public void ProcessPcap()
{
sharpPcapDict = new Dictionary <Connection, TcpRecon>();
PcapDevice device;
try
{
device = SharpPcap.GetPcapOfflineDevice(capFile);
device.PcapOpen();
}
catch (Exception ex)
{
ErrorMessage = "Error Loading pcap with SharpPcap: " + ex.Message;
return;
}
device.PcapOnPacketArrival += new SharpPcap.PacketArrivalEvent(device_PcapOnPacketArrival);
device.PcapCapture(SharpPcap.INFINITE); //parse entire pcap until EOF
device.PcapClose();
foreach (TcpRecon tr in sharpPcapDict.Values)
{
tr.isComplete = true;
if (tr.LastSavedOffset != tr.CurrentOffset)
{
AddNewNode(tr);
}
tr.Close();
}
sharpPcapDict.Clear();
owner.Invoke(Complete, ips);
return;
}
public void ReadPcapFile(string capFile)
{
PcapDevice device;
try
{
//Get an offline file pcap device
device = SharpPcap.GetPcapOfflineDevice(capFile);
//Open the device for capturing
device.PcapOpen();
}
catch (Exception)
{
return;
}
//Register our handler function to the 'packet arrival' event
device.PcapOnPacketArrival +=
new SharpPcap.PacketArrivalEvent(device_PcapOnPacketArrival);
//device.PcapSetFilter(this.tcpDumpFilter);
//Start capture 'INFINTE' number of packets
//This method will return when EOF reached.
device.PcapCapture(SharpPcap.INFINITE);
//Close the pcap device
device.PcapClose();
}
/// <summary>
/// Reconstruct a Pcap file using TcpRecon class
/// </summary>
/// <param name="capFile"></param>
public static void ReconSingleFileSharpPcap(string capFile)
{
PcapDevice device;
//FileInfo fi = new FileInfo(capFile);
var fi = zFile.CreateFileInfo(capFile);
path = fi.DirectoryName + "\\";
try
{
//Get an offline file pcap device
device = SharpPcap.GetPcapOfflineDevice(capFile);
//Open the device for capturing
device.PcapOpen();
}
catch (Exception e)
{
Console.WriteLine(e.Message);
return;
}
//Register our handler function to the 'packet arrival' event
device.PcapOnPacketArrival +=
new SharpPcap.PacketArrivalEvent(device_PcapOnPacketArrival);
// FOR THIS LINE TO WORK YOU NEED TO CHANGE THE
// SHARPPCAP LIBRARY MANUALLY AND REMOVE PcapSetFilter method
// FROM PcapOfflineDevice
//
// add a filter so we get only tcp packets
// device.PcapSetFilter("tcp");
//Start capture 'INFINTE' number of packets
//This method will return when EOF reached.
device.PcapCapture(SharpPcap.INFINITE);
//Close the pcap device
device.PcapClose();
// Clean up
foreach (TcpRecon tr in sharpPcapDict.Values)
{
tr.Close();
}
sharpPcapDict.Clear();
}
public static void Main(string[] args)
{
string ver = Tamir.IPLib.Version.GetVersionString();
/* Print SharpPcap version */
Console.WriteLine("SharpPcap {0}, Example8.ReadFile.cs", ver);
Console.WriteLine();
Console.WriteLine();
Console.Write("-- Please enter an input capture file name: ");
string capFile = Console.ReadLine();
PcapDevice device;
try
{
//Get an offline file pcap device
device = SharpPcap.GetPcapOfflineDevice(capFile);
//Open the device for capturing
device.PcapOpen();
}
catch (Exception e)
{
Console.WriteLine(e.Message);
return;
}
//Register our handler function to the 'packet arrival' event
device.PcapOnPacketArrival +=
new SharpPcap.PacketArrivalEvent(device_PcapOnPacketArrival);
Console.WriteLine();
Console.WriteLine
("-- Capturing from '{0}', hit 'Ctrl-C' to exit...",
capFile);
//Start capture 'INFINTE' number of packets
//This method will return when EOF reached.
device.PcapCapture(SharpPcap.INFINITE);
//Close the pcap device
device.PcapClose();
Console.WriteLine("-- End of file reached.");
Console.Write("Hit 'Enter' to exit...");
Console.ReadLine();
}
private void startCapture()
{
while (IsCapturing)
{
if (_device == null)
{
if (_offlineDevs.Count > 0)
{
DeviceName = _offlineDevs[0];
_device = SharpPcap.GetPcapOfflineDevice(DeviceName);
_offlineDevs.RemoveAt(0);
}
else
{
StopCapture();
}
}
else
{
DeviceName = ((NetworkDevice)_device).Description;
}
try
{
_device.PcapOpen();
}
catch (Exception ee)
{
ErrorMsg = ee.Message;
StopCapture();
return;
}
//Register our handler function to the
//'packet arrival' event
_device.PcapOnPacketArrival += new SharpPcap.PacketArrivalEvent(pcapOnPacketArrival);
//Start the capturing process
_device.PcapCapture(SharpPcap.INFINITE);
//Close the pcap device
_device.PcapClose();
_device = null;
}
}
private static void readFile()
{
string capFile
= @"C:\test2.pcap";//Console.ReadLine();
PcapDevice device;
try
{
//Get an offline file pcap device
device = SharpPcap.GetPcapOfflineDevice(capFile);
//Open the device for capturing
device.PcapOpen();
}
catch (Exception e)
{
Console.WriteLine(e.Message);
return;
}
//Register our handler function to the 'packet arrival' event
device.PcapOnPacketArrival +=
new SharpPcap.PacketArrivalEvent(device_PcapOnPacketArrival);
Console.WriteLine();
Console.WriteLine
("-- Capturing from '{0}', hit 'Ctrl-C' to exit...",
capFile);
//Start capture 'INFINTE' number of packets
//This method will return when EOF reached.
device.PcapCapture(SharpPcap.INFINITE);
//Close the pcap device
device.PcapClose();
Console.WriteLine("-- End of file reached.");
Console.In.ReadLine();
}
static void Main(string[] args)
{
string ver = Tamir.IPLib.Version.GetVersionString();
/* Print SharpPcap version */
Console.WriteLine("SharpPcap {0}, Example12.PacketManipulation.cs", ver);
Console.WriteLine();
/* Retrieve the device list */
PcapDeviceList devices = SharpPcap.GetAllDevices();
/*If no device exists, print error */
if (devices.Count < 1)
{
Console.WriteLine("No device found on this machine");
return;
}
Console.WriteLine("The following devices are available on this machine:");
Console.WriteLine("----------------------------------------------------");
Console.WriteLine();
int i = 0;
/* Scan the list printing every entry */
foreach (PcapDevice dev in devices)
{
/* Description */
Console.WriteLine("{0}) {1}", i, dev.PcapDescription);
i++;
}
Console.WriteLine("{0}) {1}", i, "Read packets from offline pcap file");
Console.WriteLine();
Console.Write("-- Please choose a device to capture: ");
int choice = int.Parse(Console.ReadLine());
PcapDevice device = null;
if (choice == i)
{
Console.Write("-- Please enter an input capture file name: ");
string capFile = Console.ReadLine();
device = SharpPcap.GetPcapOfflineDevice(capFile);
}
else
{
device = devices[choice];
}
//Register our handler function to the 'packet arrival' event
device.PcapOnPacketArrival +=
new Tamir.IPLib.SharpPcap.PacketArrivalEvent(device_PcapOnPacketArrival);
//Open the device for capturing
//true -- means promiscuous mode
//1000 -- means a read wait of 1000ms
device.PcapOpen(true, 1000);
Console.WriteLine();
Console.WriteLine
("-- Listenning on {0}, hit 'Ctrl-C' to exit...",
device.PcapDescription);
//Start capture 'INFINTE' number of packets
device.PcapCapture(SharpPcap.INFINITE);
//Close the pcap device
//(Note: this line will never be called since
// we're capturing infinite number of packets
device.PcapClose();
}
public static void Main(string[] args)
{
string ver = Tamir.IPLib.Version.GetVersionString();
/* Print SharpPcap version */
Console.WriteLine("SharpPcap {0}, Example10.SendQueues.cs", ver);
Console.WriteLine();
Console.Write("-- Please enter an input capture file name: ");
string capFile = Console.ReadLine();
PcapDevice device;
try
{
//Get an offline file pcap device
device = SharpPcap.GetPcapOfflineDevice(capFile);
//Open the device for capturing
device.PcapOpen();
}
catch (Exception e)
{
Console.WriteLine(e.Message);
return;
}
Console.Write("Queueing packets...");
//Allocate a new send queue
PcapSendQueue squeue = new PcapSendQueue
((int)((PcapOfflineDevice)device).PcapFileSize);
Packet packet;
try
{
//Go through all packets in the file and add to the queue
while ((packet = device.PcapGetNextPacket()) != null)
{
if (!squeue.Add(packet))
{
Console.WriteLine("Warning: packet buffer too small, " +
"not all the packets will be sent.");
break;
}
}
}
catch (Exception e)
{
Console.WriteLine(e.Message);
return;
}
Console.WriteLine("OK");
Console.WriteLine();
Console.WriteLine("The following devices are available on this machine:");
Console.WriteLine("----------------------------------------------------");
Console.WriteLine();
int i = 0;
PcapDeviceList devices = SharpPcap.GetAllDevices();
/* Scan the list printing every entry */
foreach (PcapDevice dev in devices)
{
/* Description */
Console.WriteLine("{0}) {1}", i, dev.PcapDescription);
i++;
}
Console.WriteLine();
Console.Write("-- Please choose a device to transmit on: ");
i = int.Parse(Console.ReadLine());
devices[i].PcapOpen();
string resp;
if (devices[i].PcapDataLink != device.PcapDataLink)
{
Console.Write("Warning: the datalink of the capture" +
" differs from the one of the selected interface, continue? [YES|no]");
resp = Console.ReadLine().ToLower();
if ((resp != "") && (!resp.StartsWith("y")))
{
Console.WriteLine("Cancelled by user!");
devices[i].PcapClose();
return;
}
}
device.PcapClose();
device = devices[i];
Console.Write("This will transmit all queued packets through" +
" this device, continue? [YES|no]");
resp = Console.ReadLine().ToLower();
if ((resp != "") && (!resp.StartsWith("y")))
{
Console.WriteLine("Cancelled by user!");
return;
}
try
{
Console.Write("Sending packets...");
int sent = device.PcapSendQueue(squeue, true);
Console.WriteLine("Done!");
if (sent < squeue.CurrentLength)
{
Console.WriteLine("An error occurred sending the packets: {0}. " +
"Only {1} bytes were sent\n", device.PcapLastError, sent);
}
}
catch (Exception e)
{
Console.WriteLine("Error: " + e.Message);
}
//Free the queue
squeue.Dispose();
Console.WriteLine("-- Queue is disposed.");
//Close the pcap device
device.PcapClose();
Console.WriteLine("-- Device closed.");
Console.Write("Hit 'Enter' to exit...");
Console.ReadLine();
}
