c# 使用sharppcap实现 网络抓包

原文：http://blog.csdn.net/lan_liang/article/details/7206910

sharppcap的dll下载地址：

http://sourceforge.net/directory/os:windows/?q=sharppcap

详细用法：

http://www.codeproject.com/KB/IP/sharppcap.aspx

为了进一步说明使用方式，在此分享一个我写的wrapper类。

 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Text;
 using System.IO;
 using System.Threading;
 using SharpPcap;
 using PacketDotNet;
 using SharpPcap.LibPcap;


 namespace ServerToolV0._1.Capture
 {
     public class WinCapHelper
     {


         private static object syncObj = new object();
         private static WinCapHelper _capInstance;
         public static WinCapHelper WinCapInstance
         {
             get
             {
                 if (null == _capInstance)
                 {
                     lock (syncObj)
                     {
                         if (null == _capInstance)
                         {
                             _capInstance = new WinCapHelper();
                         }
                     }
                 }
                 return _capInstance;
             }
         }


         private Thread _thread;


         ///
         /// when get pocket,callback
         ///
         public Action<string> _logAction;


         ///
         /// 过滤条件关键字
         ///
         public string filter;


         private WinCapHelper()
         {


         }


         public void Listen()
         {


             if (_thread != null && _thread.IsAlive)
             {
                 return;
             }


             _thread = new Thread(new ThreadStart(() =>
             {


                 遍历网卡
                 foreach (PcapDevice device in SharpPcap.CaptureDeviceList.Instance)
                 {
                     分别启动监听，指定包的处理函数
                     device.OnPacketArrival +=
                         new PacketArrivalEventHandler(device_OnPacketArrival);
                     device.Open(DeviceMode.Normal, 1000);
                     device.Capture(500);
                     //device.StartCapture();
                 }
             }));
             _thread.Start();
         }


         ///
         /// 打印包信息，组合包太复杂了，所以直接把hex字符串打出来了
         ///
         ///
         ///
         private void PrintPacket(ref string str, Packet p)
         {
             if (p != null)
             {
                 string s = p.ToString();
                 if (!string.IsNullOrEmpty(filter) && !s.Contains(filter))
                 {
                     return;
                 }


                 str += "\r\n" + s + "\r\n";


                 尝试创建新的TCP/IP数据包对象，
                 第一个参数为以太头长度，第二个为数据包数据块
                 str += p.PrintHex() + "\r\n";
             }


         }


         ///
         /// 接收到包的处理函数
         ///
         ///
         ///
         private void device_OnPacketArrival(object sender, CaptureEventArgs e)
         {
             解析出基本包
             var packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);


             协议类别
            // var dlPacket = PacketDotNet.DataLinkPacket.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);


              //var ethernetPacket = PacketDotNet.EthernetPacket.GetEncapsulated(packet);


             //var internetLinkPacket = PacketDotNet.InternetLinkLayerPacket.Parse(packet.BytesHighPerformance.Bytes);
             //var internetPacket = PacketDotNet.InternetPacket.Parse(packet.BytesHighPerformance.Bytes);


             //var sessionPacket = PacketDotNet.SessionPacket.Parse(packet.BytesHighPerformance.Bytes);
             //var appPacket = PacketDotNet.ApplicationPacket.Parse(packet.BytesHighPerformance.Bytes);
             //var pppoePacket = PacketDotNet.PPPoEPacket.Parse(packet.BytesHighPerformance.Bytes);


             //var arpPacket = PacketDotNet.ARPPacket.GetEncapsulated(packet);
             //var ipPacket = PacketDotNet.IpPacket.GetEncapsulated(packet); //ip包
             //var udpPacket = PacketDotNet.UdpPacket.GetEncapsulated(packet);
             //var tcpPacket = PacketDotNet.TcpPacket.GetEncapsulated(packet);


             string ret = "";
             PrintPacket(ref ret, packet);
             //ParsePacket(ref ret, ethernetPacket);
             //ParsePacket(ref ret, internetLinkPacket);
             //ParsePacket(ref ret, internetPacket);
             //ParsePacket(ref ret, sessionPacket);
             //ParsePacket(ref ret, appPacket);
             //ParsePacket(ref ret, pppoePacket);
             //ParsePacket(ref ret, arpPacket);
             //ParsePacket(ref ret, ipPacket);
             //ParsePacket(ref ret, udpPacket);
             //ParsePacket(ref ret, tcpPacket);




             if (!string.IsNullOrEmpty(ret))
             {
                 string rlt = "\r\n时间 : " +
                     DateTime.Now.ToLongTimeString() +
                     "\r\n数据包: \r\n" + ret;
                 _logAction(rlt);
             }


         }




         public void StopAll()
         {
             foreach (PcapDevice device in SharpPcap.CaptureDeviceList.Instance)
             {


                 if (device.Opened)
                 {
                     Thread.Sleep(500);
                     device.StopCapture();
                 }


                 _logAction("device : " + device.Description + " stoped.\r\n");
             }


             _thread.Abort();
         }


     }
 }