Beispiel #1
0
        public void Stop()
        {
            uint errno = NetmonAPI.NmStopCapture(_engine, 1);

            if (errno != 0)
            {
                throw new Exception($"Error stopping Capture. NmStopCapture returned: {errno}");
            }

            _engine.Dispose();
            _engine = null;
        }
Beispiel #2
0
        /// <summary>
        /// The callback that is called from the unmanaged code whenever a new packet arrives.
        /// It parses the frame and forwards it to anyone listening on the <see cref="FrameAvailable"/> event
        /// </summary>
        /// <param name="hCaptureEngine">The engine who captured the packet</param>
        /// <param name="ulAdapterIndex">The index of the adapter</param>
        /// <param name="pCallerContext">Context - a way to transfer state from the initializer thread to the callback thread (null in our case)</param>
        /// <param name="hFrame">The handle for the frame</param>
        private void FrameCapturedCallback(IntPtr hCaptureEngine, UInt32 ulAdapterIndex, IntPtr pCallerContext, IntPtr hFrame)
        {
            // Basic parsing: Get MAC (link layer) type & frame's bytes
            uint res = NetmonAPI.NmGetFrameMacType(hFrame, out var macType);

            if (res != 0)
            {
                return;
            }

            // Seems like the MAC value we are getting is not zero-based and it should be
            macType -= 1;

            byte[] rawFrameData = NetmonAPI.NmGetRawFrameManaged(hFrame);

            // Dispose of unmanaged frame handle
            NetmonAPI.NmCloseHandle(hFrame);

            // Forward to any listeners
            FrameAvailable?.Invoke(this, macType, rawFrameData);
        }