c# 使用sharppcap实现 网络抓包

原文:http://blog.csdn.net/lan_liang/article/details/7206910

sharppcap的dll下载地址:

http://sourceforge.net/directory/os:windows/?q=sharppcap

详细用法:

http://www.codeproject.com/KB/IP/sharppcap.aspx


为了进一步说明使用方式,在此分享一个我写的wrapper类。

[csharp]  view plain copy print ?
  1. using System;  
  2. using System.Collections.Generic;  
  3. using System.Linq;  
  4. using System.Text;  
  5. using System.IO;  
  6. using System.Threading;  
  7. using SharpPcap;  
  8. using PacketDotNet;  
  9. using SharpPcap.LibPcap;  
  10.   
  11.   
  12. namespace ServerToolV0._1.Capture  
  13. {  
  14.     public class WinCapHelper  
  15.     {  
  16.   
  17.   
  18.         private static object syncObj = new object();  
  19.         private static WinCapHelper _capInstance;  
  20.         public static WinCapHelper WinCapInstance  
  21.         {  
  22.             get  
  23.             {  
  24.                 if (null == _capInstance)  
  25.                 {  
  26.                     lock (syncObj)  
  27.                     {  
  28.                         if (null == _capInstance)  
  29.                         {  
  30.                             _capInstance = new WinCapHelper();  
  31.                         }  
  32.                     }  
  33.                 }  
  34.                 return _capInstance;  
  35.             }  
  36.         }  
  37.   
  38.   
  39.         private Thread _thread;  
  40.   
  41.   
  42.         ///   
  43.         /// when get pocket,callback  
  44.         ///   
  45.         public Action<string> _logAction;  
  46.   
  47.   
  48.         ///   
  49.         /// 过滤条件关键字  
  50.         ///   
  51.         public string filter;  
  52.   
  53.   
  54.         private WinCapHelper()  
  55.         {  
  56.   
  57.   
  58.         }  
  59.   
  60.   
  61.         public void Listen()  
  62.         {  
  63.   
  64.   
  65.             if (_thread != null && _thread.IsAlive)  
  66.             {  
  67.                 return;  
  68.             }  
  69.   
  70.   
  71.             _thread = new Thread(new ThreadStart(() =>  
  72.             {  
  73.   
  74.   
  75.                 遍历网卡  
  76.                 foreach (PcapDevice device in SharpPcap.CaptureDeviceList.Instance)  
  77.                 {  
  78.                     分别启动监听,指定包的处理函数  
  79.                     device.OnPacketArrival +=  
  80.                         new PacketArrivalEventHandler(device_OnPacketArrival);  
  81.                     device.Open(DeviceMode.Normal, 1000);  
  82.                     device.Capture(500);  
  83.                     //device.StartCapture();  
  84.                 }  
  85.             }));  
  86.             _thread.Start();  
  87.         }  
  88.   
  89.   
  90.         ///   
  91.         /// 打印包信息,组合包太复杂了,所以直接把hex字符串打出来了  
  92.         ///   
  93.         ///   
  94.         ///   
  95.         private void PrintPacket(ref string str, Packet p)  
  96.         {  
  97.             if (p != null)  
  98.             {  
  99.                 string s = p.ToString();  
  100.                 if (!string.IsNullOrEmpty(filter) && !s.Contains(filter))  
  101.                 {  
  102.                     return;  
  103.                 }  
  104.   
  105.   
  106.                 str += "\r\n" + s + "\r\n";  
  107.   
  108.   
  109.                 尝试创建新的TCP/IP数据包对象,  
  110.                 第一个参数为以太头长度,第二个为数据包数据块  
  111.                 str += p.PrintHex() + "\r\n";  
  112.             }  
  113.   
  114.   
  115.         }  
  116.   
  117.   
  118.         ///   
  119.         /// 接收到包的处理函数  
  120.         ///   
  121.         ///   
  122.         ///   
  123.         private void device_OnPacketArrival(object sender, CaptureEventArgs e)  
  124.         {  
  125.             解析出基本包  
  126.             var packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);  
  127.   
  128.   
  129.             协议类别  
  130.            // var dlPacket = PacketDotNet.DataLinkPacket.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);  
  131.   
  132.   
  133.              //var ethernetPacket = PacketDotNet.EthernetPacket.GetEncapsulated(packet);  
  134.   
  135.   
  136.             //var internetLinkPacket = PacketDotNet.InternetLinkLayerPacket.Parse(packet.BytesHighPerformance.Bytes);  
  137.             //var internetPacket = PacketDotNet.InternetPacket.Parse(packet.BytesHighPerformance.Bytes);  
  138.   
  139.   
  140.             //var sessionPacket = PacketDotNet.SessionPacket.Parse(packet.BytesHighPerformance.Bytes);  
  141.             //var appPacket = PacketDotNet.ApplicationPacket.Parse(packet.BytesHighPerformance.Bytes);  
  142.             //var pppoePacket = PacketDotNet.PPPoEPacket.Parse(packet.BytesHighPerformance.Bytes);  
  143.   
  144.   
  145.             //var arpPacket = PacketDotNet.ARPPacket.GetEncapsulated(packet);  
  146.             //var ipPacket = PacketDotNet.IpPacket.GetEncapsulated(packet); //ip包  
  147.             //var udpPacket = PacketDotNet.UdpPacket.GetEncapsulated(packet);  
  148.             //var tcpPacket = PacketDotNet.TcpPacket.GetEncapsulated(packet);  
  149.   
  150.   
  151.             string ret = "";  
  152.             PrintPacket(ref ret, packet);  
  153.             //ParsePacket(ref ret, ethernetPacket);  
  154.             //ParsePacket(ref ret, internetLinkPacket);  
  155.             //ParsePacket(ref ret, internetPacket);  
  156.             //ParsePacket(ref ret, sessionPacket);  
  157.             //ParsePacket(ref ret, appPacket);  
  158.             //ParsePacket(ref ret, pppoePacket);  
  159.             //ParsePacket(ref ret, arpPacket);  
  160.             //ParsePacket(ref ret, ipPacket);  
  161.             //ParsePacket(ref ret, udpPacket);  
  162.             //ParsePacket(ref ret, tcpPacket);  
  163.   
  164.   
  165.   
  166.   
  167.             if (!string.IsNullOrEmpty(ret))  
  168.             {  
  169.                 string rlt = "\r\n时间 : " +  
  170.                     DateTime.Now.ToLongTimeString() +  
  171.                     "\r\n数据包: \r\n" + ret;  
  172.                 _logAction(rlt);  
  173.             }  
  174.   
  175.   
  176.         }  
  177.   
  178.   
  179.   
  180.   
  181.         public void StopAll()  
  182.         {  
  183.             foreach (PcapDevice device in SharpPcap.CaptureDeviceList.Instance)  
  184.             {  
  185.   
  186.   
  187.                 if (device.Opened)  
  188.                 {  
  189.                     Thread.Sleep(500);  
  190.                     device.StopCapture();  
  191.                 }  
  192.   
  193.   
  194.                 _logAction("device : " + device.Description + " stoped.\r\n");  
  195.             }  
  196.   
  197.   
  198.             _thread.Abort();  
  199.         }  
  200.   
  201.   
  202.     }  
  203. }  

你可能感兴趣的:(C#)