/// <summary>
        /// The main entry point for the application.
        /// </summary>
        static void Main(string[] args)
        {
            // Print SharpPcap version
            string ver = SharpPcap.Version.VersionString;
            Console.WriteLine("SharpPcap {0}, Example12.PacketManipulation.cs", ver);
            Console.WriteLine();

            // Retrieve the device list
            var devices = CaptureDeviceList.Instance;

            // If no devices were found print an error
            if(devices.Count<1)
            {
                Console.WriteLine("No devices were found on this machine");
                return;
            }

            Console.WriteLine("The following devices are available on this machine:");
            Console.WriteLine("----------------------------------------------------");
            Console.WriteLine();

            int i = 0;

            // Print out the available devices
            foreach(var dev in devices)
            {
                Console.WriteLine("{0}) {1}", i, dev.Description);
                i++;
            }
            Console.WriteLine("{0}) {1}", i, "Read packets from offline pcap file");

            Console.WriteLine();
            Console.Write("-- Please choose a device to capture: ");
            var choice = int.Parse( Console.ReadLine() );

            ICaptureDevice device = null;
            if(choice==i)
            {
                Console.Write("-- Please enter an input capture file name: ");
                string capFile = Console.ReadLine();
                device = new OfflineCaptureDevice(capFile);
            }
            else
            {
                device = devices[choice];
            }

            //Register our handler function to the 'packet arrival' event
            device.OnPacketArrival += 
                new PacketArrivalEventHandler(device_OnPacketArrival);

            // Open the device for capturing
            device.Open();

            Console.WriteLine();
            Console.WriteLine
                ("-- Listening on {0}, hit 'Ctrl-C' to exit...",
                device.Description);

            // Start capture 'INFINTE' number of packets
            device.Capture();

            // Close the pcap device
            // (Note: this line will never be called since
            //  we're capturing infinite number of packets
            device.Close();
        }
예제 #2
-1
        /// <summary>
        /// Parse packet capture (.pcap) file and create statistics output (.csv).
        /// </summary>
        /// <param name="filename">Packet capture (.pcap) file</param>
        /// <param name="outputFoldername">Folder to write output (.csv) file</param>
        static void parsePcap(string filename, DirectoryInfo outputFolder)
        {
            OfflineCaptureDevice pcapfile = new OfflineCaptureDevice(filename);
            pcapfile.Open();

            // Create a statistics file in the output statistics folder
            string shortname = System.IO.Path.GetFileNameWithoutExtension(pcapfile.Name);

            string netCsvFilename =
                outputFolder.FullName + "\\" +
                shortname +
                "-net.csv";

            string appCsvFilename =
                outputFolder.FullName + "\\" +
                shortname +
                "-app.csv";

            // It is possible that the pcap file is in use by another thread
            // This can be detected by checking to see if the .csv file exists
            // Return and find another pcap if it does

            if (File.Exists(netCsvFilename)) return;
            if (File.Exists(appCsvFilename)) return;

            // Create stream writers for the output

            StreamWriter netCsvWriter = new StreamWriter(netCsvFilename);
            netCsvWriter.WriteLine("Pcap,DateStamp,TimeIndex,srcMAC,dstMAC,srcIP,srcIPstr,dstIP,dstIPstr,srcPORT,dstPORT,Type,Bytes,AppBytes");

            StreamWriter appCsvWriter = new StreamWriter(appCsvFilename);
            appCsvWriter.WriteLine("Pcap,DateStamp,TimeIndex,srcMAC,dstMAC,srcIP,srcIPstr,dstIP,dstIPstr,value1,value2,value3,value4");

            // Loop thru the packets and record the statistics

            RawCapture next = null;

            while (true)
            {
                try
                {
                    if ((next = pcapfile.GetNextPacket()) == null) break;
                }
                catch
                {
                    continue;
                }

                // TCP/IP Communications

                string srcMACstr = "unknown"; // Hexadecimal string
                string srcIP = "";
                string srcIPstr = ""; // Hexadecimal string
                int srcPort = 0;

                string dstMACstr = "unknown"; // Hexadecimal string
                string dstIP = "";
                string dstIPstr = ""; // Hexadecimal string
                int dstPort = 0;

                DateTime time = next.Timeval.Date;
                Int64 linkByteCount = 0;
                Int64 appByteCount = 0;
                int itype = 0;
                string appLayerStats = "";

                // Ethernet packets

                if (next.LinkLayerType != LinkLayers.Ethernet)
                    continue;

                if (next.Data.Length < 20)
                    continue;

                Packet link = null;
                EthernetPacket ethernet = null;

                try
                {
                    link = Packet.ParsePacket(LinkLayers.Ethernet, next.Data);
                    ethernet = (EthernetPacket)link;
                }
                catch
                {
                    continue;
                }

                srcMACstr = ethernet.SourceHwAddress.ToString();
                dstMACstr = ethernet.DestinationHwAddress.ToString();

                linkByteCount = link.Bytes.Length;

                if (link.PayloadPacket is IpPacket)
                {
                    IpPacket ip = (IpPacket)link.PayloadPacket;

                    srcIP = ip.SourceAddress.ToString();
                    srcIPstr = SimWitty.Library.Core.Encoding.Base16.ToBase16String(ip.SourceAddress.GetAddressBytes());

                    dstIP = ip.DestinationAddress.ToString();
                    dstIPstr = SimWitty.Library.Core.Encoding.Base16.ToBase16String(ip.DestinationAddress.GetAddressBytes());

                    if (ip.PayloadPacket is TcpPacket)
                    {
                        TcpPacket tcp = (TcpPacket)ip.PayloadPacket;
                        srcPort = tcp.SourcePort;
                        dstPort = tcp.DestinationPort;
                        appByteCount = tcp.PayloadData.Length;
                        itype = 1;
                        appLayerStats = ApplicationLayerHandling(itype, dstPort, tcp.PayloadData);
                    }

                    if (ip.PayloadPacket is UdpPacket)
                    {
                        UdpPacket udp = (UdpPacket)ip.PayloadPacket;
                        srcPort = udp.SourcePort;
                        dstPort = udp.DestinationPort;
                        appByteCount = udp.PayloadData.Length;
                        itype = 2;
                    }

                }
                // "Pcap,DateStamp,TimeIndex,srcMAC,dstMAC,srcIP,srcIPstr,dstIP,dstIPstr,srcPORT,dstPORT,Type,Bytes,AppBytes"
                netCsvWriter.WriteLine("{0},{1} {2},{3},{4},{5},{6},{7},{8},{9},{10},{11},{12},{13},{14}",
                    shortname,
                    time.ToShortDateString(),
                    time.ToLongTimeString(),
                    time.Hour + "_" + time.Minute,
                    srcMACstr,
                    dstMACstr,
                    srcIP,
                    srcIPstr,
                    dstIP,
                    dstIPstr,
                    srcPort,
                    dstPort,
                    itype.ToString(),
                    linkByteCount.ToString(),
                    appByteCount.ToString()
                    );

                // "Pcap,DateStamp,TimeIndex,srcMAC,srcMACstr,dstMAC,dstMACstr,srcIP,srcIPstr,dstIP,dstIPstr,value1,value2,value3,value4"
                if (appLayerStats.Length != 0)
                {
                    appCsvWriter.WriteLine("{0},{1} {2},{3},{4},{5},{6},{7},{8},{9},{10}",
                        shortname,
                        time.ToShortDateString(),
                        time.ToLongTimeString(),
                        time.Hour + "_" + time.Minute,
                        srcMACstr,
                        dstMACstr,
                        srcIP,
                        srcIPstr,
                        dstIP.ToString(),
                        dstIPstr,
                        appLayerStats);
                }

            }

            // Close the output
            netCsvWriter.Flush();
            netCsvWriter.Close();
            appCsvWriter.Flush();
            appCsvWriter.Close();

            // Close the pcap device
            pcapfile.Close();

            // The pause that refreshes
            System.Threading.Thread.Sleep(1000);
        }