public static void Main(string[] args) { // Print SharpPcap version string ver = SharpPcap.Version.VersionString; Console.WriteLine("SharpPcap {0}, Example8.ReadFile.cs\n", ver); Console.WriteLine(); // read the file from stdin or from the command line arguments string capFile; if(args.Length == 0) { Console.Write("-- Please enter an input capture file name: "); capFile = Console.ReadLine(); } else { // use the first argument as the filename capFile = args[0]; } Console.WriteLine("opening '{0}'", capFile); ICaptureDevice device; try { // Get an offline device device = new OfflineCaptureDevice( capFile ); // Open the device device.Open(); } catch(Exception e) { Console.WriteLine("Caught exception when opening file" + e.ToString()); return; } //Register our handler function to the 'packet arrival' event device.OnPacketArrival += new PacketArrivalEventHandler( device_OnPacketArrival ); Console.WriteLine(); Console.WriteLine ("-- Capturing from '{0}', hit 'Ctrl-C' to exit...", capFile); // Start capture 'INFINTE' number of packets // This method will return when EOF reached. device.Capture(); // Close the pcap device device.Close(); Console.WriteLine("-- End of file reached."); Console.Write("Hit 'Enter' to exit..."); Console.ReadLine(); }
/// <summary> /// Basic capture example /// </summary> public static void Main(string[] args) { // Print SharpPcap version string ver = SharpPcap.Version.VersionString; Console.WriteLine("SharpPcap {0}, Example10.SendQueues.cs\n", ver); Console.Write("-- Please enter an input capture file name: "); string capFile = Console.ReadLine(); ICaptureDevice device; try { // Get an offline file pcap device device = new OfflineCaptureDevice(capFile); // Open the device for capturing device.Open(); } catch(Exception e) { Console.WriteLine(e.Message); return; } Console.Write("Queueing packets..."); //Allocate a new send queue var squeue = new WinPcap.SendQueue ( (int)((OfflineCaptureDevice)device).FileSize ); RawCapture packet; try { //Go through all packets in the file and add to the queue while((packet = device.GetNextPacket()) != null ) { if( !squeue.Add( packet ) ) { Console.WriteLine("Warning: packet buffer too small, "+ "not all the packets will be sent."); break; } } } catch(Exception e) { Console.WriteLine(e.Message); return; } Console.WriteLine("OK"); Console.WriteLine(); Console.WriteLine("The following devices are available on this machine:"); Console.WriteLine("----------------------------------------------------"); Console.WriteLine(); int i=0; var devices = LibPcap.LibPcapLiveDeviceList.Instance; /* Scan the list printing every entry */ foreach(var dev in devices) { /* Description */ Console.WriteLine("{0}) {1} {2}", i, dev.Name, dev.Description); i++; } Console.WriteLine(); Console.Write("-- Please choose a device to transmit on: "); i = int.Parse( Console.ReadLine() ); devices[i].Open(); string resp; if(devices[i].LinkType != device.LinkType) { Console.Write("Warning: the datalink of the capture" + " differs from the one of the selected interface, continue? [YES|no]"); resp = Console.ReadLine().ToLower(); if((resp!="")&&( !resp.StartsWith("y"))) { Console.WriteLine("Cancelled by user!"); devices[i].Close(); return; } } // close the offline device device.Close(); // find the network device for sending the packets we read device = devices[i]; Console.Write("This will transmit all queued packets through"+ " this device, continue? [YES|no]"); resp = Console.ReadLine().ToLower(); if((resp!="") && ( !resp.StartsWith("y"))) { Console.WriteLine("Cancelled by user!"); return; } try { var winPcapDevice = device as WinPcap.WinPcapDevice; Console.Write("Sending packets..."); int sent = winPcapDevice.SendQueue(squeue, WinPcap.SendQueueTransmitModes.Synchronized); Console.WriteLine("Done!"); if( sent < squeue.CurrentLength ) { Console.WriteLine("An error occurred sending the packets: {0}. "+ "Only {1} bytes were sent\n", device.LastError, sent); } } catch(Exception e) { Console.WriteLine( "Error: "+e.Message ); } //Free the queue squeue.Dispose(); Console.WriteLine("-- Queue is disposed."); //Close the pcap device device.Close(); Console.WriteLine("-- Device closed."); Console.Write("Hit 'Enter' to exit..."); Console.ReadLine(); }
/// <summary> /// Parse packet capture (.pcap) file and create statistics output (.csv). /// </summary> /// <param name="filename">Packet capture (.pcap) file</param> /// <param name="outputFoldername">Folder to write output (.csv) file</param> static void parsePcap(string filename, DirectoryInfo outputFolder) { OfflineCaptureDevice pcapfile = new OfflineCaptureDevice(filename); pcapfile.Open(); // Create a statistics file in the output statistics folder string shortname = System.IO.Path.GetFileNameWithoutExtension(pcapfile.Name); string netCsvFilename = outputFolder.FullName + "\\" + shortname + "-net.csv"; string appCsvFilename = outputFolder.FullName + "\\" + shortname + "-app.csv"; // It is possible that the pcap file is in use by another thread // This can be detected by checking to see if the .csv file exists // Return and find another pcap if it does if (File.Exists(netCsvFilename)) { return; } if (File.Exists(appCsvFilename)) { return; } // Create stream writers for the output StreamWriter netCsvWriter = new StreamWriter(netCsvFilename); netCsvWriter.WriteLine("Pcap,DateStamp,TimeIndex,srcMAC,dstMAC,srcIP,srcIPstr,dstIP,dstIPstr,srcPORT,dstPORT,Type,Bytes,AppBytes"); StreamWriter appCsvWriter = new StreamWriter(appCsvFilename); appCsvWriter.WriteLine("Pcap,DateStamp,TimeIndex,srcMAC,dstMAC,srcIP,srcIPstr,dstIP,dstIPstr,value1,value2,value3,value4"); // Loop thru the packets and record the statistics RawCapture next = null; while (true) { try { if ((next = pcapfile.GetNextPacket()) == null) { break; } } catch { continue; } // TCP/IP Communications string srcMACstr = "unknown"; // Hexadecimal string string srcIP = ""; string srcIPstr = ""; // Hexadecimal string int srcPort = 0; string dstMACstr = "unknown"; // Hexadecimal string string dstIP = ""; string dstIPstr = ""; // Hexadecimal string int dstPort = 0; DateTime time = next.Timeval.Date; Int64 linkByteCount = 0; Int64 appByteCount = 0; int itype = 0; string appLayerStats = ""; // Ethernet packets if (next.LinkLayerType != LinkLayers.Ethernet) { continue; } if (next.Data.Length < 20) { continue; } Packet link = null; EthernetPacket ethernet = null; try { link = Packet.ParsePacket(LinkLayers.Ethernet, next.Data); ethernet = (EthernetPacket)link; } catch { continue; } srcMACstr = ethernet.SourceHwAddress.ToString(); dstMACstr = ethernet.DestinationHwAddress.ToString(); linkByteCount = link.Bytes.Length; if (link.PayloadPacket is IpPacket) { IpPacket ip = (IpPacket)link.PayloadPacket; srcIP = ip.SourceAddress.ToString(); srcIPstr = SimWitty.Library.Core.Encoding.Base16.ToBase16String(ip.SourceAddress.GetAddressBytes()); dstIP = ip.DestinationAddress.ToString(); dstIPstr = SimWitty.Library.Core.Encoding.Base16.ToBase16String(ip.DestinationAddress.GetAddressBytes()); if (ip.PayloadPacket is TcpPacket) { TcpPacket tcp = (TcpPacket)ip.PayloadPacket; srcPort = tcp.SourcePort; dstPort = tcp.DestinationPort; appByteCount = tcp.PayloadData.Length; itype = 1; appLayerStats = ApplicationLayerHandling(itype, dstPort, tcp.PayloadData); } if (ip.PayloadPacket is UdpPacket) { UdpPacket udp = (UdpPacket)ip.PayloadPacket; srcPort = udp.SourcePort; dstPort = udp.DestinationPort; appByteCount = udp.PayloadData.Length; itype = 2; } } // "Pcap,DateStamp,TimeIndex,srcMAC,dstMAC,srcIP,srcIPstr,dstIP,dstIPstr,srcPORT,dstPORT,Type,Bytes,AppBytes" netCsvWriter.WriteLine("{0},{1} {2},{3},{4},{5},{6},{7},{8},{9},{10},{11},{12},{13},{14}", shortname, time.ToShortDateString(), time.ToLongTimeString(), time.Hour + "_" + time.Minute, srcMACstr, dstMACstr, srcIP, srcIPstr, dstIP, dstIPstr, srcPort, dstPort, itype.ToString(), linkByteCount.ToString(), appByteCount.ToString() ); // "Pcap,DateStamp,TimeIndex,srcMAC,srcMACstr,dstMAC,dstMACstr,srcIP,srcIPstr,dstIP,dstIPstr,value1,value2,value3,value4" if (appLayerStats.Length != 0) { appCsvWriter.WriteLine("{0},{1} {2},{3},{4},{5},{6},{7},{8},{9},{10}", shortname, time.ToShortDateString(), time.ToLongTimeString(), time.Hour + "_" + time.Minute, srcMACstr, dstMACstr, srcIP, srcIPstr, dstIP.ToString(), dstIPstr, appLayerStats); } } // Close the output netCsvWriter.Flush(); netCsvWriter.Close(); appCsvWriter.Flush(); appCsvWriter.Close(); // Close the pcap device pcapfile.Close(); // The pause that refreshes System.Threading.Thread.Sleep(1000); }