public void StartHijack()
{
Task.Run(delegate {
IList <LivePacketDevice> allDevices = LivePacketDevice.AllLocalMachine;
if (allDevices.Count == 0)
{
MessageBox.Show("未找到网卡。请确认已安装WinPcap。");
return;
}
foreach (var selectedDevice in allDevices)
{
Task.Run(delegate
{
PacketCommunicator communicator =
selectedDevice.Open(65536, PacketDeviceOpenAttributes.Promiscuous, 1000);
if (communicator.DataLink.Kind != DataLinkKind.Ethernet)
{
return;
}
using (BerkeleyPacketFilter filter = communicator.CreateFilter("tcp and dst port 80"))
{
communicator.SetFilter(filter);
}
communicator.ReceivePackets(0, PacketHandler);
});
}
this.BeginInvoke(new EventHandler(delegate {
lbMsg.Text = "监听已启动";
}));
});
}
/// <summary>
/// Captures packets via the selected device
/// </summary>
void ReadPackets(PacketDevice selectedDevice)
{
// Open the device
using (PacketCommunicator communicator =
selectedDevice.Open(65536, // portion of the packet to capture
// 65536 guarantees that the whole packet will be captured on all the link layers
PacketDeviceOpenAttributes.Promiscuous, // promiscuous mode
1000)) // read timeout
{
// Check the link layer. We support only Ethernet for simplicity.
if (communicator.DataLink.Kind != DataLinkKind.Ethernet)
{
throw new FormatException("This program works only on Ethernet networks.");
}
// Compile the filter
using (BerkeleyPacketFilter filter = communicator.CreateFilter("ip and (tcp or udp)"))
{
// Set the filter
communicator.SetFilter(filter);
}
// start the capture
try
{
communicator.ReceivePackets(0, PacketHandler);
}
catch (Exception ex)
{
Debug.WriteLine("Communicator: " + ex.Message);
return;
}
}
}
private void CapturePacket()
{
int deviceIndex = 0;
try
{
deviceIndex = Int32.Parse(comboBoxInterfaces.SelectedValue.ToString());
}
catch
{
}
// Take the selected adapter
PacketDevice selectedDevice = allDevices[deviceIndex - 1];
// Open the device
using (PacketCommunicator communicator =
selectedDevice.Open(65536, // portion of the packet to capture
// 65536 guarantees that the whole packet will be captured on all the link layers
PacketDeviceOpenAttributes.Promiscuous, // promiscuous mode
1000)) // read timeout
{
labelDescription.Text = "Listening on " + InterFaces.Rows[deviceIndex - 1]["Description"] + "...";
using (BerkeleyPacketFilter filter = communicator.CreateFilter("icmp"))
{
// Set the filter
communicator.SetFilter(filter);
}
// start the capture
communicator.ReceivePackets(0, DevicePingHandler);
}
}
public void Run()
{
if (selectedDevice != null)
{
using (PacketCommunicator communicator = selectedDevice.Open(65536, PacketDeviceOpenAttributes.Promiscuous, 1000))
{
// Check the link layer. We support only Ethernet for simplicity.
if (communicator.DataLink.Kind != DataLinkKind.Ethernet)
{
CLI.PrintQueueLog(Channel.Zero, "이더넷 프로토콜에서만 작동합니다..", ConsoleColor.White);
return;
}
// Compile the filter
using (BerkeleyPacketFilter filter = communicator.CreateFilter("ip and tcp and (port 80 or portrange 8000-9000)"))
{
// Set the filter
communicator.SetFilter(filter);
}
CLI.PrintQueueLog(Channel.Zero, "패킷 읽기 시작!", ConsoleColor.Yellow);
CLI.ShowToast("PCAP", "통발 블랙박스", "패킷 파싱을 시작합니다.", "");
// start the capture
communicator.ReceivePackets(0, PacketHandler);
}
}
else
{
CLI.PrintQueueLog(Channel.Zero, "장치가 선택되지 않았습니다.", ConsoleColor.White);
}
}
private void PaketYakala(String filtre = "ip")
{
for (int i = 0; i != allDevices.Count; ++i)
{
LivePacketDevice device = allDevices[i];
}
selectedDevice = allDevices[deviceIndex - 1];
using (PacketCommunicator communicator =
selectedDevice.Open(65536, // portion of the packet to capture
// 65536 guarantees that the whole packet will be captured on all the link layers
PacketDeviceOpenAttributes.Promiscuous, // promiscuous mode
1000)) // read timeout
{
// Check the link layer. We support only Ethernet for simplicity.
if (communicator.DataLink.Kind != DataLinkKind.Ethernet)
{
Console.WriteLine("This program works only on Ethernet networks.");
return;
}
// Compile the filter
using (BerkeleyPacketFilter filter = communicator.CreateFilter(filtre))
{
// Set the filter
communicator.SetFilter(filter);
}
label2.Text = selectedDevice.Description;
// start the capture
communicator.ReceivePackets(0, PacketHandler);
}
}
/// <summary>
/// Setup filter and start capture
/// Return when an error occurs or StopCapture is called
/// </summary>
/// <param name="callback">Callback to handle packets</param>
/// <param name="ErrorMsg">When return contains the error description</param>
public void StartCapture(HandlePacket callback, out string ErrorMsg)
{
// Check the link layer. We support only Ethernet
if (communicator.DataLink.Kind != DataLinkKind.Ethernet)
{
ErrorMsg = "This program works only on Ethernet networks.";
return;
}
// Compile the filter
using (BerkeleyPacketFilter filter =
communicator.CreateFilter(SnifferConfig.Filter.FilterString)) {
communicator.SetFilter(filter);
}
using (PacketDumpFile dumpFile = communicator.OpenDump(DumpFileName))
{
try {
// start the capture
communicator.ReceivePackets(0,
delegate(Packet packet)
{
dumpFile.Dump(packet);
callback(packet);
});
}
catch (Exception ex) {
ErrorMsg = ex.Message;
}
}
ErrorMsg = null;
}
/// <summary>
/// Start an off-line capture
/// </summary>
/// <param name="file">The dump file name to capture</param>
/// <param name="callback">Callback to handle packets</param>
/// <param name="IsBadDumpFile">Flag indicates whether the dump file is invalid</param>
public static void StartOfflineCapture(string file, HandlePacket callback, ref bool IsBadDumpFile)
{
PacketCommunicator pc = communicator;
try {
// Create the off-line device
OfflinePacketDevice selectedDevice = new OfflinePacketDevice(file);
communicator =
selectedDevice.Open(65536, // portion of the packet to capture
// 65536 guarantees that the whole packet will be captured on all the link layers
PacketDeviceOpenAttributes.Promiscuous, // promiscuous mode
1000); // read timeout
// Compile the filter
using (BerkeleyPacketFilter filter =
communicator.CreateFilter(SnifferConfig.Filter.FilterString)) {
communicator.SetFilter(filter);
}
// Read and dispatch packets until EOF is reached
communicator.ReceivePackets(0, callback);
}
catch (Exception) {
IsBadDumpFile = true;
}
finally {
if (pc != null)
{
communicator = pc;
}
}
}
public void Start()
{
// Start scanning WoW packets
// Retrieve the device list from the local machine
IList <LivePacketDevice> allDevices = LivePacketDevice.AllLocalMachine;
if (allDevices.Count == 0)
{
Logger.Warn("No interfaces found! Can't scan WoW packets.");
return;
}
// Take the selected adapter
PacketDevice selectedDevice = allDevices.First();
// Open the device
_communicator = selectedDevice.Open(65536, PacketDeviceOpenAttributes.Promiscuous, 40);
Logger.Debug("Listening on " + selectedDevice.Description + " for WoW packets");
// Compile the filter
using (var filter = _communicator.CreateFilter("tcp"))
{
// Set the filter
_communicator.SetFilter(filter);
}
Task.Run(() => ReceivePackets());
}
private void CreateListener()
{
IList <LivePacketDevice> allDevices = LivePacketDevice.AllLocalMachine;
if (allDevices.Count == 0)
{
Debug.WriteLine("No Network Interface Found! Please make sure WinPcap is properly installed.");
return;
}
for (int i = 0; i != allDevices.Count; i++)
{
LivePacketDevice device = allDevices[i];
if (device.Description != null)
{
Debug.WriteLine(" (" + device.Description + ")");
}
else
{
Debug.WriteLine(" (Unknown)");
}
}
using (List <LivePacketDevice> .Enumerator enumerator = allDevices.ToList <LivePacketDevice>().GetEnumerator())
{
while (enumerator.MoveNext())
{
PacketDevice selectedDevice = enumerator.Current;
if (selectedDevice.Attributes == DeviceAttributes.Loopback)
{
continue;
}
new Thread(delegate()
{
try
{
using (PacketCommunicator communicator = selectedDevice.Open(65536, PacketDeviceOpenAttributes.Promiscuous, 1000))
{
if (communicator.DataLink.Kind != DataLinkKind.Ethernet)
{
Debug.WriteLine("This program works only on Ethernet networks.");
}
else
{
using (BerkeleyPacketFilter filter = communicator.CreateFilter("ip and udp"))
{
communicator.SetFilter(filter);
}
Console.WriteLine("Capturing on " + selectedDevice.Description + "...");
communicator.ReceivePackets(0, new HandlePacket(photonPacketHandler.PacketHandler));
}
}
}
catch (NotSupportedException ex)
{
Console.WriteLine($"Error listening on {selectedDevice.Description} because of {ex.Message}. Skipping this device. If it still works you can ignore this");
}
}).Start();
}
}
}
private void createListener()
{
IList <LivePacketDevice> allDevices = LivePacketDevice.AllLocalMachine;
if (allDevices.Count == 0)
{
MessageBox.Show("No interfaces found! Make sure WinPcap is installed.");
return;
}
// Print the list
for (int i = 0; i != allDevices.Count; ++i)
{
LivePacketDevice device = allDevices[i];
if (device.Description != null)
{
Console.WriteLine(" (" + device.Description + ")");
}
else
{
Console.WriteLine(" (No description available)");
}
}
foreach (PacketDevice selectedDevice in allDevices.ToList())
{
// Open the device
Thread t = new Thread(() =>
{
using (PacketCommunicator communicator =
selectedDevice.Open(65536, // portion of the packet to capture
// 65536 guarantees that the whole packet will be captured on all the link layers
PacketDeviceOpenAttributes.Promiscuous, // promiscuous mode
1000)) // read timeout
{
// Check the link layer. We support only Ethernet for simplicity.
if (communicator.DataLink.Kind != DataLinkKind.Ethernet)
{
Console.WriteLine("This program works only on Ethernet networks.");
return;
}
// Compile the filter
using (BerkeleyPacketFilter filter = communicator.CreateFilter("ip and udp"))
{
// Set the filter
communicator.SetFilter(filter);
}
Console.WriteLine("Listening on " + selectedDevice.Description + "...");
// start the capture
communicator.ReceivePackets(0, photonPacketHandler.PacketHandler);
}
});
t.Start();
}
}
static void Main(string[] args)
{
// Lista urządzeń
IList <LivePacketDevice> allDevices = LivePacketDevice.AllLocalMachine;
if (allDevices.Count == 0)
{
Console.WriteLine("No interfaces found! Make sure WinPcap is installed.");
return;
}
// Wypisuje urządzenia
for (int i = 0; i != allDevices.Count; ++i)
{
LivePacketDevice device = allDevices[i];
Console.WriteLine((i + 1) + ". " + device.Description);
if (device.Description == null)
{
Console.Write((i + 1) + ". " + device.Name);
Console.WriteLine(" (No description available)");
}
}
int deviceIndex = 0;
//wprowadzanie numeru urzadzenia
do
{
Console.WriteLine("Enter the interface number (1-" + allDevices.Count + "):");
string deviceIndexString = Console.ReadLine();
if (!int.TryParse(deviceIndexString, out deviceIndex) ||
deviceIndex < 1 || deviceIndex > allDevices.Count)
{
deviceIndex = 0;
}
} while (deviceIndex == 0);
PacketDevice selectedDevice = allDevices[deviceIndex - 1];
// Ustawiamy komunikator do przechwytywania z urządzenia
using (PacketCommunicator communicator =
selectedDevice.Open(65536, // portion of the packet to capture
// 65536 guarantees that the whole packet will be captured on all the link layers
PacketDeviceOpenAttributes.Promiscuous, // promiscuous mode
1000)) // read timeout
{
// Filter
Console.WriteLine("If you want, you can specify filter now");
using (BerkeleyPacketFilter filter = communicator.CreateFilter(Console.ReadLine()))
{
communicator.SetFilter(filter);
}
Console.WriteLine("Listening on " + selectedDevice.Description + "...");
// przechwytywanie
communicator.ReceivePackets(0, PacketHandler);
}
}
private void worker_DoWork(object sender, DoWorkEventArgs e)
{
IPDict = new Dictionary <IpV4Address, int>();
using (PacketCommunicator communicator = selectedDevice.Open(1024, PacketDeviceOpenAttributes.Promiscuous, 200))
{
Packet packet;
using (BerkeleyPacketFilter filter = communicator.CreateFilter("ip and udp"))
{
communicator.SetFilter(filter);
}
for (int i = 0; i < 10; i++)
{
if (packetCaptureWorker.CancellationPending)
{
e.Cancel = true;
return;
}
PacketCommunicatorReceiveResult result = communicator.ReceivePacket(out packet);
switch (result)
{
case PacketCommunicatorReceiveResult.Timeout:
continue;
case PacketCommunicatorReceiveResult.Ok:
IpV4Datagram ip = packet.Ethernet.IpV4;
if (ip.Source.ToString() == localIP.ToString())
{
if (IPDict.ContainsKey(ip.Destination))
{
IPDict[ip.Destination]++;
}
else
{
IPDict.Add(ip.Destination, 1);
}
}
else if (ip.Destination.ToString() == localIP.ToString())
{
if (IPDict.ContainsKey(ip.Source))
{
IPDict[ip.Source]++;
}
else
{
IPDict.Add(ip.Source, 1);
}
}
break;
default:
throw new InvalidOperationException();
}
}
}
}
private void buttonAgKesfi_Click(object sender, EventArgs e) // Ağda bulunan ciahzların mac adresleri bu fonksiyon yardımıyla arp paketleri gönderilerek elde edilir.
{
byte altdeger = Convert.ToByte(textBox2.Text); //Ağ keşfi için kullanılacak sınır ipler belirlendi.
byte ustdeger = Convert.ToByte(textBox3.Text); //Ağ keşfi için kullanılacak sınır ipler belirlendi.
IList <LivePacketDevice> allDevices = LivePacketDevice.AllLocalMachine;
PacketDevice selectedDevice = allDevices[2]; //Cihaz seçimi. Manuel olarak atanmıştır.
using (PacketCommunicator communicator = selectedDevice.Open(100,
PacketDeviceOpenAttributes.Promiscuous,
1000))
{
//****************************** Ağ keşfi ******************************
for (byte i = altdeger; i < ustdeger; i++) // Ağdaki istenilen ip aralığına arp paketleri gönderiir. Örn: "192.168.1.i"
{
EthernetLayer ethernetLayer =
new EthernetLayer //Ethernet Katmanı
{
Source = new MacAddress(MacAdresim()), //Kaynak mac adresi. Fonksiyondan çekildi.
Destination = new MacAddress("ff:ff:ff:ff:ff:ff"), //Hedef mac adresi. Broadcast yayın yapıldı.
EtherType = EthernetType.None,
};
ArpLayer arpLayer =
new ArpLayer //Arp Katmanı
{
ProtocolType = EthernetType.IpV4,
Operation = ArpOperation.Request,
SenderHardwareAddress = new byte[] { 0x28, 0xd2, 0x44, 0x49, 0x7e, 0x2b }.AsReadOnly(), // Kaynak ac adresi.
SenderProtocolAddress = new byte[] { Convert.ToByte(IpParcala(0)), Convert.ToByte(IpParcala(1)), Convert.ToByte(IpParcala(2)), Convert.ToByte(IpParcala(3)) }.AsReadOnly(), // Kaynak Ip adresi IpParcala fonksiyonundan bloklar halinde çekildi.
TargetHardwareAddress = new byte[] { 0, 0, 0, 0, 0, 0 }.AsReadOnly(), // Hedef Mac Adresi. Öğrenilmek istenen parametre. Request paketlerinde 00:00:00:00:00:00
TargetProtocolAddress = new byte[] { Convert.ToByte(IpParcala(0)), Convert.ToByte(IpParcala(1)), Convert.ToByte(IpParcala(2)), i }.AsReadOnly(), // Hedef Ip adresi IpParcala fonksiyonundan bulunulan ağın ilk 3 bloğu alındı. Son blok i değeri ile döngüye sokuldu.
};
PacketBuilder builder = new PacketBuilder(ethernetLayer, arpLayer);
Packet arppacket = builder.Build(DateTime.Now); // Katmanlar paketlendi.
communicator.SendPacket(arppacket); // Arp paketi yayınlandı.
//****************************** ARP Paket dinleme ******************************
using (BerkeleyPacketFilter filter = communicator.CreateFilter("arp")) // Filtre uygulandı.
{
communicator.SetFilter(filter);
}
Packet packet;
PacketCommunicatorReceiveResult result = communicator.ReceivePacket(out packet);
switch (result)
{
case PacketCommunicatorReceiveResult.Ok:
if (!listBox1.Items.Contains(packet.Ethernet.Source + "\t\t\t@" + packet.Ethernet.Arp.SenderProtocolIpV4Address.ToString())) // Listbox'da oluşabilecek veri tekrarı önlendi.
{
listBox1.Items.Add(packet.Ethernet.Source + "\t\t\t@" + packet.Ethernet.Arp.SenderProtocolIpV4Address.ToString()); // Gelen Arp Paketlerinin Ethernet Katmanındna Source MAC Addres verisi çekildi.
}
break;
}
}
}
}
private void backgroundWorker1_DoWork(object sender, DoWorkEventArgs e)
{
using (PacketCommunicator communicator = selectedAdapter.Open(65536, PacketDeviceOpenAttributes.Promiscuous, 1000))
{
// Check the link layer.
if (communicator.DataLink.Kind != DataLinkKind.Ethernet)
{
MessageBox.Show("This program works only on Ethernet networks!");
return;
}
//Deallocation is necessary
if (_tcp.Checked && (!_udp.Checked))//just tcp
{
using (BerkeleyPacketFilter filter = communicator.CreateFilter("tcp"))
{
// Set the filter
communicator.SetFilter(filter);
}
}
else if (_udp.Checked && !(_tcp.Checked))//just udp
{
using (BerkeleyPacketFilter filter = communicator.CreateFilter("udp"))
{
// Set the filter
communicator.SetFilter(filter);
}
}
else if (_tcp.Checked && (_udp.Checked))//tcp and udp
{
using (BerkeleyPacketFilter filter = communicator.CreateFilter("ip and udp"))
{
// Set the filter
communicator.SetFilter(filter);
}
}
// Begin the capture
communicator.ReceivePackets(0, PacketHandler);
}
}
private void backgroundWorker1_DoWork(object sender, DoWorkEventArgs e)
{
using (PacketCommunicator communicator = selectedAdapter.Open(65536, PacketDeviceOpenAttributes.Promiscuous, 1000))
{
if (communicator.DataLink.Kind != DataLinkKind.Ethernet)
{
MessageBox.Show("This program works only on Ethernet networks!");
return;
}
if (_tcp.Checked && (!_udp.Checked))// tcp
{
using (BerkeleyPacketFilter filter = communicator.CreateFilter("tcp"))
{
// установка фильтра
communicator.SetFilter(filter);
}
}
else if (_udp.Checked && !(_tcp.Checked)) // udp
{
using (BerkeleyPacketFilter filter = communicator.CreateFilter("udp"))
{
// установка фильтра
communicator.SetFilter(filter);
}
}
else if (_tcp.Checked && (_udp.Checked))//tcp and udp
{
using (BerkeleyPacketFilter filter = communicator.CreateFilter("ip and udp"))
{
// установка фильтра
communicator.SetFilter(filter);
}
}
// захват трафика
communicator.ReceivePackets(0, PacketHandler);
}
}
private void toolStripButton1_Click(object sender, EventArgs e)
{
using (PacketCommunicator communicator = selectedAdapter.Open(65536, PacketDeviceOpenAttributes.Promiscuous, 1000))
{
using (BerkeleyPacketFilter filter = communicator.CreateFilter(tbFilter.Text))
{
// Set the filter
communicator.SetFilter(filter);
}
}
}
private void FilterPortPackets(PacketCommunicator pm, string prot = "UDP")
{
string f = prot.ToLower() + " port " + Ports[0].Number;
Console.WriteLine(f);
using (BerkeleyPacketFilter filter = pm.CreateFilter(f))
{
pm.SetFilter(filter);
}
pm.ReceivePackets(5, PrintPacketInfo);
}
private static void createListener()
{
IList <LivePacketDevice> allDevices = LivePacketDevice.AllLocalMachine;
if (allDevices.Count == 0)
{
MessageBox.Show("No interfaces found! Make sure WinPcap is installed.");
return;
}
// Print the list
for (int i = 0; i != allDevices.Count; ++i)
{
LivePacketDevice device = allDevices[i];
if (device.Description != null)
{
Console.WriteLine(" (" + device.Description + ")");
}
else
{
Console.WriteLine(" (No description available)");
}
}
foreach (PacketDevice selectedDevice in allDevices.ToList())
{
// Open the device
Thread t = new Thread(() =>
{
using (PacketCommunicator communicator =
selectedDevice.Open(65536,
PacketDeviceOpenAttributes.Promiscuous,
1000))
{
// Compile the filter
using (BerkeleyPacketFilter filter = communicator.CreateFilter("ip and udp and port 5056")) // Restrict to only photon event port
{
// Set the filter
communicator.SetFilter(filter);
}
Console.WriteLine("Listening on " + selectedDevice.Description + "...");
// start the capture
communicator.ReceivePackets(0, photonPacketHandler.PacketHandler);
}
});
// Make sure thread closes on application exit
t.IsBackground = true;
t.Start();
}
}
private static void InterceptDevice(object data)
{
LivePacketDevice device = (LivePacketDevice)data;
using (PacketCommunicator communicator = device.Open(65536, PacketDeviceOpenAttributes.Promiscuous, 1000))
{
using (BerkeleyPacketFilter filter = communicator.CreateFilter("udp port 14001"))
{
communicator.SetFilter(filter);
communicator.ReceivePackets(int.MaxValue, PacketHandler);
}
}
}
public void Start(string networkAdapter)
{
// Start scanning WoW packets
// Retrieve the device list from the local machine
IList <LivePacketDevice> allDevices = LivePacketDevice.AllLocalMachine;
if (allDevices.Count == 0)
{
Logger.Warn("No interfaces found! Can't scan WoW packets.");
return;
}
// Take the configured network adapter
// TODO: Create UI with available network adapters dropdown
PacketDevice selectedDevice = null;
if (!string.IsNullOrEmpty(networkAdapter))
{
selectedDevice = allDevices.FirstOrDefault(d => d.Name.Contains(networkAdapter));
}
// If not found take the first active network adapter
if (selectedDevice == null)
{
selectedDevice = allDevices.First(d => d.Addresses.Any());
}
// Open the device
try
{
_communicator = selectedDevice.Open(65536, PacketDeviceOpenAttributes.Promiscuous, 40);
Logger.Debug("Listening on " + selectedDevice.Description + " for WoW packets");
// Compile the filter
using (var filter = _communicator.CreateFilter("tcp"))
{
// Set the filter
_communicator.SetFilter(filter);
}
}
catch (Exception e)
{
_dialogService.ShowErrorMessageBox("Cannot start the WoW module, maybe an antivirus is interfering.\n\n" +
$"Try whitelisting '{AppDomain.CurrentDomain.BaseDirectory}' in your virus " +
"scanner and reinstalling Artemis.");
Logger.Warn(e, "Cannot start the WoW module, maybe an antivirus is interfering.");
}
Task.Run(() => ReceivePackets());
}
public static void Test_InterpretingThePackets_01()
{
// from project InterpretingThePackets
_tr.WriteLine("Test_InterpretingThePackets_01");
PacketDevice device = SelectDevice();
if (device == null)
{
return;
}
__communicator = null;
//_rs.OnAbortExecution += new OnAbortEvent(OnAbortExecution);
_rs.OnAbortExecution = OnAbortExecution;
try
{
// Open the device : device.Open()
// snapshotLength = 65536, portion of the packet to capture 65536 guarantees that the whole packet will be captured on all the link layers
// attributes = PacketDeviceOpenAttributes.Promiscuous, promiscuous mode
// readTimeout = 1000
using (__communicator = device.Open(65536, PacketDeviceOpenAttributes.Promiscuous, 1000))
{
// Check the link layer. We support only Ethernet for simplicity.
if (__communicator.DataLink.Kind != DataLinkKind.Ethernet)
{
_tr.WriteLine("This program works only on Ethernet networks.");
return;
}
// Compile the filter
using (BerkeleyPacketFilter filter = __communicator.CreateFilter("ip and udp"))
{
// Set the filter
__communicator.SetFilter(filter);
}
_tr.WriteLine("Listening on " + device.Description + "...");
// start the capture
__communicator.ReceivePackets(0, InterpretingPacketHandler);
}
}
catch (Exception ex)
{
_tr.WriteLine(ex.Message);
}
finally
{
//_rs.OnAbortExecution -= new OnAbortEvent(OnAbortExecution);
}
}
private void CreateListener()
{
IList <LivePacketDevice> allDevices = LivePacketDevice.AllLocalMachine;
if (allDevices.Count == 0)
{
Debug.WriteLine("No Network Interface Found! Please make sure WinPcap is properly installed.");
ctx.Channel.SendMessageAsync("No Network Interface Found! Please make sure WinPcap is properly installed.");
return;
}
for (int i = 0; i != allDevices.Count; i++)
{
LivePacketDevice device = allDevices[i];
if (device.Description != null)
{
Debug.WriteLine(" (" + device.Description + ")");
}
else
{
Debug.WriteLine(" (Unknown)");
}
}
using (List <LivePacketDevice> .Enumerator enumerator = allDevices.ToList <LivePacketDevice>().GetEnumerator())
{
while (enumerator.MoveNext())
{
PacketDevice selectedDevice = enumerator.Current;
new Thread(delegate()
{
using (PacketCommunicator communicator = selectedDevice.Open(65536, PacketDeviceOpenAttributes.Promiscuous, 1000))
{
if (communicator.DataLink.Kind != DataLinkKind.Ethernet)
{
Debug.WriteLine("This program works only on Ethernet networks.");
ctx.Channel.SendMessageAsync("This program works only on Ethernet networks.");
}
else
{
using (BerkeleyPacketFilter filter = communicator.CreateFilter("ip and udp"))
{
communicator.SetFilter(filter);
}
Console.WriteLine("Capturing on " + selectedDevice.Description + "...");
communicator.ReceivePackets(0, new HandlePacket(photonPacketHandler.PacketHandler));
}
}
}).Start();
}
}
}
private void StartSniffing()
{
if (m_selectedDevice == null)
{
return;
}
using (
m_communicator = m_selectedDevice.Open(65536,
PacketDeviceOpenAttributes.MaximumResponsiveness,
1000))
{
m_communicator.SetFilter(m_communicator.CreateFilter("tcp and port " + Port));
m_communicator.ReceivePackets(0, PacketHandler);
}
}
private void OpenDevice(PacketDevice selectedDevice)
{
// Open the device
using (PacketCommunicator communicator =
selectedDevice.Open(65536,
PacketDeviceOpenAttributes.MaximumResponsiveness,
1000))
{
if (communicator.DataLink.Kind != DataLinkKind.Ethernet)
{
MessageHelper.PrintMessage("This program works only on Ethernet networks.");
return;
}
// Compile the filter
using (BerkeleyPacketFilter filter = communicator.CreateFilter("ip and udp"))
{
// Set the filter
communicator.SetFilter(filter);
}
MessageHelper.PrintMessage("Listening on " + selectedDevice.Description + "...");
// start the capture
MessageHelper.PrintMessage("Monitoring started. Press any key to stop and save the results into a text file", "warning");
Packet packet;
do
{
PacketCommunicatorReceiveResult result = communicator.ReceivePacket(out packet);
switch (result)
{
case PacketCommunicatorReceiveResult.Timeout:
// Timeout elapsed
continue;
case PacketCommunicatorReceiveResult.Ok:
PacketHandler(packet);
break;
default:
throw new InvalidOperationException("The result " + result + " should never be reached here");
}
} while (!Console.KeyAvailable);
repo.SaveMonitoringResultsToTextFile(FileLocation);
}
}
// modified code from: https://github.com/PcapDotNet/Pcap.Net/wiki/Pcap.Net-Tutorial-Interpreting-the-packets
// used in the first part of packet sniffing
public void SniffPackets(PacketDevice selectedDevice)
{
// Open the device
using (PacketCommunicator communicator =
selectedDevice.Open(65536, // portion of the packet to capture
// 65536 guarantees that the whole packet will be captured on all the link layers
PacketDeviceOpenAttributes.Promiscuous, // promiscuous mode
1000)) // read timeout
{
// Compile the filter
using (BerkeleyPacketFilter filter = communicator.CreateFilter(""))
communicator.SetFilter(filter);
// start the capture
communicator.ReceivePackets(0, PacketHandler);
}
}
private void button4_Click(object sender, EventArgs e)
{
int selectedIndex = this.comboBoxNetworkAdapter.SelectedIndex;
if (selectedIndex >= 0 && selectedIndex <= (this._networkAdapters.Count - 1))
{
DisableLivePcapParsingButton();
DisablePcapButton();
labelCapturingIndication.Visible = true;
comboBoxNetworkAdapter.Enabled = false;
Task.Factory.StartNew(() =>
{
LivePacketDevice selectedDevice = this._networkAdapters[selectedIndex];
// 65536 guarantees that the whole packet will be captured on all the link layers
using (PacketCommunicator communicator = selectedDevice.Open(65536, PacketDeviceOpenAttributes.Promiscuous, 1000))
{
using (BerkeleyPacketFilter filter = communicator.CreateFilter("tcp dst port 9295 or tcp src port 9295"))
{
// Set the filter
communicator.SetFilter(filter);
}
// start the capture
communicator.ReceivePackets(0, PacketHandlerTcp);
}
});
Task.Factory.StartNew(() =>
{
LivePacketDevice selectedDevice = this._networkAdapters[selectedIndex];
// 65536 guarantees that the whole packet will be captured on all the link layers
using (PacketCommunicator communicator = selectedDevice.Open(65536, PacketDeviceOpenAttributes.Promiscuous, 1000))
{
using (BerkeleyPacketFilter filter = communicator.CreateFilter("udp dst port 9296 or udp src port 9296"))
{
// Set the filter
communicator.SetFilter(filter);
}
// start the capture
communicator.ReceivePackets(0, PacketHandlerUdp);
}
});
}
}
private void ListenForArps()
{
using (
PacketCommunicator communicator = frmCapture.myDevice.Open(65536, PacketDeviceOpenAttributes.Promiscuous,
1000))
{
if (communicator.DataLink.Kind != DataLinkKind.Ethernet)
{
MessageBox.Show("Ethernet Only");
}
using (BerkeleyPacketFilter filter = communicator.CreateFilter("arp"))
{
communicator.SetFilter(filter);
}
communicator.ReceivePackets(0, PacketHandler);
}
}
public void Dinle()
{
using (PacketCommunicator communicator = selectedDevice.Open(65536, PacketDeviceOpenAttributes.Promiscuous, 1000))
{
if (communicator.DataLink.Kind != DataLinkKind.Ethernet)
{
Console.WriteLine("This program works only on Ethernet networks.");
return;
}
using (BerkeleyPacketFilter filter = communicator.CreateFilter("ip"))
{
communicator.SetFilter(filter);
}
communicator.ReceivePackets(0, PacketHandler);
}
}
private void backgroundWorker1_DoWork(object sender, DoWorkEventArgs e)
{
using (PacketCommunicator communicator = selectedAdapter.Open(65536, PacketDeviceOpenAttributes.Promiscuous, 1000))
{
if (communicator.DataLink.Kind != DataLinkKind.Ethernet)
{
MessageBox.Show("Este programa solo funciona con redes Ethernet");
return;
}
using (BerkeleyPacketFilter filter = communicator.CreateFilter("tcp or udp"))
{
communicator.SetFilter(filter);
}
communicator.ReceivePackets(0, PacketHandler);
}
}
static void Main(string[] args)
{
Console.WriteLine("Hello World!. It's SnapTCP!");
IList <LivePacketDevice> allDevices = LivePacketDevice.AllLocalMachine;
AdaptersService adaptersService = new AdaptersService();
adaptersService.PrintDevices(allDevices);
if (allDevices.Count == 0)
{
return;
}
int deviceIndex = 0;
do
{
Console.WriteLine($"Enter the interface number to capture packets on: (1 - {allDevices.Count})");
string deviceIndexString = Console.ReadLine();
if (!int.TryParse(deviceIndexString, out deviceIndex) || deviceIndex < 1 || deviceIndex > allDevices.Count)
{
deviceIndex = 0;
}
}while(deviceIndex == 0);
PacketDevice selectedDevice = allDevices[deviceIndex - 1];
using (PacketCommunicator communicator =
selectedDevice.Open(65536, PacketDeviceOpenAttributes.Promiscuous, 1000))
{
using (BerkeleyPacketFilter filter = communicator.CreateFilter("tcp and ip"))
{
communicator.SetFilter(filter);
}
Console.WriteLine($"Listening On: {selectedDevice.Description} ...");
communicator.ReceivePackets(0, PacketHandler);
}
}
/// <summary>
/// Start an off-line capture
/// </summary>
/// <param name="file">The dump file name to capture</param>
/// <param name="callback">Callback to handle packets</param>
/// <param name="IsBadDumpFile">Flag indicates whether the dump file is invalid</param>
public static void StartOfflineCapture(string file, HandlePacket callback, ref bool IsBadDumpFile)
{
PacketCommunicator pc = communicator;
try {
// Create the off-line device
OfflinePacketDevice selectedDevice = new OfflinePacketDevice(file);
communicator =
selectedDevice.Open(65536, // portion of the packet to capture
// 65536 guarantees that the whole packet will be captured on all the link layers
PacketDeviceOpenAttributes.Promiscuous, // promiscuous mode
1000); // read timeout
// Compile the filter
using (BerkeleyPacketFilter filter =
communicator.CreateFilter(SnifferConfig.Filter.FilterString)) {
communicator.SetFilter(filter);
}
// Read and dispatch packets until EOF is reached
communicator.ReceivePackets(0, callback);
}
catch (Exception) {
IsBadDumpFile = true;
}
finally {
if (pc != null)
communicator = pc;
}
}
public static void Test_InterpretingThePackets_01()
{
// from project InterpretingThePackets
_tr.WriteLine("Test_InterpretingThePackets_01");
PacketDevice device = SelectDevice();
if (device == null)
return;
__communicator = null;
//_rs.OnAbortExecution += new OnAbortEvent(OnAbortExecution);
_rs.OnAbortExecution = OnAbortExecution;
try
{
// Open the device : device.Open()
// snapshotLength = 65536, portion of the packet to capture 65536 guarantees that the whole packet will be captured on all the link layers
// attributes = PacketDeviceOpenAttributes.Promiscuous, promiscuous mode
// readTimeout = 1000
using (__communicator = device.Open(65536, PacketDeviceOpenAttributes.Promiscuous, 1000))
{
// Check the link layer. We support only Ethernet for simplicity.
if (__communicator.DataLink.Kind != DataLinkKind.Ethernet)
{
_tr.WriteLine("This program works only on Ethernet networks.");
return;
}
// Compile the filter
using (BerkeleyPacketFilter filter = __communicator.CreateFilter("ip and udp"))
{
// Set the filter
__communicator.SetFilter(filter);
}
_tr.WriteLine("Listening on " + device.Description + "...");
// start the capture
__communicator.ReceivePackets(0, InterpretingPacketHandler);
}
}
catch (Exception ex)
{
_tr.WriteLine(ex.Message);
}
finally
{
//_rs.OnAbortExecution -= new OnAbortEvent(OnAbortExecution);
}
}