Example #1
0
 protected virtual void OnPacketArrival(PacketArrivedEventArgs e)
 {
     if (PacketArrival != null)
     {
         PacketArrival(this, e);
     }
 }
Example #2
0
        /// <summary>
        /// 捕捉事件
        /// </summary>
        /// <param name="sender"></param>
        /// <param name="args"></param>
        private void OnCapture(Object sender, PacketArrivedEventArgs args)
        {
            //Console.Clear();
            //Length = Length + args.PacketLength;
            //args.Protocol可以是TCP:/UDP:/ICMP:/IGMP:/UNKNOWN
            if (args.Protocol != Setting.Instance.Protocal.ToString())
            {
                return;
            }

            if (this.capturedIp.ToString() != args.DestinationAddress ||
                args.DestinationPort != Setting.Instance.CapturedPort)
            {
                return;
            }

            Console.WriteLine("  目标IP:" + args.DestinationAddress
                              + "\t目标端口:" + args.DestinationPort
                              + "\t协议版本:" + args.IPVersion
                              + "\t源地址:" + args.OriginationAddress
                              + "\t源端口:" + args.OriginationPort
                              + "\tIP包长度:" + args.PacketLength
                              + "\t协议类型:" + args.Protocol);

            Console.WriteLine(" Data: " + BitConverter.ToString(args.ReceiveBuffer, 16));


            Task.Run(() =>
            {
                DateTime timeCreated = DateTime.Now;
                UInt32 ts_sec        = (UInt32)((timeCreated.Subtract(new DateTime(1970, 1, 1))).TotalSeconds);
                UInt32 ts_usec       = (UInt32)(((timeCreated.Subtract(new DateTime(1970, 1, 1))).TotalMilliseconds) - ((UInt32)((timeCreated.Subtract(new DateTime(1970, 1, 1))).TotalSeconds * 1000))) * 1000;
                UInt32 incl_len      = (UInt32)args.PacketLength;

                PcapPacket packet = new PcapPacket(ts_sec, ts_usec, args.ReceiveBuffer, args.PacketLength);

                writer.WritePacket(packet);
            });
        }
Example #3
0
        /// <summary>
        /// 解析接收的数据包,形成PacketArrivedEventArgs时间数据类对象,并引发PacketArrival事件
        /// </summary>
        /// <param name="buf"></param>
        /// <param name="len"></param>
        unsafe private void Receive(byte[] buf, int len)
        {
            byte      temp_protocol    = 0;
            uint      temp_version     = 0;
            uint      temp_ip_srcaddr  = 0;
            uint      temp_ip_destaddr = 0;
            short     temp_srcport     = 0;
            short     temp_dstport     = 0;
            IPAddress temp_ip;
            PacketArrivedEventArgs e = new PacketArrivedEventArgs();
            udp_hdr *  pUdpheader;  //UDP头结构体指针
            IPHeader * head;        //IP头结构体指针
            tcp_hdr *  pTcpheader;  //TCP头结构体指针
            icmp_hdr * pIcmpheader; //ICMP头结构体指针
            IPHeader2 *Portheader;  //端口指针

            fixed(byte *fixed_buf = buf)
            {
                int lentcp, lenudp, lenicmp, lenip;

                head        = (IPHeader *)fixed_buf;                     //IP头结构体指针
                Portheader  = (IPHeader2 *)fixed_buf;
                pTcpheader  = (tcp_hdr *)(fixed_buf + sizeof(IPHeader)); //TCP头结构体指针
                pUdpheader  = (udp_hdr *)(fixed_buf + sizeof(IPHeader));
                pIcmpheader = (icmp_hdr *)(fixed_buf + sizeof(IPHeader));

                //计算各种包的长度(只有判断是否是该包后才有意义,先计算出来)
                lenip = ntohs(head->ip_totallength);
                try
                {
                    lentcp  = ntohs(head->ip_totallength) - (sizeof(IPHeader) + sizeof(tcp_hdr));
                    lenudp  = ntohs(head->ip_totallength) - (sizeof(IPHeader) + sizeof(udp_hdr));
                    lenicmp = ntohs(head->ip_totallength) - (sizeof(IPHeader) + sizeof(icmp_hdr));


                    e.HeaderLength = (uint)(head->ip_verlen & 0x0F) << 2;
                    temp_protocol  = head->ip_protocol;
                    temp_dstport   = *(short *)&fixed_buf[e.HeaderLength + 2];


                    switch (temp_protocol)
                    {
                    case 1:
                        e.Protocol = "ICMP"; break;

                    case 2:
                        e.Protocol = "IGMP"; break;

                    case 6:
                        e.Protocol        = "TCP";
                        e.DestinationPort = ntoUint(pTcpheader->dport);
                        e.PacketLength    = (uint)lenip + (uint)(sizeof(IPHeader) + sizeof(tcp_hdr));
                        break;

                    case 17:
                        e.Protocol        = "UDP";
                        e.DestinationPort = ntoUint(pUdpheader->dport);
                        e.PacketLength    = (uint)lenudp + (uint)(sizeof(IPHeader) + sizeof(udp_hdr));
                        break;

                    default:
                        e.Protocol = "UNKNOWN"; break;
                    }

                    temp_version         = (uint)(head->ip_verlen & 0xF0) >> 4;
                    e.IPVersion          = temp_version.ToString();
                    temp_ip_srcaddr      = head->ip_srcaddr;
                    temp_ip_destaddr     = head->ip_destaddr;
                    temp_ip              = new IPAddress(temp_ip_srcaddr);
                    e.OriginationAddress = temp_ip.ToString();
                    temp_ip              = new IPAddress(temp_ip_destaddr);
                    e.DestinationAddress = temp_ip.ToString();
                    temp_srcport         = *(short *)&fixed_buf[e.HeaderLength];
                    e.OriginationPort    = (Portheader->sport);

                    //int acb = IPAddress.NetworkToHostOrder(Portheader->sport);
                    //e.DestinationPort = ntoUint(Portheader->dport);
                    //int abc = IPAddress.NetworkToHostOrder(Portheader->dport);

                    //e.PacketLength = (uint)lenip;
                    e.MessageLength  = e.PacketLength - e.HeaderLength;
                    e.ReceiveBuffer  = new byte[e.PacketLength];
                    e.IPHeaderBuffer = new byte[e.HeaderLength];
                    e.MessageBuffer  = new byte[e.MessageLength];

                    //把buf中的IP头赋给PacketArrivedEventArgs中的IPHeaderBuffer
                    Array.Copy(buf, 0, e.IPHeaderBuffer, 0, (int)e.HeaderLength);
                    //把buf中的包中内容赋给PacketArrivedEventArgs中的MessageBuffer
                    Array.Copy(buf, (int)e.HeaderLength, e.MessageBuffer, 0, (int)e.MessageLength);


                    //如果是TCP或UDP协议,则生成IP数据包
                    if (temp_protocol == 6 || temp_protocol == 17)
                    {
                        byte[] data = new byte[e.PacketLength];
                        Array.Copy(buf, 0, data, 0, e.PacketLength);
                        e.ReceiveBuffer = NetUtils.GeneratLinkData(e.OriginationAddress
                                                                   , e.DestinationAddress
                                                                   , PacketType.IPv4
                                                                   , data);
                    }
                    else
                    {
                        e.ReceiveBuffer = new byte[e.PacketLength];
                        Array.Copy(buf, 0, e.ReceiveBuffer, 0, e.PacketLength);
                    }
                }
                catch { }
            }

            //引发PacketArrival事件
            OnPacketArrival(e);
        }