public bool StartSniffing(LivePcapDevice deviceToSniff)
{
try
{
device = deviceToSniff;
// Open the device for capturing
int readTimeoutMilliseconds = 1000;
//device.StopCaptureTimeout = new TimeSpan(0, 1, 0);
device.Open(DeviceMode.Promiscuous, readTimeoutMilliseconds);
device.SetFilter(GetFilterExpression());
packetQueue = new Queue();
sniffingThread = new Thread(new ThreadStart(SnifferLoop));
sniffingThread.Name = "Sniffing Thread";
sniffingThread.IsBackground = true;
sniffingThread.Start();
decodingThread = new Thread(new ThreadStart(DecoderLoop));
decodingThread.Name = "Decoding Thread";
decodingThread.IsBackground = true;
decodingThread.Start();
Log("Sniffing started");
}
catch (Exception e)
{
Log(e.ToString());
return false;
}
return true;
}
public bool StartSniffing(LivePcapDevice deviceToSniff)
{
try
{
device = deviceToSniff;
// Open the device for capturing
int readTimeoutMilliseconds = 1000;
//device.StopCaptureTimeout = new TimeSpan(0, 1, 0);
device.Open(DeviceMode.Promiscuous, readTimeoutMilliseconds);
device.SetFilter(GetFilterExpression());
packetQueue = new Queue();
sniffingThread = new Thread(new ThreadStart(SnifferLoop));
sniffingThread.Name = "Sniffing Thread";
sniffingThread.IsBackground = true;
sniffingThread.Start();
decodingThread = new Thread(new ThreadStart(DecoderLoop));
decodingThread.Name = "Decoding Thread";
decodingThread.IsBackground = true;
decodingThread.Start();
Log("Sniffing started");
}
catch (Exception e)
{
Log(e.ToString());
return(false);
}
return(true);
}
public string[] ProvideDeviceNames()
{
// Print SharpPcap version
string ver = SharpPcap.Version.VersionString;
Console.WriteLine("SharpPcap {0}, Example1.IfList.cs", ver);
// Retrieve the device list
LivePcapDeviceList devices = LivePcapDeviceList.Instance;
LivePcapDevice device = null;
// If no devices were found print an error
if (devices.Count < 1)
{
//Console.WriteLine("No devices were found on this machine");
return(null);
}
devc = new string[150];
// Print out the available network devices
int i = 0;
foreach (LivePcapDevice dev in devices)
{
devc[i] = dev.Description;
i += 1;
/////////////////////Console.WriteLine("{0}\n", dev.ToString());
}
return(devc);
}
//配置文件不存在时,重新创建一个。默认网卡名称为找到的第一个网卡的名称
//默认路径为 C:\\SharpSharkDump
public static void reCreateConfigFile()
{
var devices = LivePcapDeviceList.Instance;
if (devices.Count < 1)
{
MessageBox.Show("未发现活动网卡,请检查网卡是否启用");
return;
}
LivePcapDevice device = devices[0];//获取第一个取得的网卡
XmlTextWriter writer = new XmlTextWriter(configFilePath, null);
writer.Formatting = Formatting.Indented;
//写入根元素
writer.WriteStartElement("SharpSharkConfig");
//加入子元素
writer.WriteElementString("NICName", device.Interface.FriendlyName);
writer.WriteElementString("fileStorePath", "C:\\SharpSharkDump.dmp");
writer.WriteElementString("deviceModeString", "Normal");
//关闭根元素,并书写结束标签
writer.WriteEndElement();
//将XML写入文件并且关闭XmlTextWriter
writer.Close();
}
private void 开始ToolStripMenuItem_Click(object sender, EventArgs e)
{
this.停止ToolStripMenuItem.Enabled = true;
this.开始ToolStripMenuItem.Enabled = false;
//设置状态信息
StringBuilder sb = new StringBuilder();
sb.Append("当前网卡:" + SharpShark.configClass.NICName);
sb.Append(" 当前捕获模式:" + SharpShark.configClass.deviceModeDescription);
sb.Append(" 捕获正在进行……");
this.lblStatus.Text = sb.ToString();
//确定目标设备
device = utility.getLiveDevice();
device.OnPacketArrival += new PacketArrivalEventHandler(device_OnPacketArrival);
int readTimeoutMilliseconds = 1000;
//读取设备模式
device.Open(SharpShark.configClass.deviceMode, readTimeoutMilliseconds);
//设置过滤器
if (this.toolStripCmbFilter.Text != "")
{
device.Filter = this.toolStripCmbFilter.Text.ToString();
}
//设置捕获数据包存储路径
string dumpFilePath = configClass.fileStorePath;
device.DumpOpen(dumpFilePath);
device.StartCapture();
}
public PacketSniffer(LogDelegate logDelegate)
{
Log = logDelegate;
aborting = false;
device = null;
packetLock = new object();
packetAvailiable = new AutoResetEvent(false);
disposed = false;
}
public PacketSniffer(LogDelegate logDelegate)
{
Log = logDelegate;
aborting = false;
device = null;
packetLock = new object();
packetAvailiable = new AutoResetEvent(false);
disposed = false;
}
private void btnStart_Click(object sender, EventArgs e)
{
device = utility.getLiveDevice();
device.OnPcapStatistics +=
new StatisticsModeEventHandler(device_OnPcapStatistics);
device.Open();
device.Mode = CaptureMode.Statistics;
device.OnPacketArrival += new PacketArrivalEventHandler(arrival);
device.StartCapture();
}
private void btnStart_Click(object sender, EventArgs e)
{
device = utility.getLiveDevice();
device.OnPcapStatistics +=
new StatisticsModeEventHandler(device_OnPcapStatistics);
device.Open();
device.Mode = CaptureMode.Statistics;
device.OnPacketArrival += new PacketArrivalEventHandler(arrival);
device.StartCapture();
}
// Return the first IPv4 address found for the device
private PcapAddress GetIPV4Sockddr(LivePcapDevice device)
{
foreach (PcapAddress address in device.Addresses)
{
if (address.Addr.sa_family == AF_INET)
{
return(address);
}
}
return(null);
}
private void PcapOpen()
{
networkIndex = appSettings.netWork;
device = LivePcapDeviceList.Instance[appSettings.netWork];
// ハンドラ設定
device.OnPacketArrival += OnPacketArrival;
// デバイスオープン
int readTimeoutMilliseconds = 1000;
device.Open(DeviceMode.Promiscuous, readTimeoutMilliseconds);
// キャプチャ開始
device.StartCapture();
}
public void Connect(IStatusUpdate IStatusUpdate)
{
m_State = DHCPState.INIT;
m_bStop = false;
m_IStatusUpdate = IStatusUpdate;
m_Instance = this;
m_Device = null;
m_dtBound = DateTime.MaxValue;
m_FilterThread = new Thread(new ThreadStart(StartFilter));
m_FilterThread.Start();
m_TimerThread = new Thread(new ThreadStart(TimerHandler));
m_TimerThread.Start();
}
/// <summary>
/// 获取用户选择的或者默认的LivePcapDevice
/// </summary>
/// <returns></returns>
internal static LivePcapDevice getLiveDevice()
{
var devices = LivePcapDeviceList.Instance;
LivePcapDevice device = null;
if (devices.Count < 1)
{
MessageBox.Show("未发现活动网卡,请检查网卡是否启用");
}
int index = 0;
for (int i = 0; i < devices.Count; i++)
{
if (devices[i].Interface.FriendlyName == configClass.NICName)
{
index = i;
break;
}
}
device = devices[index];
return(device);
}
//发送ARP广播,返回192.168局域网中其他计算机的ARP相应数据包
public static ArrayList ARPBroadcast(LivePcapDevice device)
{
ArrayList tmpArrayList = new ArrayList();
PhysicalAddress localMAC = device.Interface.MacAddress;
//这是我们伪造的一个IP
IPAddress srcIP = IPAddress.Parse("192.168.3.3");
String arpFilter = "arp and ether dst " + localMAC.ToString();
//open the device with 20ms timeout
device.Open(DeviceMode.Normal, 20);
device.Filter = arpFilter;
IPAddress destIP;
SharpPcap.ARP tmpArp=new ARP();
//发送65535个数据包耗时30秒,这30秒内到达的数据包由网卡缓存
for (int i = 0; i < 256; i++)
{
for (int j = 0; j < 256; j++)
{
destIP = IPAddress.Parse("192.168." + i.ToString() + "." + j.ToString());
//request是Packet类型
var request = tmpArp.BuildRequest(destIP, localMAC, srcIP);
//发送数据包到网络中
device.SendPacket(request);
}
}
DateTime StartTime = DateTime.Now;
DateTime endTime = StartTime.AddSeconds(5);
PacketDotNet.ARPPacket arpPacket = null;
//接收5秒钟数据包,然后闪人
while (DateTime.Now <= endTime)
{
var reply = device.GetNextPacket();
if (reply == null)
continue;
var packet = PacketDotNet.Packet.ParsePacket(reply);
arpPacket = PacketDotNet.ARPPacket.GetEncapsulated(packet);
if (arpPacket == null)
{
continue;
}
else
{
//exists判断是否ARP回应包存在重复
bool exists = false;
foreach (Object obj in tmpArrayList)
{
ARPPacket tmp=(ARPPacket)obj;
if (arpPacket.SenderHardwareAddress==tmp.SenderHardwareAddress)
{
exists = true;
break;
}
}
if (exists == false)
{
tmpArrayList.Add(arpPacket);
}
}
}
device.Close();
return tmpArrayList;
}
private void 开始ToolStripMenuItem_Click(object sender, EventArgs e)
{
this.停止ToolStripMenuItem.Enabled = true;
this.开始ToolStripMenuItem.Enabled = false;
//设置状态信息
StringBuilder sb = new StringBuilder();
sb.Append("当前网卡:" + SharpShark.configClass.NICName);
sb.Append(" 当前捕获模式:" + SharpShark.configClass.deviceModeDescription);
sb.Append(" 捕获正在进行……");
this.lblStatus.Text = sb.ToString();
//确定目标设备
device = utility.getLiveDevice();
device.OnPacketArrival += new PacketArrivalEventHandler(device_OnPacketArrival);
int readTimeoutMilliseconds = 1000;
//读取设备模式
device.Open(SharpShark.configClass.deviceMode, readTimeoutMilliseconds);
//设置过滤器
if (this.toolStripCmbFilter.Text != "")
{
device.Filter = this.toolStripCmbFilter.Text.ToString();
}
//设置捕获数据包存储路径
string dumpFilePath = configClass.fileStorePath;
device.DumpOpen(dumpFilePath);
device.StartCapture();
}
private void cbInterface_SelectedIndexChanged(object sender, EventArgs e)
{
device = LivePcapDeviceList.Instance[cbInterface.SelectedIndex];
}
private void ToggleCaptureLanAdapterButton_Click(object sender, EventArgs e)
{
int index = lanAdapterComboBox.SelectedIndex;
if (index == 0 || index >= lanAdapterComboBox.Items.Count) return;
CurrentPcapDevice = LanAdapterList[index - 1];
//if (CurrentPcapDevice.Started)
if (PacketCapturing)
{
toggleCaptureLanAdapterButton.Enabled = false;
//ThreadPool.QueueUserWorkItem(new WaitCallback(BackgroundStopCapture), CurrentPcapDevice);
PacketCapturing = false;
}
else
{
try
{
lanAdapterComboBox.Enabled = false;
if (!CurrentPcapDevice.Opened)
{
CurrentPcapDevice.Open(DeviceMode.Promiscuous, 1);
//CurrentPcapDevice.OnPacketArrival += new PacketArrivalEventHandler(LanAdapterOnPacketArrival);
}
}
catch (Exception ex)
{
AppendToLogTextBox(ex.ToString());
lanAdapterComboBox.Enabled = true;
return;
}
//CurrentPcapDevice.StartCapture();
PacketCapturing = true;
ThreadPool.QueueUserWorkItem(new WaitCallback(LanAdapterPacketCaptureLoop), CurrentPcapDevice);
toggleCaptureLanAdapterButton.Text = "PSPと通信停止";
}
}
public bool Start()
{
try
{
LivePcapDeviceList devices = LivePcapDeviceList.Instance;
foreach (LivePcapDevice device in devices)
{
if (device.Name != sSelfAddress) continue;
device.OnPacketArrival += new PacketArrivalEventHandler(MyPcapCapture);
if (!(device.Opened)) device.Open();
curDevice = device;
device.Mode = CaptureMode.Packets;
device.NonBlockingMode = true;
device.Filter = "tcp";
device.StartCapture();
stState = States.Started;
}
return true;
}
catch
{
return false;
}
}
private void cbInterface_SelectedIndexChanged(object sender, EventArgs e)
{
device = LivePcapDeviceList.Instance[cbInterface.SelectedIndex];
}
// Return the first IPv4 address found for the device
private PcapAddress GetIPV4Sockddr(LivePcapDevice device)
{
foreach (PcapAddress address in device.Addresses)
{
if (address.Addr.sa_family == AF_INET)
{
return address;
}
}
return null;
}
//发送ARP广播,返回192.168局域网中其他计算机的ARP相应数据包
public static ArrayList ARPBroadcast(LivePcapDevice device)
{
ArrayList tmpArrayList = new ArrayList();
PhysicalAddress localMAC = device.Interface.MacAddress;
//这是我们伪造的一个IP
IPAddress srcIP = IPAddress.Parse("192.168.3.3");
String arpFilter = "arp and ether dst " + localMAC.ToString();
//open the device with 20ms timeout
device.Open(DeviceMode.Normal, 20);
device.Filter = arpFilter;
IPAddress destIP;
SharpPcap.ARP tmpArp = new ARP();
//发送65535个数据包耗时30秒,这30秒内到达的数据包由网卡缓存
for (int i = 0; i < 256; i++)
{
for (int j = 0; j < 256; j++)
{
destIP = IPAddress.Parse("192.168." + i.ToString() + "." + j.ToString());
//request是Packet类型
var request = tmpArp.BuildRequest(destIP, localMAC, srcIP);
//发送数据包到网络中
device.SendPacket(request);
}
}
DateTime StartTime = DateTime.Now;
DateTime endTime = StartTime.AddSeconds(5);
PacketDotNet.ARPPacket arpPacket = null;
//接收5秒钟数据包,然后闪人
while (DateTime.Now <= endTime)
{
var reply = device.GetNextPacket();
if (reply == null)
{
continue;
}
var packet = PacketDotNet.Packet.ParsePacket(reply);
arpPacket = PacketDotNet.ARPPacket.GetEncapsulated(packet);
if (arpPacket == null)
{
continue;
}
else
{
//exists判断是否ARP回应包存在重复
bool exists = false;
foreach (Object obj in tmpArrayList)
{
ARPPacket tmp = (ARPPacket)obj;
if (arpPacket.SenderHardwareAddress == tmp.SenderHardwareAddress)
{
exists = true;
break;
}
}
if (exists == false)
{
tmpArrayList.Add(arpPacket);
}
}
}
device.Close();
return(tmpArrayList);
}
private void StartFilter()
{
m_Device = null;
while (!m_bStop)
{
try
{
LivePcapDeviceList devices = null;
devices = LivePcapDeviceList.Instance;
int i = 0;
/* Scan the list printing every entry */
foreach (LivePcapDevice dev in devices)
{
if (dev.Description.ToString() == m_strNIC)
{
m_Device = devices[i];
break;
}
else
{
i++;
}
}
if (m_Device == null)
{
m_IStatusUpdate.UpdateStatus("Failed to get handle to NIC");
}
else
{
//Open the device for capturing
int readTimeoutMilliseconds = 1000;
m_Device.Open(DeviceMode.Promiscuous, readTimeoutMilliseconds);
//Register our handler function to the 'packet arrival' event
m_Device.OnPacketArrival += new PacketArrivalEventHandler(device_OnPacketArrival);
// udpdump filter to capture only UDP/IP packets
string filter = "udp";
m_Device.SetFilter(filter);
if (m_dtBound != DateTime.MaxValue)
{
m_IStatusUpdate.UpdateStatus("Next update at " + (m_dtBound + m_spanLease).ToString());
}
else
{
m_IStatusUpdate.UpdateStatus("Started DHCP Client...");
}
// Start capture packets
m_Device.Capture();
// NO stop request...
if (!m_bStop)
{
if (m_Device != null)
{
m_Device.Close();
m_Device = null;
}
}
}
}
catch (Exception exc)
{
m_IStatusUpdate.UpdateStatus("Exception: " + exc.Message);
try
{
m_Device.Close();
}
catch (Exception)
{ }
m_Device = null;
}
Thread.Sleep(1000);
}
}
