C# 使用sharppcap实现 网络抓包

m47c 9年前

sharppcap的dll下载地址:

http://sourceforge.net/directory/os:windows/?q=sharppcap

详细用法:

http://www.codeproject.com/KB/IP/sharppcap.aspx


为了进一步说明使用方式,在此分享一个我写的wrapper类。

    using System;        using System.Collections.Generic;        using System.Linq;        using System.Text;        using System.IO;        using System.Threading;        using SharpPcap;        using PacketDotNet;        using SharpPcap.LibPcap;                        namespace ServerToolV0._1.Capture        {            public class WinCapHelper            {                                private static object syncObj = new object();                private static WinCapHelper _capInstance;                public static WinCapHelper WinCapInstance                {                    get                    {                        if (null == _capInstance)                        {                            lock (syncObj)                            {                                if (null == _capInstance)                                {                                    _capInstance = new WinCapHelper();                                }                            }                        }                        return _capInstance;                    }                }                                private Thread _thread;                                /// <summary>                /// when get pocket,callback                /// </summary>                public Action<string> _logAction;                                /// <summary>                /// 过滤条件关键字                /// </summary>                public string filter;                                private WinCapHelper()                {                                }                                public void Listen()                {                                    if (_thread != null && _thread.IsAlive)                    {                        return;                    }                                    _thread = new Thread(new ThreadStart(() =>                    {                                        ////遍历网卡                        foreach (PcapDevice device in SharpPcap.CaptureDeviceList.Instance)                        {                            ////分别启动监听,指定包的处理函数                            device.OnPacketArrival +=                                new PacketArrivalEventHandler(device_OnPacketArrival);                            device.Open(DeviceMode.Normal, 1000);                            device.Capture(500);                            //device.StartCapture();                        }                    }));                    _thread.Start();                }                                /// <summary>                /// 打印包信息,组合包太复杂了,所以直接把hex字符串打出来了                /// </summary>                /// <param name="str"></param>                /// <param name="p"></param>                private void PrintPacket(ref string str, Packet p)                {                    if (p != null)                    {                        string s = p.ToString();                        if (!string.IsNullOrEmpty(filter) && !s.Contains(filter))                        {                            return;                        }                                        str += "\r\n" + s + "\r\n";                                        ////尝试创建新的TCP/IP数据包对象,                        ////第一个参数为以太头长度,第二个为数据包数据块                        str += p.PrintHex() + "\r\n";                    }                                }                                /// <summary>                /// 接收到包的处理函数                /// </summary>                /// <param name="sender"></param>                /// <param name="e"></param>                private void device_OnPacketArrival(object sender, CaptureEventArgs e)                {                    ////解析出基本包                    var packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);                                    ////协议类别                   // var dlPacket = PacketDotNet.DataLinkPacket.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);                                     //var ethernetPacket = PacketDotNet.EthernetPacket.GetEncapsulated(packet);                                    //var internetLinkPacket = PacketDotNet.InternetLinkLayerPacket.Parse(packet.BytesHighPerformance.Bytes);                    //var internetPacket = PacketDotNet.InternetPacket.Parse(packet.BytesHighPerformance.Bytes);                                    //var sessionPacket = PacketDotNet.SessionPacket.Parse(packet.BytesHighPerformance.Bytes);                    //var appPacket = PacketDotNet.ApplicationPacket.Parse(packet.BytesHighPerformance.Bytes);                    //var pppoePacket = PacketDotNet.PPPoEPacket.Parse(packet.BytesHighPerformance.Bytes);                                    //var arpPacket = PacketDotNet.ARPPacket.GetEncapsulated(packet);                    //var ipPacket = PacketDotNet.IpPacket.GetEncapsulated(packet); //ip包                    //var udpPacket = PacketDotNet.UdpPacket.GetEncapsulated(packet);                    //var tcpPacket = PacketDotNet.TcpPacket.GetEncapsulated(packet);                                    string ret = "";                    PrintPacket(ref ret, packet);                    //ParsePacket(ref ret, ethernetPacket);                    //ParsePacket(ref ret, internetLinkPacket);                    //ParsePacket(ref ret, internetPacket);                    //ParsePacket(ref ret, sessionPacket);                    //ParsePacket(ref ret, appPacket);                    //ParsePacket(ref ret, pppoePacket);                    //ParsePacket(ref ret, arpPacket);                    //ParsePacket(ref ret, ipPacket);                    //ParsePacket(ref ret, udpPacket);                    //ParsePacket(ref ret, tcpPacket);                                                    if (!string.IsNullOrEmpty(ret))                    {                        string rlt = "\r\n时间 : " +                            DateTime.Now.ToLongTimeString() +                            "\r\n数据包: \r\n" + ret;                        _logAction(rlt);                    }                                }                                                public void StopAll()                {                    foreach (PcapDevice device in SharpPcap.CaptureDeviceList.Instance)                    {                                        if (device.Opened)                        {                            Thread.Sleep(500);                            device.StopCapture();                        }                                        _logAction("device : " + device.Description + " stoped.\r\n");                    }                                    _thread.Abort();                }                            }        }  

来自:http://blog.csdn.net/lan_liang/article/details/7206910