转自http://www.cnblogs.com/billmo/archive/2008/11/09/1329972.html
在做大学最后的毕业设计了,无线局域网络远程安全监控策略那么抓包是这个系统设计的基础以前一直都是知道用winpcap的,现在网上搜了一下,有用C#封装好了的,很好用下面是其中的几个用法这个类库作者的主页:http://www.tamirgal.com/home/default.aspx
PcapOpen()有下面几个方法
PcapOpen() PcapOpen(bool promiscuous_mode) PcapOpen(bool promiscuous_mode, int read_timeout)promiscuous_mode:在普通的抓取模式下,我们只抓取那些目的地为目标网络的包,而处于promiscuous_mode时,则抓取所有的包,包括转发的包.通常我们都是开启这种模式的
下面是示例:
// Extract a device from the list PcapDevice device = devices[i]; // Register our handler function to the // 'packet arrival' event device.PcapOnPacketArrival += new SharpPcap.PacketArrivalEvent(device_PcapOnPacketArrival); // Open the device for capturing // true -- means promiscuous mode // 1000 -- means a read wait of 1000ms device.PcapOpen( true , 1000 );Console.WriteLine( " -- Listenning on {0}, hit 'Enter' to stop... " , device.PcapDescription); // Start the capturing process device.PcapStartCapture(); // Wait for 'Enter' from the user. Console.ReadLine(); // Stop the capturing process device.PcapStopCapture(); // Close the pcap device device.PcapClose();
PcapStartCapture()对应PcapStopCapture()
使用PcapCapture(int packetCount)时我们可以使用SharpPcap.INFINITE,来达到持续抓包的功能
Note:通常CRC的数据是不在数据包的中的,因为通常错误的CRC包会被自动丢弃.
上面的需要注册一个event handle,这在很多时候是不可行的,所以我们推荐使用下面这个方法PcapGetNextPacket()
// Extract a device from the list PcapDevice device = devices[i]; // Open the device for capturing // true -- means promiscuous mode // 1000 -- means a read wait of 1000ms device.PcapOpen( true , 1000 );Console.WriteLine();Console.WriteLine( " -- Listenning on {0}... " ,device.PcapDescription);Packet packet = null ; // Keep capture packets using PcapGetNextPacket() while ( (packet = device.PcapGetNextPacket()) != null ) { // Prints the time and length of each received packet DateTime time = packet.PcapHeader.Date; int len = packet.PcapHeader.PacketLength; Console.WriteLine("{0}:{1}:{2},{3} Len={4}", time.Hour, time.Minute, time.Second, time.Millisecond, len);} // Close the pcap device device.PcapClose();Console.WriteLine( " -- Capture stopped, device closed. " );
PcapSetFilter() 设置过滤条件
string filter = "ip and tcp"; device.PcapSetFilter( filter );
下面这个例子通过抓取TCP包,输出他们的时间,长度,源IP,源端口,目的IP,目的端口
/// <SUMMARY>/// Prints the time, length, src ip, /// src port, dst ip and dst port/// for each TCP/IP packet received on the network/// </SUMMARY>private static void device_PcapOnPacketArrival( object sender, Packet packet){ if(packet is TCPPacket) { DateTime time = packet.Timeval.Date; int len = packet.PcapHeader.len; TCPPacket tcp = (TCPPacket)packet; string srcIp = tcp.SourceAddress; string dstIp = tcp.DestinationAddress; int srcPort = tcp.SourcePort; int dstPort = tcp.DestinationPort; Console.WriteLine("{0}:{1}:{2}, {3} Len={4} {5}:{6} -> {7}:{8}", time.Hour, time.Minute, time.Second, time.Millisecond, len, srcIp, srcPort, dstIp, dstPort); }
}
转载于:https://www.cnblogs.com/armyao/archive/2010/11/05/1870164.html
相关资源:垃圾分类数据集及代码