Extract a device from the listPcapDevice device = devices[i];
//Register our handler function to the
//'packet arrival' event
device.PcapOnPacketArrival +=
new SharpPcap.PacketArrivalEvent(device_PcapOnPacketArrival);
//Open the device for capturing
//true -- means promiscuous mode
//1000 -- means a read wait of 1000ms
device.PcapOpen(true, 1000);
Console.WriteLine(
"-- Listenning on {0}, hit 'Enter' to stop...",
device.PcapDescription);
//Start the capturing process
device.PcapStartCapture();
//Wait for 'Enter' from the user.
Console.ReadLine();
//Stop the capturing process
device.PcapStopCapture();
//Close the pcap device
device.PcapClose();
PcapStartCapture()
對應PcapStopCapture()
使用PcapCapture(
int packetCount)
時我們可以使用
SharpPcap.INFINITE,
來達到持續抓包的功能
Note:通常CRC的資料是不在資料包的中的,因為通常錯誤的CRC包會被自動丟棄.
上面的需要註冊一個event handle,這在很多時候是不可行的,所以我們推薦使用下面這個方法PcapGetNextPacket()
PcapDevice device = devices[i];
//Open the device for capturing
//true -- means promiscuous mode
//1000 -- means a read wait of 1000ms
device.PcapOpen(true, 1000);
Console.WriteLine();
Console.WriteLine("-- Listenning on {0}...",
device.PcapDescription);
Packet packet = null;
//Keep capture packets using PcapGetNextPacket()
while( (packet=device.PcapGetNextPacket()) != null )
{
// Prints the time and length of each received packet
DateTime time = packet.PcapHeader.Date;
int len = packet.PcapHeader.PacketLength;
Console.WriteLine("{0}:{1}:{2},{3} Len={4}",
time.Hour, time.Minute, time.Second,
time.Millisecond, len);
}
//Close the pcap device
device.PcapClose();
Console.WriteLine("-- Capture stopped, device closed.");
PcapSetFilter()
設定過濾條件
string filter = "ip and tcp";
device.PcapSetFilter( filter );
下面這個例子通過抓取TCP包,輸出他們的時間,長度,源IP,源埠,目的IP,目的埠
/// <SUMMARY>/// Prints the time, length, src ip,
/// src port, dst ip and dst port
/// for each TCP/IP packet received on the network
/// </SUMMARY>
private static void device_PcapOnPacketArrival(
object sender, Packet packet)
{
if(packet is TCPPacket)
{
DateTime time = packet.Timeval.Date;
int len = packet.PcapHeader.len;
TCPPacket tcp = (TCPPacket)packet;
string srcIp = tcp.SourceAddress;
string dstIp = tcp.DestinationAddress;
int srcPort = tcp.SourcePort;
int dstPort = tcp.DestinationPort;
Console.WriteLine("{0}:{1}:{2},
{3} Len={4} {5}:{6} -> {7}:{8}",
time.Hour, time.Minute, time.Second,
time.Millisecond, len, srcIp, srcPort,
dstIp, dstPort);
}
}