sharppcap的dll下载地址:
sourceforge.net/directory/os:windows/?q=sharppcap
详细用法:
www.codeproject.com/kb/ip/sharppcap.aspx
为了进一步说明使用方式,在此分享一个我写的wrapper类。
using system;
using system.collections.generic;
using system.linq;
using system.text;
using system.io;
using system.threading;
using sharppcap;
using packetdotnet;
using sharppcap.libpcap;
namespace servertoolv0._1.capture
{
public class wincaphelper
{
private static object syncobj = new object();
private static wincaphelper _capinstance;
public static wincaphelper wincapinstance
{
get
{
if (null == _capinstance)
{
lock (syncobj)
{
if (null == _capinstance)
{
_capinstance = new wincaphelper();
}
}
}
return _capinstance;
}
}
private thread _thread;
/// <summary>
/// when get pocket,callback
/// </summary>
public action<string> _logaction;
/// <summary>
/// 过滤条件关键字
/// </summary>
public string filter;
private wincaphelper()
{
}
public void listen()
{
if (_thread != null && _thread.isalive)
{
return;
}
_thread = new thread(new threadstart(() =>
{
////遍历网卡
foreach (pcapdevice device in sharppcap.capturedevicelist.instance)
{
////分别启动监听,指定包的处理函数
device.onpacketarrival +=
new packetarrivaleventhandler(device_onpacketarrival);
device.open(devicemode.normal, 1000);
device.capture(500);
//device.startcapture();
}
}));
_thread.start();
}
/// <summary>
/// 打印包信息,组合包太复杂了,所以直接把hex字符串打出来了
/// </summary>
/// <param name="str"></param>
/// <param name="p"></param>
private void printpacket(ref string str, packet p)
{
if (p != null)
{
string s = p.tostring();
if (!string.isnullorempty(filter) && !s.contains(filter))
{
return;
}
str += "\r\n" + s + "\r\n";
////尝试创建新的tcp/ip数据包对象,
////第一个参数为以太头长度,第二个为数据包数据块
str += p.printhex() + "\r\n";
}
}
/// <summary>
/// 接收到包的处理函数
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
private void device_onpacketarrival(object sender, captureeventargs e)
{
////解析出基本包
var packet = packetdotnet.packet.parsepacket(e.packet.linklayertype, e.packet.data);
////协议类别
// var dlpacket = packetdotnet.datalinkpacket.parsepacket(e.packet.linklayertype, e.packet.data);
//var ethernetpacket = packetdotnet.ethernetpacket.getencapsulated(packet);
//var internetlinkpacket = packetdotnet.internetlinklayerpacket.parse(packet.byteshighperformance.bytes);
//var internetpacket = packetdotnet.internetpacket.parse(packet.byteshighperformance.bytes);
//var sessionpacket = packetdotnet.sessionpacket.parse(packet.byteshighperformance.bytes);
//var apppacket = packetdotnet.applicationpacket.parse(packet.byteshighperformance.bytes);
//var pppoepacket = packetdotnet.pppoepacket.parse(packet.byteshighperformance.bytes);
//var arppacket = packetdotnet.arppacket.getencapsulated(packet);
//var ippacket = packetdotnet.ippacket.getencapsulated(packet); //ip包
//var udppacket = packetdotnet.udppacket.getencapsulated(packet);
//var tcppacket = packetdotnet.tcppacket.getencapsulated(packet);
string ret = "";
printpacket(ref ret, packet);
//parsepacket(ref ret, ethernetpacket);
//parsepacket(ref ret, internetlinkpacket);
//parsepacket(ref ret, internetpacket);
//parsepacket(ref ret, sessionpacket);
//parsepacket(ref ret, apppacket);
//parsepacket(ref ret, pppoepacket);
//parsepacket(ref ret, arppacket);
//parsepacket(ref ret, ippacket);
//parsepacket(ref ret, udppacket);
//parsepacket(ref ret, tcppacket);
if (!string.isnullorempty(ret))
{
string rlt = "\r\n时间 : " +
datetime.now.tolongtimestring() +
"\r\n数据包: \r\n" + ret;
_logaction(rlt);
}
}
public void stopall()
{
foreach (pcapdevice device in sharppcap.capturedevicelist.instance)
{
if (device.opened)
{
thread.sleep(500);
device.stopcapture();
}
_logaction("device : " + device.description + " stoped.\r\n");
}
_thread.abort();
}
}
}
以上就是c# 使用sharppcap实现 网络抓包的详情的内容。