protected virtual void OnPacketArrival(PacketArrivedEventArgs e) { if (PacketArrival != null) { PacketArrival(this, e); } }
/// <summary> /// 捕捉事件 /// </summary> /// <param name="sender"></param> /// <param name="args"></param> private void OnCapture(Object sender, PacketArrivedEventArgs args) { //Console.Clear(); //Length = Length + args.PacketLength; //args.Protocol可以是TCP:/UDP:/ICMP:/IGMP:/UNKNOWN if (args.Protocol != Setting.Instance.Protocal.ToString()) { return; } if (this.capturedIp.ToString() != args.DestinationAddress || args.DestinationPort != Setting.Instance.CapturedPort) { return; } Console.WriteLine(" 目标IP:" + args.DestinationAddress + "\t目标端口:" + args.DestinationPort + "\t协议版本:" + args.IPVersion + "\t源地址:" + args.OriginationAddress + "\t源端口:" + args.OriginationPort + "\tIP包长度:" + args.PacketLength + "\t协议类型:" + args.Protocol); Console.WriteLine(" Data: " + BitConverter.ToString(args.ReceiveBuffer, 16)); Task.Run(() => { DateTime timeCreated = DateTime.Now; UInt32 ts_sec = (UInt32)((timeCreated.Subtract(new DateTime(1970, 1, 1))).TotalSeconds); UInt32 ts_usec = (UInt32)(((timeCreated.Subtract(new DateTime(1970, 1, 1))).TotalMilliseconds) - ((UInt32)((timeCreated.Subtract(new DateTime(1970, 1, 1))).TotalSeconds * 1000))) * 1000; UInt32 incl_len = (UInt32)args.PacketLength; PcapPacket packet = new PcapPacket(ts_sec, ts_usec, args.ReceiveBuffer, args.PacketLength); writer.WritePacket(packet); }); }
/// <summary> /// 解析接收的数据包,形成PacketArrivedEventArgs时间数据类对象,并引发PacketArrival事件 /// </summary> /// <param name="buf"></param> /// <param name="len"></param> unsafe private void Receive(byte[] buf, int len) { byte temp_protocol = 0; uint temp_version = 0; uint temp_ip_srcaddr = 0; uint temp_ip_destaddr = 0; short temp_srcport = 0; short temp_dstport = 0; IPAddress temp_ip; PacketArrivedEventArgs e = new PacketArrivedEventArgs(); udp_hdr * pUdpheader; //UDP头结构体指针 IPHeader * head; //IP头结构体指针 tcp_hdr * pTcpheader; //TCP头结构体指针 icmp_hdr * pIcmpheader; //ICMP头结构体指针 IPHeader2 *Portheader; //端口指针 fixed(byte *fixed_buf = buf) { int lentcp, lenudp, lenicmp, lenip; head = (IPHeader *)fixed_buf; //IP头结构体指针 Portheader = (IPHeader2 *)fixed_buf; pTcpheader = (tcp_hdr *)(fixed_buf + sizeof(IPHeader)); //TCP头结构体指针 pUdpheader = (udp_hdr *)(fixed_buf + sizeof(IPHeader)); pIcmpheader = (icmp_hdr *)(fixed_buf + sizeof(IPHeader)); //计算各种包的长度(只有判断是否是该包后才有意义,先计算出来) lenip = ntohs(head->ip_totallength); try { lentcp = ntohs(head->ip_totallength) - (sizeof(IPHeader) + sizeof(tcp_hdr)); lenudp = ntohs(head->ip_totallength) - (sizeof(IPHeader) + sizeof(udp_hdr)); lenicmp = ntohs(head->ip_totallength) - (sizeof(IPHeader) + sizeof(icmp_hdr)); e.HeaderLength = (uint)(head->ip_verlen & 0x0F) << 2; temp_protocol = head->ip_protocol; temp_dstport = *(short *)&fixed_buf[e.HeaderLength + 2]; switch (temp_protocol) { case 1: e.Protocol = "ICMP"; break; case 2: e.Protocol = "IGMP"; break; case 6: e.Protocol = "TCP"; e.DestinationPort = ntoUint(pTcpheader->dport); e.PacketLength = (uint)lenip + (uint)(sizeof(IPHeader) + sizeof(tcp_hdr)); break; case 17: e.Protocol = "UDP"; e.DestinationPort = ntoUint(pUdpheader->dport); e.PacketLength = (uint)lenudp + (uint)(sizeof(IPHeader) + sizeof(udp_hdr)); break; default: e.Protocol = "UNKNOWN"; break; } temp_version = (uint)(head->ip_verlen & 0xF0) >> 4; e.IPVersion = temp_version.ToString(); temp_ip_srcaddr = head->ip_srcaddr; temp_ip_destaddr = head->ip_destaddr; temp_ip = new IPAddress(temp_ip_srcaddr); e.OriginationAddress = temp_ip.ToString(); temp_ip = new IPAddress(temp_ip_destaddr); e.DestinationAddress = temp_ip.ToString(); temp_srcport = *(short *)&fixed_buf[e.HeaderLength]; e.OriginationPort = (Portheader->sport); //int acb = IPAddress.NetworkToHostOrder(Portheader->sport); //e.DestinationPort = ntoUint(Portheader->dport); //int abc = IPAddress.NetworkToHostOrder(Portheader->dport); //e.PacketLength = (uint)lenip; e.MessageLength = e.PacketLength - e.HeaderLength; e.ReceiveBuffer = new byte[e.PacketLength]; e.IPHeaderBuffer = new byte[e.HeaderLength]; e.MessageBuffer = new byte[e.MessageLength]; //把buf中的IP头赋给PacketArrivedEventArgs中的IPHeaderBuffer Array.Copy(buf, 0, e.IPHeaderBuffer, 0, (int)e.HeaderLength); //把buf中的包中内容赋给PacketArrivedEventArgs中的MessageBuffer Array.Copy(buf, (int)e.HeaderLength, e.MessageBuffer, 0, (int)e.MessageLength); //如果是TCP或UDP协议,则生成IP数据包 if (temp_protocol == 6 || temp_protocol == 17) { byte[] data = new byte[e.PacketLength]; Array.Copy(buf, 0, data, 0, e.PacketLength); e.ReceiveBuffer = NetUtils.GeneratLinkData(e.OriginationAddress , e.DestinationAddress , PacketType.IPv4 , data); } else { e.ReceiveBuffer = new byte[e.PacketLength]; Array.Copy(buf, 0, e.ReceiveBuffer, 0, e.PacketLength); } } catch { } } //引发PacketArrival事件 OnPacketArrival(e); }