/// <summary>
/// The main entry point for the application.
/// </summary>
static void Main(string[] args)
{
// Print SharpPcap version
string ver = SharpPcap.Version.VersionString;
Console.WriteLine("SharpPcap {0}, Example12.PacketManipulation.cs", ver);
Console.WriteLine();
// Retrieve the device list
var devices = CaptureDeviceList.Instance;
// If no devices were found print an error
if(devices.Count<1)
{
Console.WriteLine("No devices were found on this machine");
return;
}
Console.WriteLine("The following devices are available on this machine:");
Console.WriteLine("----------------------------------------------------");
Console.WriteLine();
int i = 0;
// Print out the available devices
foreach(var dev in devices)
{
Console.WriteLine("{0}) {1}", i, dev.Description);
i++;
}
Console.WriteLine("{0}) {1}", i, "Read packets from offline pcap file");
Console.WriteLine();
Console.Write("-- Please choose a device to capture: ");
var choice = int.Parse( Console.ReadLine() );
ICaptureDevice device = null;
if(choice==i)
{
Console.Write("-- Please enter an input capture file name: ");
string capFile = Console.ReadLine();
device = new OfflineCaptureDevice(capFile);
}
else
{
device = devices[choice];
}
//Register our handler function to the 'packet arrival' event
device.OnPacketArrival +=
new PacketArrivalEventHandler(device_OnPacketArrival);
// Open the device for capturing
device.Open();
Console.WriteLine();
Console.WriteLine
("-- Listening on {0}, hit 'Ctrl-C' to exit...",
device.Description);
// Start capture 'INFINTE' number of packets
device.Capture();
// Close the pcap device
// (Note: this line will never be called since
// we're capturing infinite number of packets
device.Close();
}
/// <summary>
/// Parse packet capture (.pcap) file and create statistics output (.csv).
/// </summary>
/// <param name="filename">Packet capture (.pcap) file</param>
/// <param name="outputFoldername">Folder to write output (.csv) file</param>
static void parsePcap(string filename, DirectoryInfo outputFolder)
{
OfflineCaptureDevice pcapfile = new OfflineCaptureDevice(filename);
pcapfile.Open();
// Create a statistics file in the output statistics folder
string shortname = System.IO.Path.GetFileNameWithoutExtension(pcapfile.Name);
string netCsvFilename =
outputFolder.FullName + "\\" +
shortname +
"-net.csv";
string appCsvFilename =
outputFolder.FullName + "\\" +
shortname +
"-app.csv";
// It is possible that the pcap file is in use by another thread
// This can be detected by checking to see if the .csv file exists
// Return and find another pcap if it does
if (File.Exists(netCsvFilename)) return;
if (File.Exists(appCsvFilename)) return;
// Create stream writers for the output
StreamWriter netCsvWriter = new StreamWriter(netCsvFilename);
netCsvWriter.WriteLine("Pcap,DateStamp,TimeIndex,srcMAC,dstMAC,srcIP,srcIPstr,dstIP,dstIPstr,srcPORT,dstPORT,Type,Bytes,AppBytes");
StreamWriter appCsvWriter = new StreamWriter(appCsvFilename);
appCsvWriter.WriteLine("Pcap,DateStamp,TimeIndex,srcMAC,dstMAC,srcIP,srcIPstr,dstIP,dstIPstr,value1,value2,value3,value4");
// Loop thru the packets and record the statistics
RawCapture next = null;
while (true)
{
try
{
if ((next = pcapfile.GetNextPacket()) == null) break;
}
catch
{
continue;
}
// TCP/IP Communications
string srcMACstr = "unknown"; // Hexadecimal string
string srcIP = "";
string srcIPstr = ""; // Hexadecimal string
int srcPort = 0;
string dstMACstr = "unknown"; // Hexadecimal string
string dstIP = "";
string dstIPstr = ""; // Hexadecimal string
int dstPort = 0;
DateTime time = next.Timeval.Date;
Int64 linkByteCount = 0;
Int64 appByteCount = 0;
int itype = 0;
string appLayerStats = "";
// Ethernet packets
if (next.LinkLayerType != LinkLayers.Ethernet)
continue;
if (next.Data.Length < 20)
continue;
Packet link = null;
EthernetPacket ethernet = null;
try
{
link = Packet.ParsePacket(LinkLayers.Ethernet, next.Data);
ethernet = (EthernetPacket)link;
}
catch
{
continue;
}
srcMACstr = ethernet.SourceHwAddress.ToString();
dstMACstr = ethernet.DestinationHwAddress.ToString();
linkByteCount = link.Bytes.Length;
if (link.PayloadPacket is IpPacket)
{
IpPacket ip = (IpPacket)link.PayloadPacket;
srcIP = ip.SourceAddress.ToString();
srcIPstr = SimWitty.Library.Core.Encoding.Base16.ToBase16String(ip.SourceAddress.GetAddressBytes());
dstIP = ip.DestinationAddress.ToString();
dstIPstr = SimWitty.Library.Core.Encoding.Base16.ToBase16String(ip.DestinationAddress.GetAddressBytes());
if (ip.PayloadPacket is TcpPacket)
{
TcpPacket tcp = (TcpPacket)ip.PayloadPacket;
srcPort = tcp.SourcePort;
dstPort = tcp.DestinationPort;
appByteCount = tcp.PayloadData.Length;
itype = 1;
appLayerStats = ApplicationLayerHandling(itype, dstPort, tcp.PayloadData);
}
if (ip.PayloadPacket is UdpPacket)
{
UdpPacket udp = (UdpPacket)ip.PayloadPacket;
srcPort = udp.SourcePort;
dstPort = udp.DestinationPort;
appByteCount = udp.PayloadData.Length;
itype = 2;
}
}
// "Pcap,DateStamp,TimeIndex,srcMAC,dstMAC,srcIP,srcIPstr,dstIP,dstIPstr,srcPORT,dstPORT,Type,Bytes,AppBytes"
netCsvWriter.WriteLine("{0},{1} {2},{3},{4},{5},{6},{7},{8},{9},{10},{11},{12},{13},{14}",
shortname,
time.ToShortDateString(),
time.ToLongTimeString(),
time.Hour + "_" + time.Minute,
srcMACstr,
dstMACstr,
srcIP,
srcIPstr,
dstIP,
dstIPstr,
srcPort,
dstPort,
itype.ToString(),
linkByteCount.ToString(),
appByteCount.ToString()
);
// "Pcap,DateStamp,TimeIndex,srcMAC,srcMACstr,dstMAC,dstMACstr,srcIP,srcIPstr,dstIP,dstIPstr,value1,value2,value3,value4"
if (appLayerStats.Length != 0)
{
appCsvWriter.WriteLine("{0},{1} {2},{3},{4},{5},{6},{7},{8},{9},{10}",
shortname,
time.ToShortDateString(),
time.ToLongTimeString(),
time.Hour + "_" + time.Minute,
srcMACstr,
dstMACstr,
srcIP,
srcIPstr,
dstIP.ToString(),
dstIPstr,
appLayerStats);
}
}
// Close the output
netCsvWriter.Flush();
netCsvWriter.Close();
appCsvWriter.Flush();
appCsvWriter.Close();
// Close the pcap device
pcapfile.Close();
// The pause that refreshes
System.Threading.Thread.Sleep(1000);
}