public virtual void TCPData()
{
PcapOfflineDevice dev = Pcap.GetPcapOfflineDevice("../../capture_files/tcp_with_extra_bytes.pcap");
dev.Open();
Packet p;
p = dev.GetNextPacket();
Assert.IsNotNull(p);
Console.WriteLine(p.GetType());
Assert.IsTrue(p is TCPPacket);
TCPPacket t = (TCPPacket)p;
// even though the packet has 6 bytes of extra data, the ip packet shows a size of
// 40 and the ip header has a length of 20. The TCP header is also 20 bytes so
// there should be zero bytes in the TCPData value
int expectedTcpDataLength = 0;
Assert.AreEqual(expectedTcpDataLength, t.TCPData.Length);
dev.Close();
}
public void LibpcapVersionTest()
{
var libpcap = "libpcap version 1.10.0";
var versions = new[] {
// https://github.com/nmap/nmap/issues/1566
"libpcap version 1.9.0 (packet.dll version 0.992)",
// Npcap
"Npcap version 0.991, based on libpcap version 1.8.1",
// Libpcap
libpcap + " (with TPACKET_V3)",
libpcap + " (SNF-only)",
libpcap + " (Septel-only)",
libpcap + " (DPDK-only)",
"DOS-" + libpcap,
// WinPcap (legacy)
"WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008)",
// Currently installed
Pcap.Version
};
foreach (var ver in versions)
{
var version = Pcap.GetLibpcapVersion(ver);
Assert.GreaterOrEqual(version, new Version(1, 0));
}
Assert.AreEqual(Pcap.GetLibpcapVersion("invalid"), new Version(0, 0));
}
public void IPv6PacketTestParsing()
{
PcapOfflineDevice dev = Pcap.GetPcapOfflineDevice("../../capture_files/ipv6_icmpv6_packet.pcap");
dev.Open();
Packet p;
int packetIndex = 0;
while ((p = dev.GetNextPacket()) != null)
{
Console.WriteLine("got packet");
switch (packetIndex)
{
case 0:
VerifyPacket0(p);
break;
default:
Assert.Fail("didn't expect to get to packetIndex " + packetIndex);
break;
}
packetIndex++;
}
dev.Close();
}
public Form1()
{
InitializeComponent();
InitializeBackgroundWorker();
comboBox3.DataSource = Pcap.GetAllDevices();
comboBox3.DisplayMember = "Description";
}
public void ParsingArpPacketRequestResponse()
{
PcapOfflineDevice dev = Pcap.GetPcapOfflineDevice("../../capture_files/arp_request_response.pcap");
dev.Open();
Packet p;
int packetIndex = 0;
while ((p = dev.GetNextPacket()) != null)
{
Console.WriteLine("got packet");
Console.WriteLine("{0}", p.ToString());
switch (packetIndex)
{
case 0:
VerifyPacket0(p);
break;
case 1:
VerifyPacket1(p);
break;
default:
Assert.Fail("didn't expect to get to packetIndex " + packetIndex);
break;
}
packetIndex++;
}
dev.Close();
}
public void UDPData()
{
Packet p;
UDPPacket u;
PcapOfflineDevice dev = Pcap.GetPcapOfflineDevice("../../capture_files/udp_dns_request_response.pcap");
dev.Open();
// check the first packet
p = dev.GetNextPacket();
Assert.IsNotNull(p);
Assert.IsTrue(p is UDPPacket);
u = (UDPPacket)p;
Assert.AreEqual(41 - u.UDPHeader.Length, u.UDPData.Length, "UDPData.Length mismatch");
// check the second packet
p = dev.GetNextPacket();
Assert.IsNotNull(p);
Assert.IsTrue(p is UDPPacket);
u = (UDPPacket)p;
Assert.AreEqual(356 - u.UDPHeader.Length, u.UDPData.Length, "UDPData.Length mismatch");
Console.WriteLine("u is {0}", u.ToString());
dev.Close();
}
private void FillComboBoxDevices()
{
// Retrieve the device list and set it as the combo box data source
comboBoxDevices.DataSource = Pcap.GetAllDevices();
// Set the combo box display member
comboBoxDevices.DisplayMember = "Description";
}
public static void Main(string[] args)
{
string ver = SharpPcap.Version.VersionString;
/* Print SharpPcap version */
Console.WriteLine("SharpPcap {0}, Example2.ArpResolve.cs", ver);
Console.WriteLine();
/* Retrieve the device list */
List <PcapDevice> devices = Pcap.GetAllDevices();
/*If no device exists, print error */
if (devices.Count < 1)
{
Console.WriteLine("No device found on this machine");
return;
}
Console.WriteLine("The following devices are available on this machine:");
Console.WriteLine("----------------------------------------------------");
Console.WriteLine();
int i = 0;
/* Scan the list printing every entry */
foreach (PcapDevice dev in devices)
{
/* Description */
Console.WriteLine("{0}) {1} {2}", i, dev.Name, dev.Description);
i++;
}
Console.WriteLine();
Console.Write("-- Please choose a device for sending the ARP request: ");
i = int.Parse(Console.ReadLine());
string device = devices[i].Name;
System.Net.IPAddress ip;
while (true)
{
Console.Write("-- Please enter IP address to be resolved by ARP: ");
if (System.Net.IPAddress.TryParse(Console.ReadLine(), out ip))
{
break;
}
Console.WriteLine("Bad IP address format, please try again");
}
//Create a new ARP resolver
//(for more info, see:
//http://www.tamirgal.com/home/SourceView.aspx?Item=SharpPcap&File=ARP.cs)
ARP arper = new ARP(device);
//print the resolved address
Console.WriteLine(ip + " is at: " + arper.Resolve(ip));
}
private IEnumerable <LabeledPacketData> PrepareSinglePacketData(string[] packetFiles, string[] maliciousIps)
{
Stopwatch stopwatch = new Stopwatch();
Console.WriteLine("=============== Preparing Single Packet Data ===============");
Console.WriteLine();
Console.WriteLine($"Start data prep using {packetFiles.Length} packet files, {maliciousIps.Length} malicious Ips.");
Console.WriteLine($"Files Being Processed:");
foreach (var file in packetFiles)
{
Console.WriteLine($"\t{file}");
}
stopwatch.Start();
var ipv4Packets = packetFiles
.SelectMany(x => Pcap.FromFile(x).Packets)
.Where(x => x.Body is EthernetFrame && ((EthernetFrame)x.Body).EtherType == EthernetFrame.EtherTypeEnum.Ipv4)
.Select(x => (TimeStamp: x.TsSec, Packet: ((Ipv4Packet)((EthernetFrame)x.Body).Body)))
.ToArray();
var largestPacketSize = ipv4Packets.Max(x => x.Packet.M_RawBody.Length);
Console.WriteLine($"Largest Packet Size: {largestPacketSize} bytes.");
var packets = ipv4Packets
.Select(x =>
{
var labeledPacket = new LabeledPacketData()
{
SrcIp = x.Packet.SrcIpAddrStr,
IsMalicious = maliciousIps.Contains(x.Packet.SrcIpAddrStr),
PacketLength = x.Packet.M_RawBody.Length,
PacketBody = new byte[largestPacketSize]
};
Array.Copy(x.Packet.M_RawBody, labeledPacket.PacketBody, x.Packet.M_RawBody.Length);
return(labeledPacket);
});
stopwatch.Stop();
Console.WriteLine("Time elapsed: {0}", stopwatch.Elapsed);
Console.WriteLine("=============== End of data prep ===============");
return(packets);
}
private void button3_Click(object sender, EventArgs e)
{
PS4RemotePlayData remotePlayData = _settingManager.GetRemotePlayData();
if (remotePlayData != null)
{
OpenFileDialog openFileDialog = new OpenFileDialog();
openFileDialog.Filter = @"PCAP files|*.pcap";
DialogResult result = openFileDialog.ShowDialog(); // Show the dialog.
if (result == DialogResult.OK) // Test result.
{
ClearPcapOutputLogOutput();
string file = openFileDialog.FileName;
try
{
var packets = Pcap.ReadFile(file).TrySelect(record => PacketParser.Parse(new ArraySegment <byte>(record.Data.Skip(14).ToArray())));
var ipPackets = packets as IpPacket[] ?? packets.ToArray();
var tcpRemotePlayPackets = ipPackets.
Where(p => p != null).
Where(p => p.ProtocolType == ProtocolType.Tcp).
Where(p =>
{
var packetData = p.PacketData.AsByteArraySegment();
ushort sourcePort = p.PacketData.Array.ReadNetOrderUShort(packetData.Offset);
ushort destinationPort = p.PacketData.Array.ReadNetOrderUShort(2 + packetData.Offset);
return(sourcePort == 9295 || destinationPort == 9295);
}).
ToArray();
var udpRemotePlayPackets = ipPackets.
Where(p => p != null).
Where(p => p.ProtocolType == ProtocolType.Udp).
Select(p => p.ToUdpDatagram()).
Where(p => p.UdpDatagramHeader.SourcePort == 9296 ||
p.UdpDatagramHeader.DestinationPort == 9296).
ToArray();
Session session = CheckForConnectionAesKey(tcpRemotePlayPackets);
CheckForBigBangPayload(udpRemotePlayPackets, session);
}
catch (IOException)
{
}
}
}
else
{
MessageBox.Show("Could not search for AES keys. No register data is available.", "No PS4 Data", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
public void TestParsingKnownPackets()
{
PcapOfflineDevice dev = Pcap.GetPcapOfflineDevice("../../capture_files/test_stream.pcap");
dev.Open();
Packet p;
int packetIndex = 0;
while ((p = dev.GetNextPacket()) != null)
{
Console.WriteLine("got packet");
switch (packetIndex)
{
case 0:
VerifyPacket0(p);
break;
case 1:
VerifyPacket1(p);
break;
case 2:
VerifyPacket2(p);
break;
case 3:
VerifyPacket3(p);
break;
case 4:
VerifyPacket4(p);
break;
case 5:
VerifyPacket5(p);
break;
default:
Assert.Fail("didn't expect to get to packetIndex " + packetIndex);
break;
}
packetIndex++;
}
dev.Close();
}
public static void Run(string[] args)
{
int lLen = EthernetFields_Fields.ETH_HEADER_LEN;
const int MIN_PKT_LEN = 42;
byte[] data = System.Text.Encoding.ASCII.GetBytes("HELLO");
byte[] bytes = new byte[MIN_PKT_LEN + data.Length];
Array.Copy(data, 0, bytes, MIN_PKT_LEN, data.Length);
List <PcapDevice> devices = Pcap.GetAllDevices();
PcapDevice device = devices[2];
UDPPacket packet = new UDPPacket(lLen, bytes);
//Ethernet Fields
packet.DestinationHwAddress = PhysicalAddress.Parse("001122334455");
// NOTE: the source hw address will be filled in by the network stack or the
// network hardware
// packet.SourceHwAddress = device.MacAddress;
packet.EthernetProtocol = EthernetPacket.EtherType.IP;
//IP Fields
packet.DestinationAddress = System.Net.IPAddress.Parse("58.100.187.167");
// NOTE: the source address will be filled in by the network stack based on
// the device used for sending
// packet.SourceAddress = System.Net.IPAddress.Parse(device.IpAddress);
packet.IPProtocol = IPProtocol.IPProtocolType.UDP;
packet.TimeToLive = 20;
packet.ipv4.Id = 100;
packet.IPVersion = IPPacket.IPVersions.IPv4;
packet.ipv4.IPTotalLength = bytes.Length - lLen;
packet.ipv4.IPHeaderLength = IPv4Fields_Fields.IP_HEADER_LEN;
//UDP Fields
packet.DestinationPort = 9898;
packet.SourcePort = 80;
//TODO: checksum methods are disabled due to unfinished ipv4/ipv6 work
throw new System.NotImplementedException();
// packet.ComputeIPChecksum();
// packet.ComputeUDPChecksum();
device.Open();
device.SendPacket(packet);
device.Close();
}
static void Main(string[] args)
{
var pcap = new Pcap();
pcap.Open(ConfigurationManager.AppSettings["Adapter"]);
var address = IPAddress.Parse(ConfigurationManager.AppSettings["Address"]);
var port = UInt16.Parse(ConfigurationManager.AppSettings["Port"]);
Packet packet = null;
long tx = 0, rx = 0;
while (true)
{
if ((packet = pcap.Next()) != null)
{
var eth = new EthernetHeader(packet.Data);
if (eth.Protocol == (int)EthernetProtocol.IP)
{
var ip = new IPHeader(eth);
if (ip.Protocol == IPProtocol.Tcp)
{
var tcp = new TcpHeader(ip);
if (ip.SourceIp.Equals(address) && tcp.SourcePort == port)
{
rx += tcp.Length;
}
else if (ip.DestinationIp.Equals(address) && tcp.DestinationPort == port)
{
tx += tcp.Length;
}
}
}
}
if (KeyPressed())
{
Console.WriteLine("{0},{1}", tx, rx);
tx = 0;
rx = 0;
}
}
}
public void PcapGetAllDevicesTest()
{
List <PcapDevice> devices = Pcap.GetAllDevices();
if (devices.Count == 0)
{
Console.WriteLine("No pcap supported devices found, are you running" +
" as a user with access to adapters (root on Linux)?");
}
else
{
Console.WriteLine("Found {0} devices", devices.Count);
}
foreach (PcapDevice d in devices)
{
Console.WriteLine(d.ToString());
}
}
// This starts the capturing
public void Start()
{
// DISABLED
return;
List <PcapDevice> devices = Pcap.GetAllDevices();
if (devices.Count < 1)
{
General.Fail("No network devices connected.");
return;
}
// Find the device we want to track traffic on
foreach (PcapDevice dev in devices)
{
// Just pick any device that has an address
if (dev.Addresses.Count > 0)
{
trackdevice = dev;
}
}
string addrstr = "";
for (int i = 0; i < trackdevice.Addresses.Count; i++)
{
if (trackdevice.Addresses[i].Addr.type != SharpPcap.Containers.Sockaddr.Type.HARDWARE)
{
if (addrstr.Length > 0)
{
addrstr += ", ";
}
addrstr += "'" + trackdevice.Addresses[i].Addr.ipAddress + "'";
}
}
General.WriteLogLine("Tracking network on device '" + trackdevice.Description.Trim() + "' with address " + addrstr);
// Start capturing packets
trackdevice.Open(true, 1000);
trackdevice.OnPacketArrival += PacketHandler;
trackdevice.StartCapture();
}
public static void Main1(string[] args)
{
string ver = SharpPcap.Version.VersionString;
/* Print SharpPcap version */
Console.WriteLine("SharpPcap {0}, SendTcpSynExample.cs", ver);
Console.WriteLine();
/* Retrieve the device list */
List <PcapDevice> devices = Pcap.GetAllDevices();
/*If no device exists, print error */
if (devices.Count < 1)
{
Console.WriteLine("No device found on this machine");
return;
}
Console.WriteLine("The following devices are available on this machine:");
Console.WriteLine("----------------------------------------------------");
Console.WriteLine();
int i = 0;
/* Scan the list printing every entry */
foreach (PcapDevice dev in devices)
{
/* Description */
Console.WriteLine("{0}) {1}", i, dev.Description);
i++;
}
Console.WriteLine();
Console.Write("-- Please choose a device for sending: ");
i = int.Parse(Console.ReadLine());
PcapDevice device = devices[i];
SendTcpSyn(device);
}
public override CommandResult Execute()
{
var datagrams = Pcap.ReadFile(PcapFile).
TrySelect(record =>
Tx.Network.PacketParser.Parse(record.Data.Skip(14).ToArray())).
Where(p => p != null).
Where(p => p.ProtocolType == ProtocolType.Udp).
Select(p => p.ToUdpDatagram()).
Where(p => p.UdpDatagramHeader.SourcePort == Port ||
p.UdpDatagramHeader.DestinationPort == Port).
ToArray();
var cryptoBlob = SharedSecret.HexToBytes();
var decryptor = new MessageAnalyzer(cryptoBlob);
foreach (var datagram in datagrams)
{
var messageInfo = decryptor.ReadMessage(datagram.UdpData.ToArray());
Console.WriteLine($"From: {datagram.UdpDatagramHeader.SourcePort}, To: {datagram.UdpDatagramHeader.DestinationPort}");
Console.WriteLine($"Message Type: {messageInfo.MessageType}");
Console.WriteLine($"Request Ack: {messageInfo.RequestAcknowledge}");
Console.WriteLine($"Version: {messageInfo.Version}");
Console.WriteLine($"ChannelId: {messageInfo.ChannelId}");
if (!String.IsNullOrEmpty(messageInfo.Json))
{
Console.WriteLine($"Json: {messageInfo.Json}");
}
else
{
Console.WriteLine($"Binary: {messageInfo.Data.ToHex()}");
}
Console.WriteLine();
}
return(CommandResult.Success);
}
public virtual void Checksum()
{
PcapOfflineDevice dev = Pcap.GetPcapOfflineDevice("../../capture_files/tcp.pcap");
dev.Open();
Packet p;
p = dev.GetNextPacket();
Assert.IsNotNull(p);
Console.WriteLine(p.GetType());
Assert.IsTrue(p is TCPPacket);
TCPPacket t = (TCPPacket)p;
Console.WriteLine("Checksum: " + t.Checksum.ToString("X"));
Assert.IsTrue(t.ValidChecksum);
dev.Close();
}
public void TCPChecksumIPv6()
{
PcapOfflineDevice dev = Pcap.GetPcapOfflineDevice("../../capture_files/ipv6_http.pcap");
dev.Open();
Packet p;
// checksums from wireshark of the capture file
int[] expectedChecksum = { 0x41a2,
0x4201,
0x5728,
0xf448,
0xee07,
0x939c,
0x63e4,
0x4590,
0x3725,
0x3723 };
int packetIndex = 0;
while ((p = dev.GetNextPacket()) != null)
{
Assert.IsTrue(p is TCPPacket);
TCPPacket t = (TCPPacket)p;
Assert.IsTrue(t.ValidChecksum);
// compare the computed checksum to the expected one
Assert.AreEqual(expectedChecksum[packetIndex],
t.ComputeTCPChecksum());
packetIndex++;
}
dev.Close();
}
/// <summary>
/// Resolves the MAC address of the specified IP address
/// </summary>
/// <param name="destIP">The IP address to resolve</param>
/// <param name="deviceName">The local network device name on which to send the ARP request</param>
/// <returns>The MAC address that matches to the given IP address</returns>
public PhysicalAddress Resolve(System.Net.IPAddress destIP, string deviceName)
{
PhysicalAddress localMAC = LocalMAC;
System.Net.IPAddress localIP = LocalIP;
//NetworkDevice device = new NetworkDevice(DeviceName);
PcapDevice device = Pcap.GetPcapDevice(DeviceName);
//FIXME: PcapDevices don't have IpAddress
// These were present under Windows specific network adapters
// and may be present in pcap in the future with pcap-ng
// if no local ip address is specified use the one from the
// local device
#if false
if (localIP == null)
{
localIP = device.IpAddress;
}
#endif
// if no local mac address is specified use the one from the device
if (LocalMAC == null)
{
localMAC = device.Interface.MacAddress;
}
//Build a new ARP request packet
ARPPacket request = BuildRequest(destIP, localMAC, localIP);
//create a "tcpdump" filter for allowing only arp replies to be read
String arpFilter = "arp and ether dst " + localMAC.ToString();
//open the device with 20ms timeout
device.Open(true, 20);
//set the filter
device.SetFilter(arpFilter);
//inject the packet to the wire
device.SendPacket(request);
ARPPacket reply;
while (true)
{
//read the next packet from the network
reply = (ARPPacket)device.GetNextPacket();
if (reply == null)
{
continue;
}
//if this is the reply we're looking for, stop
if (reply.ARPSenderProtoAddress.Equals(destIP))
{
break;
}
}
//free the device
device.Close();
//return the resolved MAC address
return(reply.ARPSenderHwAddress);
}
private IEnumerable <SummaryPacketData> PrepareSummaryData(string[] packetFiles, int[] includedPorts, string[] maliciousIps, int windowSize = 5)
{
Stopwatch stopwatch = new Stopwatch();
Console.WriteLine("=============== Preparing Summary Window Packet Data ===============");
Console.WriteLine();
Console.WriteLine($"Start data prep using {packetFiles.Length} packet files, {includedPorts.Length} included ports, {maliciousIps?.Length ?? 0} malicious Ips and window size of {windowSize} seconds.");
Console.WriteLine($"Files Being Processed:");
foreach (var file in packetFiles)
{
Console.WriteLine($"\t{file}");
}
stopwatch.Start();
var ipv4Packets = packetFiles
.SelectMany(x => Pcap.FromFile(x).Packets)
.Where(x => x.Body is EthernetFrame && ((EthernetFrame)x.Body).EtherType == EthernetFrame.EtherTypeEnum.Ipv4)
.Select(x => (TimeStamp: x.TsSec, Packet: ((Ipv4Packet)((EthernetFrame)x.Body).Body)))
.ToArray();
Console.WriteLine($"Done Extracting Packets for cap files. Found {ipv4Packets.Length} IPv4 packets");
var dataTimeSpan = (Min : ipv4Packets.Select(x => x.TimeStamp).Min(), Max : ipv4Packets.Select(x => x.TimeStamp).Max());
var totalWindows = Math.Ceiling((float)((dataTimeSpan.Max - dataTimeSpan.Min) / windowSize));
Console.WriteLine($"Date time range for packets is {dataTimeSpan.Min} - {dataTimeSpan.Max} ({totalWindows} total window chunks)");
var uniqueIps = ipv4Packets
.SelectMany(x => new[] { x.Packet.SrcIpAddrStr, x.Packet.DstIpAddrStr })
.Distinct();
Console.WriteLine($"{uniqueIps.Count()} unique IP's found in the data. Starting packet summarization");
var data = ipv4Packets
.GroupBy((x => (x.TimeStamp - dataTimeSpan.Min - ((x.TimeStamp - dataTimeSpan.Min) % windowSize)) / windowSize))
.AsParallel()
.SelectMany(window =>
window
.SelectMany(x => new[] { x.Packet.SrcIpAddrStr, x.Packet.DstIpAddrStr })
.Distinct()
.AsParallel()
.Select(ip =>
{
var packetData = window.Where(x => x.Packet.DstIpAddrStr == ip || x.Packet.SrcIpAddrStr == ip);
var portData = includedPorts.SelectMany(x =>
{
var portPackets = packetData.Where(y => Convert.ToInt32(y.Packet.Protocol) == x);
return(portPackets.Any() ? new[]
{
(float)x,
((float)portPackets.Average(p => p.Packet.TotalLength)),
(float)portPackets.Where(p => p.Packet.DstIpAddrStr == ip).Count(),
(float)portPackets.Where(p => p.Packet.SrcIpAddrStr == ip).Count()
} : new[] { 0.0f, 0.0f, 0.0f, 0.0f });
}).ToArray();
return((packetData.Count() == 0 || portData.Sum() == 0) ? null : new SummaryPacketData()
{
WindowSize = windowSize,
Ip = ip,
IsMalicious = maliciousIps != null ? maliciousIps.Contains(ip) : false,
PortData = portData
});
})
)
.Where(x => x != null)
.ToArray();
if (maliciousIps != null)
{
var malIps = data.Where(x => x.IsMalicious).Count();
Console.WriteLine($"Data summarization done, Labels found. {malIps} packet windows out of {data.Count()} labels as malicious.");
}
stopwatch.Stop();
Console.WriteLine("Time elapsed: {0}", stopwatch.Elapsed);
Console.WriteLine("=============== End of data prep ===============");
return(data);
}
private void FillComboBoxDevices()
{
comboBoxDevices.DataSource = Pcap.GetAllDevices();
comboBoxDevices.DisplayMember = "Description";
comboBoxDevices.SelectedIndex = -1;
}
/// <summary>
/// Initializes a new instance of the <see cref="PacketCapture"/> class.
/// </summary>
public PacketCapture()
{
TraceFactory.Logger.Info("New instance created");
_networkPackets = new Pcap();
}
/// <summary>
/// Resolves the MAC address of the specified IP address
/// </summary>
/// <param name="destIP">The IP address to resolve</param>
/// <param name="deviceName">The local network device name on which to send the ARP request</param>
/// <returns>The MAC address that matches to the given IP address</returns>
public PhysicalAddress Resolve(System.Net.IPAddress destIP, string deviceName)
{
PhysicalAddress localMAC = LocalMAC;
System.Net.IPAddress localIP = LocalIP;
//NetworkDevice device = new NetworkDevice(DeviceName);
PcapDevice device = Pcap.GetPcapDevice(DeviceName);
//FIXME: PcapDevices don't have IpAddress
// These were present under Windows specific network adapters
// and may be present in pcap in the future with pcap-ng
// if no local ip address is specified use the one from the
// local device
#if false
if (localIP == null)
{
localIP = device.IpAddress;
}
#endif
// if no local mac address is specified use the one from the device
if (LocalMAC == null)
{
localMAC = device.Interface.MacAddress;
}
//Build a new ARP request packet
ARPPacket request = BuildRequest(destIP, localMAC, localIP);
//create a "tcpdump" filter for allowing only arp replies to be read
//String arpFilter = "arp and ether dst 00:1E:33:A6:FA:52";
String arpFilter = "arp and ether dst ";
byte[] mac = localMAC.GetAddressBytes();
for (int i = 0; i < mac.Length; i++)
{
// Display the physical address in hexadecimal.
arpFilter += mac[i].ToString("X2");
// Insert a hyphen after each byte, unless we are at the end of the
// address.
if (i != mac.Length - 1)
{
arpFilter += ":";
}
}
// arpFilter += mac;
//open the device with 20ms timeout
device.Open(true, 20);
//set the filter
device.SetFilter(arpFilter);
//inject the packet to the wire
device.SendPacket(request);
ARPPacket reply;
while (true)
{
//read the next packet from the network
reply = (ARPPacket)device.GetNextPacket();
if (reply == null)
{
continue;
}
//if this is the reply we're looking for, stop
if (reply.ARPSenderProtoAddress.Equals(destIP))
{
break;
}
}
//free the device
device.Close();
//return the resolved MAC address
return(reply.ARPSenderHwAddress);
}
