使用SharpPCap在C#下进行网络抓包转自http://www.cnblogs.com/billmo/archive/2008/11/09/1329972.html 在做大学最后的毕业设计了,无线局域网络远程安全监控策略 PcapOpen()有下面几个方法
promiscuous_mode:在普通的抓取模式下,我们只抓取那些目的地为目标网络的包,而处于promiscuous_mode时,则抓取所有的包,包括转发的包.通常我们都是开启这种模式的 下面是示例:
//Extract a device from the list PcapDevice device = devices[i]; //Register our handler function to the //'packet arrival' event device.PcapOnPacketArrival += new SharpPcap.PacketArrivalEvent(device_PcapOnPacketArrival); //Open the device for capturing //true -- means promiscuous mode //1000 -- means a read wait of 1000ms device.PcapOpen(true, 1000); Console.WriteLine( "-- Listenning on {0}, hit 'Enter' to stop...", device.PcapDescription); //Start the capturing process device.PcapStartCapture(); //Wait for 'Enter' from the user. Console.ReadLine(); //Stop the capturing process device.PcapStopCapture(); //Close the pcap device device.PcapClose();
Note:通常CRC的数据是不在数据包的中的,因为通常错误的CRC包会被自动丢弃.
//Extract a device from the list PcapDevice device = devices[i]; //Open the device for capturing //true -- means promiscuous mode //1000 -- means a read wait of 1000ms device.PcapOpen(true, 1000); Console.WriteLine(); Console.WriteLine("-- Listenning on {0}...", device.PcapDescription); Packet packet = null; //Keep capture packets using PcapGetNextPacket() while( (packet=device.PcapGetNextPacket()) != null ) { // Prints the time and length of each received packet DateTime time = packet.PcapHeader.Date; int len = packet.PcapHeader.PacketLength; Console.WriteLine("{0}:{1}:{2},{3} Len={4}", time.Hour, time.Minute, time.Second, time.Millisecond, len); } //Close the pcap device device.PcapClose(); Console.WriteLine("-- Capture stopped, device closed.");
string filter = "ip and tcp"; device.PcapSetFilter( filter );
下面这个例子通过抓取TCP包,输出他们的时间,长度,源IP,源端口,目的IP,目的端口 /// <SUMMARY> } |
|
来自: goodwangLib > 《我的图书馆》