private void _Receive(int count = 0) { //using (_communicator = _device.Open(65536, PacketDeviceOpenAttributes.Promiscuous, 1000)) //{ // _ppacketManager = new PPacketManager(); // if (_filter != null) // _communicator.SetFilter(_filter); // _communicator.ReceivePackets(0, ReceivePacketHandle); //} try { _communicator = _device.Open(65536, PacketDeviceOpenAttributes.Promiscuous, 1000); if (_dumpFile != null) _packetDumpFile = _communicator.OpenDump(_dumpFile); _ppacketManager = new PPacketManager(); if (_filter != null) _communicator.SetFilter(_filter); _communicator.ReceivePackets(count, ReceivePacketHandle); } finally { if (_communicator != null) { _communicator.Dispose(); _communicator = null; } if (_packetDumpFile != null) { _packetDumpFile.Dispose(); _packetDumpFile = null; } } }
private static void Compare(XDocument document, IEnumerable <Packet> packets) { IEnumerator <Packet> packetEnumerator = packets.GetEnumerator(); List <Packet> failedPackets = new List <Packet>(); StringBuilder failureMessage = new StringBuilder(); // Parse XML int i = 1; foreach (var documentPacket in document.Element("pdml").Elements("packet")) { packetEnumerator.MoveNext(); Packet packet = packetEnumerator.Current; try { ComparePacket(packet, documentPacket); } catch (Exception e) { failedPackets.Add(packet); failureMessage.Append(new AssertFailedException("Failed comparing packet " + i + ". " + e.Message, e) + Environment.NewLine); } ++i; } if (failedPackets.Any()) { PacketDumpFile.Dump(Path.GetTempPath() + "temp." + 1000 + ".pcap", failedPackets.First().DataLink.Kind, 65536, failedPackets); throw new AssertFailedException("Failed comparing " + failedPackets.Count + " packets:" + Environment.NewLine + failureMessage); } }
/// <summary> /// Setup filter and start capture /// Return when an error occurs or StopCapture is called /// </summary> /// <param name="callback">Callback to handle packets</param> /// <param name="ErrorMsg">When return contains the error description</param> public void StartCapture(HandlePacket callback, out string ErrorMsg) { // Check the link layer. We support only Ethernet if (communicator.DataLink.Kind != DataLinkKind.Ethernet) { ErrorMsg = "This program works only on Ethernet networks."; return; } // Compile the filter using (BerkeleyPacketFilter filter = communicator.CreateFilter(SnifferConfig.Filter.FilterString)) { communicator.SetFilter(filter); } using (PacketDumpFile dumpFile = communicator.OpenDump(DumpFileName)) { try { // start the capture communicator.ReceivePackets(0, delegate(Packet packet) { dumpFile.Dump(packet); callback(packet); }); } catch (Exception ex) { ErrorMsg = ex.Message; } } ErrorMsg = null; }
public static void ResetDetailsDumper() { detailsDumper.Dispose(); File.Delete(detailsFile); detailsFile = Path.GetTempFileName(); detailsDumper = communicator.OpenDump(detailsFile); }
public void DumpWithoutDeviceTest() { string filename = Path.GetTempPath() + @"dump.pcap"; Packet expectedPacket = PacketBuilder.Build(DateTime.Now, new EthernetLayer { Source = new MacAddress(1), Destination = new MacAddress(2), EtherType = EthernetType.QInQ, }, new PayloadLayer { Data = new Datagram(new byte[] { 1, 2, 3 }) }); PacketDumpFile.Dump(filename, DataLinkKind.Ethernet, PacketDevice.DefaultSnapshotLength, new[] { expectedPacket }); using (PacketCommunicator communicator = new OfflinePacketDevice(filename).Open()) { Packet actualPacket; PacketCommunicatorReceiveResult result = communicator.ReceivePacket(out actualPacket); Assert.AreEqual(PacketCommunicatorReceiveResult.Ok, result); Assert.AreEqual(expectedPacket, actualPacket); MoreAssert.IsInRange(expectedPacket.Timestamp.AddMicroseconds(-2), expectedPacket.Timestamp.AddMicroseconds(1), actualPacket.Timestamp); } }
public static void DumpDetailsPacket(Packet packet) { if (detailsDumper == null) { detailsFile = Path.GetTempFileName(); detailsDumper = communicator.OpenDump(detailsFile); } detailsDumper.Dump(packet); }
public void StartCapture() { var dev = LivePacketDevice.AllLocalMachine.FirstOrDefault(d => d.Name.Equals(Device.Name)); if (dev == null) { return; } var token = Cancellation.Token; this.CaptureTask = new Task((state) => { DumpOptions option = (DumpOptions)state; // Open device using (PacketCommunicator communicator = dev.Open( 65535, PacketDeviceOpenAttributes.Promiscuous, 250 )) { if (option.Filter != null) { communicator.SetFilter(option.Filter); } using (PacketDumpFile dumpFile = communicator.OpenDump(option.Path)) { int count = 0; Stopwatch stopwatch = new Stopwatch(); stopwatch.Start(); while (count < option.Count && stopwatch.ElapsedMilliseconds < option.Durance.TotalMilliseconds) { token.ThrowIfCancellationRequested(); Packet packet; var result = communicator.ReceivePacket(out packet); if (result == PacketCommunicatorReceiveResult.Ok) { dumpFile.Dump(packet); count++; if (option.Callback != null) { option.Callback(null, new PacketArrivalEventArgs(packet)); } } } } } }, Options, token, TaskCreationOptions.LongRunning); CaptureTask.Start(); }
public static void Test_DumpPacketsToFile_02() { // from project SavingPacketsToADumpFile _tr.WriteLine("Test_DumpPacketsToFile_02"); string dumpFile = @"dump\dump.pcap"; dumpFile = GetPath(dumpFile); _tr.WriteLine("dump to file \"{0}\"", dumpFile); PacketDevice device = SelectDevice(); if (device == null) { return; } __communicator = null; //_rs.OnAbortExecution += new OnAbortEvent(OnAbortExecution); _rs.OnAbortExecution = OnAbortExecution; try { // Open the device : device.Open() // snapshotLength = 65536, portion of the packet to capture 65536 guarantees that the whole packet will be captured on all the link layers // attributes = PacketDeviceOpenAttributes.Promiscuous, promiscuous mode // readTimeout = 1000 using (__communicator = device.Open(65536, PacketDeviceOpenAttributes.Promiscuous, 1000)) { //if (communicator.DataLink.Kind != DataLinkKind.Ethernet) //{ // _tr.WriteLine("This program works only on Ethernet networks."); // return; //} // start the capture //var query = from packet in communicator.ReceivePackets() select packet; // where !packet.IsValid using (PacketDumpFile dump = __communicator.OpenDump(dumpFile)) { _tr.WriteLine("Listening on " + device.Description + "..."); // start the capture __communicator.ReceivePackets(0, dump.Dump); } } } catch (Exception ex) { _tr.WriteLine(ex.Message); } finally { //_rs.OnAbortExecution -= new OnAbortEvent(OnAbortExecution); } }
private void backgroundWorker2_DoWork(object sender, DoWorkEventArgs e) { if (save.Checked) { using (PacketCommunicator communicator = selectedAdapter.Open(65536, PacketDeviceOpenAttributes.Promiscuous, 1000)) { using (PacketDumpFile dumpFile = communicator.OpenDump(fullpath + "Paquetes.pcap")) { communicator.ReceivePackets(0, dumpFile.Dump); } } } }
private void backgroundWorker2_DoWork(object sender, DoWorkEventArgs e) { if (save.Checked) { using (PacketCommunicator communicator = selectedAdapter.Open(65536, PacketDeviceOpenAttributes.Promiscuous, 1000)) { using (PacketDumpFile dumpFile = communicator.OpenDump(@"E:\networks final\.pcap")) { // start the capture communicator.ReceivePackets(0, dumpFile.Dump); } } } }
public static OfflinePacketDevice GetOfflineDevice(int numPackets, Packet packet, TimeSpan intervalBetweenPackets, string dumpFilename, string readFilename = null) { if (readFilename == null) { readFilename = dumpFilename; } PacketCommunicator communicator; using (communicator = LivePacketDeviceTests.OpenLiveDevice()) { using (PacketDumpFile dumpFile = communicator.OpenDump(dumpFilename)) { int lastPosition = 0; for (int i = 0; i != numPackets; ++i) { if (intervalBetweenPackets != TimeSpan.Zero && i != 0) { DateTime timestamp = packet.Timestamp; timestamp = timestamp.Add(intervalBetweenPackets); packet = new Packet(packet.Buffer, timestamp, packet.DataLink); } dumpFile.Dump(packet); MoreAssert.IsBigger(lastPosition, dumpFile.Position); lastPosition = dumpFile.Position; dumpFile.Flush(); } } } if (readFilename != dumpFilename) { if (File.Exists(readFilename)) { File.Delete(readFilename); } File.Move(dumpFilename, readFilename); } OfflinePacketDevice device = new OfflinePacketDevice(readFilename); Assert.AreEqual(0, device.Addresses.Count); Assert.AreEqual(string.Empty, device.Description); Assert.AreEqual(DeviceAttributes.None, device.Attributes); Assert.AreEqual(readFilename, device.Name); return(device); }
private void SaveSniffing() { PacketDevice saveSelectedDevice = allDevices[ddlNetworkAdapters.SelectedIndex]; using (PacketCommunicator PkCommunicator = saveSelectedDevice.Open(65536, PacketDeviceOpenAttributes.Promiscuous, 1000)) { if (txtFilters.Text != "") { PkCommunicator.SetFilter(txtFilters.Text); } using (PacketDumpFile PkDumpFile = PkCommunicator.OpenDump(pcap_file)) { PkCommunicator.ReceivePackets(0, PkDumpFile.Dump); } } }
/// <summary> /// Saves one packet to disk on default path /// </summary> /// <param name="packet"></param> public void TrySaveOnePacketToDisk(Packet packet, string fileName = "savedpacket") { if (packet is null) { throw new ArgumentNullException(nameof(packet)); } string path = PathProvider.GetDefaultPathToSolution(); fileName = ConstructFileNameUntilThereIsNoFileWithSameName(fileName, path, ".pcap"); PacketDumpFile.Dump(path + fileName, packet.DataLink.Kind, packet.Length, new List <Packet> { packet }); }
public PacketSniffer(int DeviceIndex) { // Retrieve the device list from the local machine IList<LivePacketDevice> allDevices = LivePacketDevice.AllLocalMachine; PacketDevice SelectedDevice = allDevices[DeviceIndex]; communicator = SelectedDevice.Open(65536, // portion of the packet to capture // 65536 guarantees that the whole packet will be captured on all the link layers PacketDeviceOpenAttributes.Promiscuous, // promiscuous mode 1000); if (detailsDumper == null) { detailsFile = Path.GetTempFileName(); detailsDumper = communicator.OpenDump(detailsFile); } ResetDumpFile(); }
private void backgroundWorker2_DoWork(object sender, DoWorkEventArgs e) { //if (save.Checked) //{ using (PacketCommunicator communicator = selectedAdapter.Open(65536, PacketDeviceOpenAttributes.Promiscuous, 1000)) { string folderName = @"D:\Temp"; path = Path.Combine(folderName); System.IO.Directory.CreateDirectory(path); string fileName = System.IO.Path.GetRandomFileName(); path = System.IO.Path.Combine(path, fileName); using (PacketDumpFile dumpFile = communicator.OpenDump(path)) { communicator.ReceivePackets(0, dumpFile.Dump); } } //} }
public PacketSniffer(int DeviceIndex) { // Retrieve the device list from the local machine IList <LivePacketDevice> allDevices = LivePacketDevice.AllLocalMachine; PacketDevice SelectedDevice = allDevices[DeviceIndex]; communicator = SelectedDevice.Open(65536, // portion of the packet to capture // 65536 guarantees that the whole packet will be captured on all the link layers PacketDeviceOpenAttributes.Promiscuous, // promiscuous mode 1000); if (detailsDumper == null) { detailsFile = Path.GetTempFileName(); detailsDumper = communicator.OpenDump(detailsFile); } ResetDumpFile(); }
private void _Receive(int count = 0) { //using (_communicator = _device.Open(65536, PacketDeviceOpenAttributes.Promiscuous, 1000)) //{ // _ppacketManager = new PPacketManager(); // if (_filter != null) // _communicator.SetFilter(_filter); // _communicator.ReceivePackets(0, ReceivePacketHandle); //} try { _communicator = _device.Open(65536, PacketDeviceOpenAttributes.Promiscuous, 1000); if (_dumpFile != null) { _packetDumpFile = _communicator.OpenDump(_dumpFile); } _ppacketManager = new PPacketManager(); if (_filter != null) { _communicator.SetFilter(_filter); } _communicator.ReceivePackets(count, ReceivePacketHandle); } finally { if (_communicator != null) { _communicator.Dispose(); _communicator = null; } if (_packetDumpFile != null) { _packetDumpFile.Dispose(); _packetDumpFile = null; } } }
static void Main(string[] args) { // Retrieve the device list from the local machine IList <LivePacketDevice> allDevices = LivePacketDevice.AllLocalMachine; if (allDevices.Count == 0) { Console.WriteLine("No interfaces found! Make sure WinPcap is installed."); return; } // Print the list for (int i = 0; i != allDevices.Count; ++i) { LivePacketDevice device = allDevices[i]; Console.Write((i + 1) + ". " + device.Name); if (device.Description != null) { Console.WriteLine(" (" + device.Description + ")"); } else { Console.WriteLine(" (No description available)"); } } int deviceIndex = 0; do { Console.WriteLine("Enter the interface number (1-" + allDevices.Count + "):"); string deviceIndexString = Console.ReadLine(); if (!int.TryParse(deviceIndexString, out deviceIndex) || deviceIndex < 1 || deviceIndex > allDevices.Count) { deviceIndex = 0; } } while (deviceIndex == 0); // Take the selected adapter PacketDevice selectedDevice = allDevices[deviceIndex - 1]; // Open the device using (PacketCommunicator communicator = selectedDevice.Open(65536, // portion of the packet to capture // 65536 guarantees that the whole packet will be captured on all the link layers PacketDeviceOpenAttributes.Promiscuous, // promiscuous mode 1000)) // read timeout { // Check the link layer. We support only Ethernet for simplicity. if (communicator.DataLink.Kind != DataLinkKind.Ethernet) { Console.WriteLine("This program works only on Ethernet networks."); return; } // Compile and set the filter // communicator.SetFilter("ip and tcp"); Console.WriteLine("Listening on " + selectedDevice.Description + "..."); // start the capture var query = from packet in communicator.ReceivePackets() // where !packet.IsValid select packet; using (PacketDumpFile dumpFile = communicator.OpenDump("dump.pcap")) { foreach (Packet packet in query) { if (packet.Length <= 60 && packet.Ethernet.EtherType == EthernetType.IpV4 && packet.Ethernet.IpV4.Protocol == IpV4Protocol.Tcp && packet.Ethernet.IpV4.Tcp.ControlBits == (TcpControlBits.Synchronize | TcpControlBits.Acknowledgment)) { Console.WriteLine("Captured Packet " + packet.Timestamp); } // dumpFile.Dump(packet); } } } }
public void WritePcapFile() { string filename = $"websock__{_srcIp}_{_srcPort}__{_dstIp}_{_dstPort}__" + _packets[0].Timestamp.ToString("hh-mm-ss-fff") + ".pcap"; PacketDumpFile.Dump(filename, DataLinkKind.Ethernet, 65536, _packets); }
public static void Test_DumpPacketsToFile_01() { // from project CaptureInvalidPackets _tr.WriteLine("Test_DumpPacketsToFile_01"); string dumpFile = @"dump\dump.pcap"; dumpFile = GetPath(dumpFile); _tr.WriteLine("dump to file \"{0}\"", dumpFile); PacketDevice device = SelectDevice(); if (device == null) { return; } try { // Open the device : device.Open() // snapshotLength = 65536, portion of the packet to capture 65536 guarantees that the whole packet will be captured on all the link layers // attributes = PacketDeviceOpenAttributes.Promiscuous, promiscuous mode // readTimeout = 1000 using (PacketCommunicator communicator = device.Open(65536, PacketDeviceOpenAttributes.Promiscuous, 1000)) { _tr.WriteLine("Listening on " + device.Description + "..."); if (communicator.DataLink.Kind != DataLinkKind.Ethernet) { _tr.WriteLine("This program works only on Ethernet networks."); return; } // start the capture var query = from packet in communicator.ReceivePackets() select packet; // where !packet.IsValid using (PacketDumpFile dump = communicator.OpenDump(dumpFile)) { foreach (Packet packet in query) { if (packet.Length <= 60 && packet.Ethernet.EtherType == EthernetType.IpV4 && packet.Ethernet.IpV4.Protocol == IpV4Protocol.Tcp && packet.Ethernet.IpV4.Tcp.ControlBits == (TcpControlBits.Synchronize | TcpControlBits.Acknowledgment)) { _tr.WriteLine("Captured Packet " + packet.Timestamp); } _tr.WriteLine("dump packet " + packet.Timestamp); dump.Dump(packet); if (_rs.IsExecutionAborted()) { break; } } } } } catch (Exception ex) { _tr.WriteLine(ex.Message); } }
private static void ComparePacketsToWireshark(IEnumerable <Packet> packets) { string pcapFilename = Path.GetTempPath() + "temp." + new Random().NextByte() + ".pcap"; #pragma warning disable 162 // ReSharper disable ConditionIsAlwaysTrueOrFalse // ReSharper disable HeuristicUnreachableCode if (!IsRetry) { PacketDumpFile.Dump(pcapFilename, new PcapDataLink(packets.First().DataLink.Kind), PacketDevice.DefaultSnapshotLength, packets); } else { pcapFilename = Path.GetTempPath() + "temp." + RetryNumber + ".pcap"; List <Packet> packetsList = new List <Packet>(); using (PacketCommunicator communicator = new OfflinePacketDevice(pcapFilename).Open()) { communicator.ReceivePackets(-1, packetsList.Add); } packets = packetsList; } // ReSharper restore HeuristicUnreachableCode // ReSharper restore ConditionIsAlwaysTrueOrFalse #pragma warning restore 162 // Create pdml file string documentFilename = pcapFilename + ".pdml"; using (Process process = new Process()) { process.StartInfo = new ProcessStartInfo { // Wireshark's preferences file is %APPDATA%\Wireshark\preferences FileName = WiresharkTsharkPath, Arguments = "-o ip.check_checksum:TRUE " + "-o ipv6.use_geoip:FALSE " + "-o udp.check_checksum:TRUE " + "-o tcp.relative_sequence_numbers:FALSE " + "-o tcp.analyze_sequence_numbers:FALSE " + "-o tcp.track_bytes_in_flight:FALSE " + "-o tcp.desegment_tcp_streams:FALSE " + "-o tcp.check_checksum:TRUE " + "-o http.dechunk_body:FALSE " + "-t r -n -r \"" + pcapFilename + "\" -T pdml", WorkingDirectory = WiresharkDiretory, UseShellExecute = false, RedirectStandardOutput = true, RedirectStandardError = true, CreateNoWindow = true }; Console.WriteLine("Starting process " + process.StartInfo.FileName + " " + process.StartInfo.Arguments); Assert.IsTrue(process.Start()); string output = process.StandardOutput.ReadToEnd(); string errorOutput = process.StandardError.ReadToEnd(); process.WaitForExit(); Console.WriteLine(errorOutput); File.WriteAllText(documentFilename, output); Assert.AreEqual(0, process.ExitCode); } // Fix pdml file string fixedDocumentFilename = documentFilename + ".fixed"; File.WriteAllBytes(fixedDocumentFilename, new List <byte>(from b in File.ReadAllBytes(documentFilename) select b == 0x0A || b == 0x0D ? b : Math.Max((byte)0x20, Math.Min(b, (byte)0x7F))).ToArray()); try { Compare(XDocument.Load(fixedDocumentFilename, LoadOptions.None), packets); } catch (Exception exception) { throw new AssertFailedException("Failed comparing packets in file " + pcapFilename + ". " + exception, exception); } }
static void Main(string[] args) { // Check command line if (args.Length != 1) { Console.WriteLine("usage: " + Environment.GetCommandLineArgs()[0] + " <filename>"); return; } // Retrieve the device list on the local machine IList <LivePacketDevice> allDevices = LivePacketDevice.AllLocalMachine; if (allDevices.Count == 0) { Console.WriteLine("No interfaces found! Make sure WinPcap is installed."); return; } // Print the list for (int i = 0; i != allDevices.Count; ++i) { LivePacketDevice device = allDevices[i]; Console.Write((i + 1) + ". " + device.Name); if (device.Description != null) { Console.WriteLine(" (" + device.Description + ")"); } else { Console.WriteLine(" (No description available)"); } } int deviceIndex = 0; do { Console.WriteLine("Enter the interface number (1-" + allDevices.Count + "):"); string deviceIndexString = Console.ReadLine(); if (!int.TryParse(deviceIndexString, out deviceIndex) || deviceIndex < 1 || deviceIndex > allDevices.Count) { deviceIndex = 0; } } while (deviceIndex == 0); // Take the selected adapter PacketDevice selectedDevice = allDevices[deviceIndex - 1]; // Open the device using (PacketCommunicator communicator = selectedDevice.Open(65536, // portion of the packet to capture // 65536 guarantees that the whole packet will be captured on all the link layers PacketDeviceOpenAttributes.Promiscuous, // promiscuous mode 1000)) // read timeout { // Open the dump file using (PacketDumpFile dumpFile = communicator.OpenDump(args[0])) { Console.WriteLine("Listening on " + selectedDevice.Description + "... Press Ctrl+C to stop..."); // start the capture communicator.ReceivePackets(0, dumpFile.Dump); } } }
public void SendNullPacketsTest() { PacketDumpFile.Dump(@"dump.pcap", new PcapDataLink(DataLinkKind.Ethernet), PacketDevice.DefaultSnapshotLength, null); Assert.Fail(); }