public void BpfProgramNoDeviceMatches() { using var device = new CaptureFileReaderDevice(TestHelper.GetFile("tcp.pcap")); device.Open(); using var bpfProgram = BpfProgram.Create(device.Handle, "tcp"); Assert.IsFalse(bpfProgram.IsInvalid); device.GetNextPacket(out var packet); Assert.IsTrue(bpfProgram.Matches(packet.Data)); }
public void FilterMethods() { using var device = TestHelper.GetPcapDevice(); device.Open(); var filterExpression = "arp"; using var bpfProgram = BpfProgram.Create(device.Handle, filterExpression); Assert.IsFalse(bpfProgram.IsInvalid); var arp = new ARP(device); var destinationIP = new System.Net.IPAddress(new byte[] { 8, 8, 8, 8 }); // Note: We don't care about the success or failure here arp.Resolve(destinationIP); // retrieve some packets, looking for the arp var header = IntPtr.Zero; var data = IntPtr.Zero; var foundBpfMatch = false; var packetsToTry = 10; var sw = System.Diagnostics.Stopwatch.StartNew(); while (packetsToTry > 0) { if (sw.ElapsedMilliseconds > 2000) { break; } var retval = device.GetNextPacketPointers(ref header, ref data); if (retval == 1) { packetsToTry--; Assert.AreNotEqual(IntPtr.Zero, header); Assert.AreNotEqual(IntPtr.Zero, data); // and test it against the bpf filter to confirm an exception is not thrown Assert.DoesNotThrow(() => { // we expect a match as we are sending an arp packet if (bpfProgram.Matches(header, data)) { foundBpfMatch = true; } } ); } } Assert.IsTrue(foundBpfMatch); }
public void BpfProgramMatches() { using var device = new CaptureFileReaderDevice(TestHelper.GetFile("arp_with_vlan.pcap")); device.Open(); var f = "(dst host 192.168.42.1) and (arp or tcp dst port 40499)"; // Make filter work with or without VLAN using var bpfProgram = BpfProgram.Create(LinkLayers.Ethernet, $"({f}) or (vlan and ({f}))"); Assert.IsFalse(bpfProgram.IsInvalid); device.GetNextPacket(out var packet); Assert.IsTrue(bpfProgram.Matches(packet.Data)); }