c# 使用sharppcap实现 网络抓包
sharppcap的dll下载地址:
http://sourceforge.net/directory/os:windows/?q=sharppcap
详细用法:
http://www.codeproject.com/KB/IP/sharppcap.aspx
为了进一步说明使用方式,在此分享一个我写的wrapper类。
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.IO;
using System.Threading;
using SharpPcap;
using PacketDotNet;
using SharpPcap.LibPcap;
namespace ServerToolV0._1.Capture
{
public class WinCapHelper
{
private static object syncObj = new object();
private static WinCapHelper _capInstance;
public static WinCapHelper WinCapInstance
{
get
{
if (null == _capInstance)
{
lock (syncObj)
{
if (null == _capInstance)
{
_capInstance = new WinCapHelper();
}
}
}
return _capInstance;
}
}
private Thread _thread;
/// <summary>
/// when get pocket,callback
/// </summary>
public Action<string> _logAction;
/// <summary>
/// 过滤条件关键字
/// </summary>
public string filter;
private WinCapHelper()
{
}
public void Listen()
{
if (_thread != null && _thread.IsAlive)
{
return;
}
_thread = new Thread(new ThreadStart(() =>
{
遍历网卡
foreach (PcapDevice device in SharpPcap.CaptureDeviceList.Instance)
{
分别启动监听,指定包的处理函数
device.OnPacketArrival +=
new PacketArrivalEventHandler(device_OnPacketArrival);
device.Open(DeviceMode.Normal, 1000);
device.Capture(500);
//device.StartCapture();
}
}));
_thread.Start();
}
/// <summary>
/// 打印包信息,组合包太复杂了,所以直接把hex字符串打出来了
/// </summary>
/// <param name="str"></param>
/// <param name="p"></param>
private void PrintPacket(ref string str, Packet p)
{
if (p != null)
{
string s = p.ToString();
if (!string.IsNullOrEmpty(filter) && !s.Contains(filter))
{
return;
}
str += "\r\n" + s + "\r\n";
尝试创建新的TCP/IP数据包对象,
第一个参数为以太头长度,第二个为数据包数据块
str += p.PrintHex() + "\r\n";
}
}
/// <summary>
/// 接收到包的处理函数
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
private void device_OnPacketArrival(object sender, CaptureEventArgs e)
{
解析出基本包
var packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
协议类别
// var dlPacket = PacketDotNet.DataLinkPacket.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
//var ethernetPacket = PacketDotNet.EthernetPacket.GetEncapsulated(packet);
//var internetLinkPacket = PacketDotNet.InternetLinkLayerPacket.Parse(packet.BytesHighPerformance.Bytes);
//var internetPacket = PacketDotNet.InternetPacket.Parse(packet.BytesHighPerformance.Bytes);
//var sessionPacket = PacketDotNet.SessionPacket.Parse(packet.BytesHighPerformance.Bytes);
//var appPacket = PacketDotNet.ApplicationPacket.Parse(packet.BytesHighPerformance.Bytes);
//var pppoePacket = PacketDotNet.PPPoEPacket.Parse(packet.BytesHighPerformance.Bytes);
//var arpPacket = PacketDotNet.ARPPacket.GetEncapsulated(packet);
//var ipPacket = PacketDotNet.IpPacket.GetEncapsulated(packet); //ip包
//var udpPacket = PacketDotNet.UdpPacket.GetEncapsulated(packet);
//var tcpPacket = PacketDotNet.TcpPacket.GetEncapsulated(packet);
string ret = "";
PrintPacket(ref ret, packet);
//ParsePacket(ref ret, ethernetPacket);
//ParsePacket(ref ret, internetLinkPacket);
//ParsePacket(ref ret, internetPacket);
//ParsePacket(ref ret, sessionPacket);
//ParsePacket(ref ret, appPacket);
//ParsePacket(ref ret, pppoePacket);
//ParsePacket(ref ret, arpPacket);
//ParsePacket(ref ret, ipPacket);
//ParsePacket(ref ret, udpPacket);
//ParsePacket(ref ret, tcpPacket);
if (!string.IsNullOrEmpty(ret))
{
string rlt = "\r\n时间 : " +
DateTime.Now.ToLongTimeString() +
"\r\n数据包: \r\n" + ret;
_logAction(rlt);
}
}
public void StopAll()
{
foreach (PcapDevice device in SharpPcap.CaptureDeviceList.Instance)
{
if (device.Opened)
{
Thread.Sleep(500);
device.StopCapture();
}
_logAction("device : " + device.Description + " stoped.\r\n");
}
_thread.Abort();
}
}
}