轉自http://www.cnblogs.com/billmo/archive/2008/11/09/1329972.html

在做大學最后的畢業設計了,無線局域網絡遠程安全監控策略
那么抓包是這個系統設計的基礎
以前一直都是知道用winpcap的,現在網上搜了一下,有用C#封裝好了的,很好用
下面是其中的幾個用法
這個類庫作者的主頁:http://www.tamirgal.com/home/default.aspx

PcapOpen()有下面幾個方法

• PcapOpen()
• PcapOpen(bool promiscuous_mode)
• PcapOpen(bool promiscuous_mode, int read_timeout)

promiscuous_mode:在普通的抓取模式下,我們只抓取那些目的地為目標網絡的包,而處于promiscuous_mode時,則抓取所有的包,包括轉發的包.通常我們都是開啟這種模式的

下面是示例:

?

//Extract?a?device?from?the?list

PcapDevice?device?=?devices[i];

//Register?our?handler?function?to?the?

//'packet?arrival'?event

device.PcapOnPacketArrival?+=?

??new?SharpPcap.PacketArrivalEvent(device_PcapOnPacketArrival);

//Open?the?device?for?capturing
?
//true?--?means?promiscuous?mode

//1000?--?means?a?read?wait?of?1000ms

device.PcapOpen(true,?1000);

Console.WriteLine(

????"--?Listenning?on?{0},?hit?'Enter'?to?stop...",

????device.PcapDescription);

//Start?the?capturing?process

device.PcapStartCapture();

//Wait?for?'Enter'?from?the?user.

Console.ReadLine();

//Stop?the?capturing?process

device.PcapStopCapture();

//Close?the?pcap?device
device.PcapClose();

?

?

PcapStartCapture()對應PcapStopCapture()

使用PcapCapture(int packetCount)時我們可以使用SharpPcap.INFINITE,來達到持續抓包的功能

?

Note:通常CRC的數據是不在數據包的中的,因為通常錯誤的CRC包會被自動丟棄.

?

上面的需要注冊一個event handle,這在很多時候是不可行的,所以我們推薦使用下面這個方法PcapGetNextPacket()

?

//Extract?a?device?from?the?list

PcapDevice?device?=?devices[i];

//Open?the?device?for?capturing
//true?--?means?promiscuous?mode
//1000?--?means?a?read?wait?of?1000ms
device.PcapOpen(true,?1000);
Console.WriteLine();
Console.WriteLine("--?Listenning?on?{0}...",
device.PcapDescription);
Packet?packet?=?null;

//Keep?capture?packets?using?PcapGetNextPacket()
while(?(packet=device.PcapGetNextPacket())?!=?null?)

{

????//?Prints?the?time?and?length?of?each?received?packet

?

????DateTime?time?=?packet.PcapHeader.Date;

????int?len?=?packet.PcapHeader.PacketLength;

????Console.WriteLine("{0}:{1}:{2},{3}?Len={4}",?

??????????????time.Hour,?time.Minute,?time.Second,?

??????????????time.Millisecond,?len);

}

//Close?the?pcap?device

?

device.PcapClose();

Console.WriteLine("--?Capture?stopped,?device?closed.");

?

?

?

?

PcapSetFilter() 設置過濾條件

?

string filter = "ip and tcp";

device.PcapSetFilter( filter );

?

?

?

下面這個例子通過抓取TCP包,輸出他們的時間,長度,源IP,源端口,目的IP,目的端口

///?<SUMMARY>

///?Prints?the?time,?length,?src?ip,?

///?src?port,?dst?ip?and?dst?port

///?for?each?TCP/IP?packet?received?on?the?network

///?</SUMMARY>

private?static?void?device_PcapOnPacketArrival(
???????????????????????object?sender,?Packet?packet)

{????????????

????if(packet?is?TCPPacket)

????{????????????????

????????DateTime?time?=?packet.Timeval.Date;

????????int?len?=?packet.PcapHeader.len;

?

????????TCPPacket?tcp?=?(TCPPacket)packet;

????????string?srcIp?=?tcp.SourceAddress;

????????string?dstIp?=?tcp.DestinationAddress;

????????int?srcPort?=?tcp.SourcePort;

????????int?dstPort?=?tcp.DestinationPort;

?

????????Console.WriteLine("{0}:{1}:{2},

????????????{3}?Len={4}?{5}:{6}?->?{7}:{8}",?

????????????time.Hour,?time.Minute,?time.Second,?

????????????time.Millisecond,?len,?srcIp,?srcPort,?

????????????dstIp,?dstPort);

????}

}

轉載于:https://www.cnblogs.com/armyao/archive/2010/11/05/1870164.html

總結

以上是生活随笔為你收集整理的使用SharpPCap在C#下进行网络抓包的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。