 |
|
|
sry!!! dont have read all the messages.... 
|
|
|
|
|
|
|
there is a method to read a file.acp(for example the same file that the program have created when I make StartDump) using a similar code with c#, because I will have the possibility to control the traffic after the sniffing.
thanks
|
|
|
|
|
|
|
|
|
|
I´m studing Electronical Engeneering in Universidad Simon Bolivar at Venezuela. For my thesis I have to create a homemade software that can capture traffic of VoIP among PC´s, after that I have to calculate some parameters of Quality of Service. I am aware Ethereal does all of these, and I know that Ethereal has free access to the codes, I downloaded " wireshark-0.99.2.tar". I have to develop my software in JAVA, I noticed that the codes are there but they are written in C. I´m not too good programming, I was assigned to this area for my thesis of fifth year, but clearly is not my specialty, therefore my project seems imposible for me, but I have faith you can help me with the codes in Java, (I know jpcap could help me, but I have no clue  how to develop the software). The program I have to develop is simple and is only for academic porpuses, therefore I`m positive someone would be able to help me... please!!... I only need the codes for those specific functions...
Thanks for your time and future help! 
Sincerely yours,
Andreina Toro
PD: if I´m able to finish my thesis on time with your help, your invited to Caracas to my graduation on march!... 
andre_t
|
|
|
|
|
|
|
This is just what i'm looking for, but the website does not seem to have the file dotnetwinpcap.dll.
Downloaded the developer pack for v3.1, but nothing in the zip apart from C++ files.
Can anyone help?
Thanks
|
|
|
|
|
|
|
This library is sweet, simple and easy to use.
However, the packet library only captures the header, instead of copying the entier packet of data, the packet listening routine just caputres the header bytes. Kind'a usless, so I did some changes to the code.
the only thing that needs to be changed is the InternalReadNext where the size of the buffer is determined from the header size, not the packet length. Change that and you ready to go.
Also, i noticed in order to get packets, you must set the SetMinToCopy to something, i set it to 1 and it works nicely, otherwise i think it's quite larg and it wont capture the packets in realtime, it some odd delay that won't go away if you don't change this.
|
|
|
|
|
|
|
The setmintocopy value means that winpcap will buffer packets up to this amount before firing. IF you want near real time response set it to something like 64. 1 is a bit low and will result in unncessary system calls.
|
|
|
|
|
|
|
Actually, the function is dotnetWinpCap.cs->ReadNextInternal
This set of changes worked for me:
string packetdata=(string)Marshal.PtrToStringAnsi(pktdata);
CloseHandle(pktdata);
/*
//byte[] packetdata=(byte[])
// clean up pkthdr
CloseHandle(pkthdr);
pkthdr=IntPtr.Zero;
*/
p=new PacketHeader();
//p.Caplength=(int)packetheader.caplen;
//p.Length=(int)packetheader.len;
p.Caplength = (int)packetdata.Length;
p.Length = (int)packetdata.Length;
p.ts = packetheader.ts;
packet_data=new byte[p.Length];
Marshal.Copy(pktdata, packet_data,0,p.Length);
return PCAP_NEXT_EX_STATE.SUCCESS;
Thanks.
|
|
|
|
|
|
|
I just wanted to say that I was able to contact the creator of this dll, and he specifically said that no one is allowed to decompile it. This means we can't have the source code. It's really a shame too.
Since he hasn't looked at the boards in so long, I thought I'd clarify that for others.
|
|
|
|
|
|
|
How to assemble the packets to get back image files and getting the search keywords used in google.com or other?
pls hlp me.
hi
|
|
|
|
|
|
|
Have you updated this at all to add filtering? if so can you provide?
|
|
|
|
|
|
|
Jpcap (Java) implements filtering, try using or porting that code (available on Sourceforge).
|
|
|
|
|
|
|
Could you mail me the source code of dotnetwinpcap.dll? It's very well done. Tks. My mail is nunommagalhaes@hotmail.com.
Greetings all,
Nuno Magalhaes.
|
|
|
|
|
|
|
You could decompile it using Reflector.Disassembler. http://www.denisbauer.com/NETTools/
|
|
|
|
|
|
|
[assembly: System.Reflection.AssemblyKeyName("")]
[assembly: System.Reflection.AssemblyKeyFile("d:\\data\\programming\\vcs\\key.snk")]
[assembly: System.Reflection.AssemblyDelaySign(false)]
[assembly: System.Reflection.AssemblyTrademark("")]
[assembly: System.Reflection.AssemblyCopyright("(c) 2003 Victor Tan")]
[assembly: System.Reflection.AssemblyProduct("")]
[assembly: System.Reflection.AssemblyCompany("utopian_centaury@yahoo.com")]
[assembly: System.Reflection.AssemblyConfiguration("")]
[assembly: System.Reflection.AssemblyDescription("Winpcap port for .NET framework")]
[assembly: System.Reflection.AssemblyTitle("dotnetWinpcap library")]
using System;
using System.Collections;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
public class Device
{
private string name;
private string description;
private string address;
private string netmask;
public Device()
{
name = null;
description = null;
address = null;
netmask = null;
return;
}
public virtual string Name
{
get
{
return name;
}
set
{
name = value;
return;
}
}
public virtual string Description
{
get
{
return description;
}
set
{
description = value;
return;
}
}
public virtual string Address
{
get
{
return address;
}
set
{
address = value;
return;
}
}
public virtual string Netmask
{
get
{
return netmask;
}
set
{
netmask = value;
return;
}
}
}
public class dotnetWinpCap
{
public class AlreadyOpenException : Exception
{
public AlreadyOpenException()
{
return;
}
public override string Message
{
get
{
return "Device attached to object already open. Close first before reopening";
}
}
}
delegate void packet_handler(int param, int header, int pkt_data);
public enum PCAP_NEXT_EX_STATE
{
SUCCESS = 1,
TIMEOUT = 0,
ERROR = -1,
EOF = -2,
UNKNOWN = -3,
}
delegate void ReceivePacket(object sender, PacketHeader p, System.Byte[] s);
delegate void DumpEnded(object sender);
delegate void ReceivePacketInternal(object sender, int header, int data);
public struct pcap_pkthdr
{
public dotnetWinpCap.timeval ts;
public UInt32 caplen;
public UInt32 len;
}
public struct timeval
{
public UInt32 tv_sec;
public UInt32 tv_usec;
}
private struct pcap_rmtauth
{
private int type;
private string username;
private string password;
}
private struct in_addr
{
public char b1;
public char b2;
public char b3;
public char b4;
public UInt16 w1;
public UInt16 w2;
public UInt64 addr;
}
private struct sockaddr
{
public short family;
public UInt16 port;
public System.Byte[] addr;
public System.Byte[] zero;
}
private struct pcap_addr
{
public int next;
public int addr;
public int netmask;
public int broadaddr;
public int dstaddr;
}
private struct pcap_if
{
public int next;
public string name;
public string description;
public int addresses;
public UInt32 flags;
}
private Thread ListenThread;
private bool disposed;
private dotnetWinpCap.packet_handler callback;
private string fname;
private int maxb;
private int maxp;
private bool m_islistening;
private bool m_isopen;
private string m_attachedDevice;
private int pcap_t;
private int dumper;
private dotnetWinpCap.ReceivePacket OnReceivePacket;
private dotnetWinpCap.DumpEnded OnDumpEnded;
private dotnetWinpCap.ReceivePacketInternal OnReceivePacketInternal;
private StringBuilder errbuf;
public dotnetWinpCap()
{
ListenThread = null;
disposed = 0;
callback = null;
fname = "";
maxb = 0;
maxp = 0;
m_islistening = 0;
m_isopen = 0;
m_attachedDevice = null;
pcap_t = IntPtr.Zero;
dumper = IntPtr.Zero;
errbuf = new StringBuilder(256);
return;
}
public virtual string AttachedDevice
{
get
{
return m_attachedDevice;
}
}
public virtual string LastError
{
get
{
return errbuf.ToString();
}
}
public virtual bool IsListening
{
get
{
return m_islistening;
}
}
public virtual bool IsOpen
{
get
{
return m_isopen;
}
}
public event dotnetWinpCap.ReceivePacket OnReceivePacket;
private event dotnetWinpCap.DumpEnded OnDumpEnded;
private event dotnetWinpCap.ReceivePacketInternal OnReceivePacketInternal;
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_findalldevs(ref int devicelist, StringBuilder errbuf);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_setbuff(int p, int kernelbufferbytes);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_live_dump(int p, string filename, int maxsize, int maxpacks);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_live_dump_ended(int p, int sync);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_dump_open(int p, string filename);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern void pcap_dump(int dumper, int h, int data);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern void pcap_dump_close(int dumper);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_sendpacket(int p, System.Byte[] buff, int size);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_loop(int p, int cnt, dotnetWinpCap.packet_handler callback, int user);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_open_live(string device, int snaplen, int promisc, int to_ms, StringBuilder ebuf);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern System.Byte[] pcap_next(int p, int pkt_header);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_setmintocopy(int p, int size);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern void pcap_freealldevs(int devicelist);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_open(string source, int snaplen, int flags, int read_timeout, int auth, StringBuilder errbuf);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_next_ex(int p, ref int pkt_header, ref int packetdata);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern void pcap_close(int p);
[DllImport("Kernel32", SetLastError=false)]
private static extern bool CloseHandle(int handle);
public static ArrayList FindAllDevs()
{
ArrayList arrayList;
dotnetWinpCap.pcap_if pcap_if;
int i;
StringBuilder stringBuilder;
int i1;
Device device;
dotnetWinpCap.pcap_addr pcap_addr;
dotnetWinpCap.sockaddr sockaddr;
dotnetWinpCap.sockaddr sockaddr1;
System.StringSystem.String[] arr;
arrayList = new ArrayList();
pcap_if.addresses = IntPtr.Zero;
pcap_if.description = new StringBuilder().ToString();
pcap_if.flags = 0;
pcap_if.name = new StringBuilder().ToString();
pcap_if.next = IntPtr.Zero;
i = IntPtr.Zero;
stringBuilder = new StringBuilder(256);
i1 = IntPtr.Zero;
if (dotnetWinpCap.pcap_findalldevs(ref i, stringBuilder) != -1)
{
goto ILO_006d;
}
return null;
ILO_006d:
i1 = i;
goto ILO_026f;
ILO_0075:
device = new Device();
arrayList.Add(device);
pcap_if = ((dotnetWinpCap.pcap_if)(Marshal.PtrToStructure(i, typeof(dotnetWinpCap.pcap_if))));
device.Name = pcap_if.name;
device.Description = pcap_if.description;
if (pcap_if.addresses.ToInt32() == 0)
{
goto ILO_0267;
}
pcap_addr = ((dotnetWinpCap.pcap_addr)(Marshal.PtrToStructure(pcap_if.addresses, typeof(dotnetWinpCap.pcap_addr))));
if (pcap_addr.addr.ToInt32() == 0)
{
goto ILO_01ab;
}
sockaddr = ((dotnetWinpCap.sockaddr)(Marshal.PtrToStructure(pcap_addr.addr, typeof(dotnetWinpCap.sockaddr))));
arr = new string[7];
arr[0] = sockaddr.addr[0].ToString();
arr[1] = ".";
arr[2] = sockaddr.addr[1].ToString();
arr[3] = ".";
arr[4] = sockaddr.addr[2].ToString();
arr[5] = ".";
arr[6] = sockaddr.addr[3].ToString();
device.Address = string.Concat(arr);
ILO_01ab:
if (pcap_addr.netmask.ToInt32() == 0)
{
goto ILO_0267;
}
sockaddr1 = ((dotnetWinpCap.sockaddr)(Marshal.PtrToStructure(pcap_addr.netmask, typeof(dotnetWinpCap.sockaddr))));
arr = new string[7];
arr[0] = sockaddr1.addr[0].ToString();
arr[1] = ".";
arr[2] = sockaddr1.addr[1].ToString();
arr[3] = ".";
arr[4] = sockaddr1.addr[2].ToString();
arr[5] = ".";
arr[6] = sockaddr1.addr[3].ToString();
device.Netmask = string.Concat(arr);
ILO_0267:
i = pcap_if.next;
ILO_026f:
if (i.ToInt32() != 0)
{
goto ILO_0075;
}
dotnetWinpCap.pcap_freealldevs(i1);
return arrayList;
}
public virtual bool Open(string source, int snaplen, int flags, int read_timeout)
{
if ((pcap_t != IntPtr.Zero) == 0)
{
goto ILO_0018;
}
throw new dotnetWinpCap.AlreadyOpenException();
ILO_0018:
pcap_t = dotnetWinpCap.pcap_open(source, snaplen, flags, read_timeout, IntPtr.Zero, errbuf);
if (pcap_t.ToInt32() == 0)
{
goto ILO_0050;
}
m_isopen = 1;
m_attachedDevice = source;
return 1;
ILO_0050:
m_isopen = 0;
m_attachedDevice = null;
return 0;
}
private void Loop()
{
int i;
callback = new dotnetWinpCap.packet_handler(this.LoopCallback);
i = IntPtr.Zero;
new HandleRef(callback, i);
dotnetWinpCap.pcap_loop(pcap_t, 0, callback, IntPtr.Zero);
return;
}
private void LoopCallback(int param, int header, int pkt_data)
{
dotnetWinpCap.pcap_pkthdr pcap_pkthdr;
System.ByteSystem.Byte[] arr;
Marshal.PtrToStringAnsi(param);
pcap_pkthdr = ((dotnetWinpCap.pcap_pkthdr)(Marshal.PtrToStructure(header, typeof(dotnetWinpCap.pcap_pkthdr))));
arr = new Byte[pcap_pkthdr.caplen];
Marshal.Copy(pkt_data, arr, 0, pcap_pkthdr.caplen);
Marshal.PtrToStringAnsi(pkt_data);
return;
}
private bool OpenLive(string source, int snaplen, int promisc, int to_ms)
{
pcap_t = dotnetWinpCap.pcap_open_live(source, snaplen, promisc, to_ms, errbuf);
if (pcap_t.ToInt32() == 0)
{
goto ILO_0025;
}
return 1;
ILO_0025:
return 0;
}
private dotnetWinpCap.PCAP_NEXT_EX_STATE ReadNextInternal(out PacketHeader p, out System.Byte[] packet_data, out int pkthdr, out int pktdata)
{
int i;
dotnetWinpCap.pcap_pkthdr pcap_pkthdr;
pkthdr = IntPtr.Zero;
pktdata = IntPtr.Zero;
p = null;
packet_data = null;
if (pcap_t.ToInt32() != 0)
{
goto ILO_003c;
}
errbuf = new StringBuilder("No adapter is currently open");
return -1;
ILO_003c:
i = dotnetWinpCap.pcap_next_ex(pcap_t, ref pkthdr, ref pktdata);
if (i != 0)
{
goto ILO_0050;
}
return 0;
ILO_0050:
if (i != 1)
{
goto ILO_00cc;
}
pcap_pkthdr = ((dotnetWinpCap.pcap_pkthdr)(Marshal.PtrToStructure(pkthdr, typeof(dotnetWinpCap.pcap_pkthdr))));
p = new PacketHeader();
p.Caplength = pcap_pkthdr.caplen;
p.Length = pcap_pkthdr.len;
p.ts = pcap_pkthdr.ts;
packet_data = new Byte[((System.UInt32)(p.Length))];
Marshal.Copy(pktdata, packet_data, 0, p.Length);
return 1;
ILO_00cc:
if (i != -1)
{
goto ILO_00d2;
}
return -1;
ILO_00d2:
if (i != -2)
{
goto ILO_00da;
}
return -2;
ILO_00da:
return -3;
}
public virtual dotnetWinpCap.PCAP_NEXT_EX_STATE ReadNextInternal(out PacketHeader p, out System.Byte[] packet_data)
{
int i;
return ReadNextInternal(out p, out packet_data, out i, out i);
}
public virtual bool SendPacket(System.Byte[] packet_data)
{
int i;
i = dotnetWinpCap.pcap_sendpacket(pcap_t, packet_data, packet_data.Length);
if (i != 0)
{
goto ILO_0015;
}
return 1;
ILO_0015:
return 0;
}
private void MonitorDump()
{
if (dotnetWinpCap.pcap_live_dump_ended(pcap_t, 1) == 0)
{
goto ILO_0022;
}
if (OnDumpEnded == null)
{
goto ILO_0022;
}
OnDumpEnded.Invoke(this);
ILO_0022:
return;
}
private void DumpPacket(object sender, int header, int data)
{
if ((dumper != IntPtr.Zero) == 0)
{
goto ILO_001f;
}
dotnetWinpCap.pcap_dump(dumper, header, data);
ILO_001f:
return;
}
public virtual void StopDump()
{
dotnetWinpCap dotnetWinpCap;
dotnetWinpCap = this;
dotnetWinpCap.OnReceivePacketInternal = (Delegate.Remove(dotnetWinpCap.OnReceivePacketInternal, new dotnetWinpCap.ReceivePacketInternal(this.DumpPacket)) as dotnetWinpCap.ReceivePacketInternal);
if ((dumper != IntPtr.Zero) == 0)
{
goto ILO_004a;
}
dotnetWinpCap.pcap_dump_close(dumper);
dumper = IntPtr.Zero;
ILO_004a:
return;
}
public virtual bool StartDump(string filename)
{
bool bl;
dotnetWinpCap dotnetWinpCap;
if ((pcap_t != IntPtr.Zero) == 0)
{
goto ILO_004f;
}
try
{
dumper = dotnetWinpCap.pcap_dump_open(pcap_t, filename);
goto ILO_002b;
}
catch (object obj)
{
obj;
bl = 0;
goto ILO_0051;
}
ILO_002b:
dotnetWinpCap = this;
dotnetWinpCap.OnReceivePacketInternal = (Delegate.Combine(dotnetWinpCap.OnReceivePacketInternal, new dotnetWinpCap.ReceivePacketInternal(this.DumpPacket)) as dotnetWinpCap.ReceivePacketInternal);
return 1;
ILO_004f:
return 0;
ILO_0051:
return bl;
}
private bool StartLiveDump(string filename, int maxbytes, int maxpackets)
{
fname = filename;
maxb = maxbytes;
maxp = maxpackets;
if (dotnetWinpCap.pcap_live_dump(pcap_t, fname, maxb, maxp) != 0)
{
goto ILO_0048;
}
new Thread(new ThreadStart(this.MonitorDump));
return 1;
ILO_0048:
return 0;
}
public virtual bool SetMinToCopy(int size)
{
if (dotnetWinpCap.pcap_setmintocopy(pcap_t, size) != 0)
{
goto ILO_0010;
}
return 1;
ILO_0010:
return 0;
}
private void ReadNextLoop()
{
PacketHeader packetHeader;
System.ByteSystem.Byte[] arr;
int i;
int i1;
dotnetWinpCap.PCAP_NEXT_EX_STATE pCAP_NEXT_EX_STATE;
ILO_0000:
packetHeader = null;
arr = null;
pCAP_NEXT_EX_STATE = ReadNextInternal(out packetHeader, out arr, out i, out i1);
if (pCAP_NEXT_EX_STATE != 1)
{
goto ILO_0000;
}
if (OnReceivePacket == null)
{
goto ILO_002f;
}
OnReceivePacket.Invoke(this, packetHeader, arr);
ILO_002f:
if (OnReceivePacketInternal == null)
{
goto ILO_0000;
}
OnReceivePacketInternal.Invoke(this, i, i1);
goto ILO_0000;
}
public virtual bool SetKernelBuffer(int bytes)
{
if (dotnetWinpCap.pcap_setbuff(pcap_t, bytes) == 0)
{
goto ILO_0010;
}
return 0;
ILO_0010:
return 1;
}
public virtual void StartListen()
{
if (ListenThread == null)
{
goto ILO_0013;
}
ListenThread.Abort();
ILO_0013:
ListenThread = new Thread(new ThreadStart(this.ReadNextLoop));
ListenThread.Start();
m_islistening = 1;
return;
}
public virtual void StopListen()
{
if (ListenThread == null)
{
goto ILO_0027;
}
if (ListenThread.IsAlive == 0)
{
goto ILO_0020;
}
ListenThread.Abort();
ILO_0020:
ListenThread = null;
ILO_0027:
m_islistening = 0;
return;
}
public virtual void Close()
{
StopDump();
if (IsListening == 0)
{
goto ILO_0014;
}
StopListen();
ILO_0014:
m_isopen = 0;
m_attachedDevice = null;
if ((pcap_t != IntPtr.Zero) == 0)
{
goto ILO_004a;
}
dotnetWinpCap.pcap_close(pcap_t);
pcap_t = IntPtr.Zero;
ILO_004a:
return;
}
private void Dispose()
{
Dispose(1);
GC.SuppressFinalize(this);
return;
}
private void Dispose(bool disposing)
{
if (disposed != 0)
{
goto ILO_005a;
}
if (disposing == 0)
{
goto ILO_0032;
}
if (ListenThread == null)
{
goto ILO_0032;
}
if (ListenThread.IsAlive == 0)
{
goto ILO_002b;
}
ListenThread.Abort();
ILO_002b:
ListenThread = null;
ILO_0032:
if ((pcap_t != IntPtr.Zero) == 0)
{
goto ILO_005a;
}
dotnetWinpCap.pcap_close(pcap_t);
pcap_t = IntPtr.Zero;
ILO_005a:
disposed = 1;
return;
}
protected override void Finalize()
{
try
{
Dispose(0);
goto ILO_0010;
}
finally
{
base.Finalize();
}
ILO_0010:
return;
}
}
public class PacketHeader
{
public dotnetWinpCap.timeval ts;
private int caplen;
private int len;
public PacketHeader(dotnetWinpCap.timeval ts, int caplen, int len)
{
caplen = 0;
len = 0;
ts = ts;
caplen = caplen;
len = len;
return;
}
public PacketHeader()
{
caplen = 0;
len = 0;
return;
}
public virtual int Caplength
{
get
{
return caplen;
}
set
{
caplen = value;
return;
}
}
public virtual int Length
{
get
{
return len;
}
set
{
len = value;
return;
}
}
public virtual DateTime TimeStamp
{
get
{
DateTime dateTime;
DateTime dateTime1;
dateTime1 = new DateTime(1970, 1, 1);
dateTime = dateTime1.AddSeconds(((System.Double)(ts.tv_sec)));
dateTime.AddMilliseconds(((System.Double)(ts.tv_usec)));
return dateTime;
}
}
}
|
|
|
|
|
|
|
There are two bugs in the dotnetwinpcap:
- The timestamps are very inaccurate
- There is a bug freeing the resources in non LAN network cards (e.g.: wireless cards)
Any solutions posted here will be appreciated.
|
|
|
|
|
|
|
|
|
|
Hello,
I have a small problem when trying to upgrade this code to .net 2005.
Here is what I have, the problem is that I get exception in the line:
sockaddr = ((dotnetWinpCap.sockaddr)(Marshal.PtrToStructure((System.IntPtr)pcap_addr.addr, typeof(dotnetWinpCap.sockaddr))));
Does anyone know what is wrong with this upgrade ?
Thank you,
Ran
using System;
using System.Collections;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
public class Device
{
private string name;
private string description;
private string address;
private string netmask;
public Device()
{
name = null;
description = null;
address = null;
netmask = null;
return;
}
public virtual string Name
{
get
{
return name;
}
set
{
name = value;
return;
}
}
public virtual string Description
{
get
{
return description;
}
set
{
description = value;
return;
}
}
public virtual string Address
{
get
{
return address;
}
set
{
address = value;
return;
}
}
public virtual string Netmask
{
get
{
return netmask;
}
set
{
netmask = value;
return;
}
}
}
public class dotnetWinpCap
{
public class AlreadyOpenException : Exception
{
public AlreadyOpenException()
{
return;
}
public override string Message
{
get
{
return "Device attached to object already open. Close first before reopening";
}
}
}
delegate void packet_handler(int param, int header, int pkt_data);
public enum PCAP_NEXT_EX_STATE
{
SUCCESS = 1,
TIMEOUT = 0,
ERROR = -1,
EOF = -2,
UNKNOWN = -3,
}
public delegate void ReceivePacket(object sender, PacketHeader p, System.Byte[] s);
delegate void DumpEnded(object sender);
delegate void ReceivePacketInternal(object sender, int header, int data);
[StructLayout(LayoutKind.Sequential)]
public struct pcap_pkthdr
{
public dotnetWinpCap.timeval ts;
public UInt32 caplen;
public UInt32 len;
}
[StructLayout(LayoutKind.Sequential)]
public struct timeval
{
public UInt32 tv_sec;
public UInt32 tv_usec;
}
[StructLayout(LayoutKind.Sequential)]
private struct pcap_rmtauth
{
private int type;
private string username;
private string password;
}
[StructLayout(LayoutKind.Sequential)]
private struct in_addr
{
public char b1;
public char b2;
public char b3;
public char b4;
public UInt16 w1;
public UInt16 w2;
public UInt64 addr;
}
[StructLayout(LayoutKind.Sequential)]
private struct sockaddr
{
public short family;
public UInt16 port;
public byte[] addr;
public byte[] zero;
}
[StructLayout(LayoutKind.Sequential)]
private struct pcap_addr
{
public int next;
public int addr;
public int netmask;
public int broadaddr;
public int dstaddr;
}
[StructLayout(LayoutKind.Sequential)]
private struct pcap_if
{
public int next;
public string name;
public string description;
public int addresses;
public UInt32 flags;
}
private Thread ListenThread;
private bool disposed;
private dotnetWinpCap.packet_handler callback;
private string fname;
private int maxb;
private int maxp;
private bool m_islistening;
private bool m_isopen;
private string m_attachedDevice;
private int pcap_t;
private int dumper;
private StringBuilder errbuf;
public dotnetWinpCap()
{
ListenThread = null;
disposed = false;
callback = null;
fname = "";
maxb = 0;
maxp = 0;
m_islistening = false;
m_isopen = false;
m_attachedDevice = null;
pcap_t = 0;
dumper = 0;
errbuf = new StringBuilder(256);
return;
}
public virtual string AttachedDevice
{
get
{
return m_attachedDevice;
}
}
public virtual string LastError
{
get
{
return errbuf.ToString();
}
}
public virtual bool IsListening
{
get
{
return m_islistening;
}
}
public virtual bool IsOpen
{
get
{
return m_isopen;
}
}
public event dotnetWinpCap.ReceivePacket OnReceivePacket;
private event dotnetWinpCap.DumpEnded OnDumpEnded;
private event dotnetWinpCap.ReceivePacketInternal OnReceivePacketInternal;
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_findalldevs(ref int devicelist, StringBuilder errbuf);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_setbuff(int p, int kernelbufferbytes);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_live_dump(int p, string filename, int maxsize, int maxpacks);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_live_dump_ended(int p, int sync);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_dump_open(int p, string filename);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern void pcap_dump(int dumper, int h, int data);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern void pcap_dump_close(int dumper);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_sendpacket(int p, System.Byte[] buff, int size);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_loop(int p, int cnt, dotnetWinpCap.packet_handler callback, int user);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_open_live(string device, int snaplen, int promisc, int to_ms, StringBuilder ebuf);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern System.Byte[] pcap_next(int p, int pkt_header);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_setmintocopy(int p, int size);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern void pcap_freealldevs(int devicelist);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_open(string source, int snaplen, int flags, int read_timeout, int auth, StringBuilder errbuf);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_next_ex(int p, ref int pkt_header, ref int packetdata);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern void pcap_close(int p);
[DllImport("Kernel32", SetLastError=false)]
private static extern bool CloseHandle(int handle);
public static ArrayList FindAllDevs()
{
ArrayList arrayList;
dotnetWinpCap.pcap_if pcap_if;
int i;
StringBuilder stringBuilder;
int i1;
Device device;
dotnetWinpCap.pcap_addr pcap_addr;
dotnetWinpCap.sockaddr sockaddr;
dotnetWinpCap.sockaddr sockaddr1;
System.String[] arr;
arrayList = new ArrayList();
pcap_if.addresses = 0;
pcap_if.description = new StringBuilder().ToString();
pcap_if.flags = 0;
pcap_if.name = new StringBuilder().ToString();
pcap_if.next = 0;
i = 0;
stringBuilder = new StringBuilder(256);
i1 = 0;
if (dotnetWinpCap.pcap_findalldevs(ref i, stringBuilder) != -1)
{
goto ILO_006d;
}
return null;
ILO_006d:
i1 = i;
goto ILO_026f;
ILO_0075:
device = new Device();
arrayList.Add(device);
pcap_if = ((dotnetWinpCap.pcap_if)(Marshal.PtrToStructure((System.IntPtr) i, typeof(dotnetWinpCap.pcap_if))));
device.Name = pcap_if.name;
device.Description = pcap_if.description;
if (pcap_if.addresses == 0)
{
goto ILO_0267;
}
pcap_addr = ((dotnetWinpCap.pcap_addr)(Marshal.PtrToStructure((System.IntPtr)pcap_if.addresses, typeof(dotnetWinpCap.pcap_addr))));
if (pcap_addr.addr == 0)
{
goto ILO_01ab;
}
sockaddr = ((dotnetWinpCap.sockaddr)(Marshal.PtrToStructure((System.IntPtr)pcap_addr.addr, typeof(dotnetWinpCap.sockaddr))));
arr = new string[7];
arr[0] = sockaddr.addr[0].ToString();
arr[1] = ".";
arr[2] = sockaddr.addr[1].ToString();
arr[3] = ".";
arr[4] = sockaddr.addr[2].ToString();
arr[5] = ".";
arr[6] = sockaddr.addr[3].ToString();
device.Address = string.Concat(arr);
ILO_01ab:
if (pcap_addr.netmask == 0)
{
goto ILO_0267;
}
sockaddr1 = ((dotnetWinpCap.sockaddr)(Marshal.PtrToStructure((System.IntPtr)pcap_addr.netmask, typeof(dotnetWinpCap.sockaddr))));
arr = new string[7];
arr[0] = sockaddr1.addr[0].ToString();
arr[1] = ".";
arr[2] = sockaddr1.addr[1].ToString();
arr[3] = ".";
arr[4] = sockaddr1.addr[2].ToString();
arr[5] = ".";
arr[6] = sockaddr1.addr[3].ToString();
device.Netmask = string.Concat(arr);
ILO_0267:
i = pcap_if.next;
ILO_026f:
if (i != 0)
{
goto ILO_0075;
}
dotnetWinpCap.pcap_freealldevs(i1);
return arrayList;
}
public virtual bool Open(string source, int snaplen, int flags, int read_timeout)
{
if ((pcap_t != 0) == false)
{
goto ILO_0018;
}
throw new dotnetWinpCap.AlreadyOpenException();
ILO_0018:
pcap_t = dotnetWinpCap.pcap_open(source, snaplen, flags, read_timeout, 0, errbuf);
if (pcap_t == 0)
{
goto ILO_0050;
}
m_isopen = true;
m_attachedDevice = source;
return true;
ILO_0050:
m_isopen = false;
m_attachedDevice = null;
return false;
}
private void Loop()
{
int i;
callback = new dotnetWinpCap.packet_handler(this.LoopCallback);
i = 0;
new HandleRef(callback, (System.IntPtr) i);
dotnetWinpCap.pcap_loop(pcap_t, 0, callback, 0);
return;
}
private void LoopCallback(int param, int header, int pkt_data)
{
dotnetWinpCap.pcap_pkthdr pcap_pkthdr;
System.Byte[] arr;
Marshal.PtrToStringAnsi((System.IntPtr)param);
pcap_pkthdr = ((dotnetWinpCap.pcap_pkthdr)(Marshal.PtrToStructure((System.IntPtr)header, typeof(dotnetWinpCap.pcap_pkthdr))));
arr = new Byte[pcap_pkthdr.caplen];
Marshal.Copy((System.IntPtr) pkt_data, arr, 0, (int)pcap_pkthdr.caplen);
Marshal.PtrToStringAnsi((System.IntPtr)pkt_data);
return;
}
private bool OpenLive(string source, int snaplen, int promisc, int to_ms)
{
pcap_t = dotnetWinpCap.pcap_open_live(source, snaplen, promisc, to_ms, errbuf);
if (pcap_t == 0)
{
goto ILO_0025;
}
return true;
ILO_0025:
return false;
}
private dotnetWinpCap.PCAP_NEXT_EX_STATE ReadNextInternal(out PacketHeader p, out System.Byte[] packet_data, out int pkthdr, out int pktdata)
{
int i;
dotnetWinpCap.pcap_pkthdr pcap_pkthdr;
pkthdr = 0;
pktdata = 0;
p = null;
packet_data = null;
if (pcap_t != 0)
{
goto ILO_003c;
}
errbuf = new StringBuilder("No adapter is currently open");
return PCAP_NEXT_EX_STATE.ERROR;
ILO_003c:
i = dotnetWinpCap.pcap_next_ex(pcap_t, ref pkthdr, ref pktdata);
if (i != 0)
{
goto ILO_0050;
}
return 0;
ILO_0050:
if (i != 1)
{
goto ILO_00cc;
}
pcap_pkthdr = ((dotnetWinpCap.pcap_pkthdr)(Marshal.PtrToStructure((System.IntPtr) pkthdr, typeof(dotnetWinpCap.pcap_pkthdr))));
p = new PacketHeader();
p.Caplength = (int)pcap_pkthdr.caplen;
p.Length = (int)pcap_pkthdr.len;
p.ts = pcap_pkthdr.ts;
packet_data = new Byte[((System.UInt32)(p.Length))];
Marshal.Copy((System.IntPtr)pktdata, packet_data, 0, p.Length);
return PCAP_NEXT_EX_STATE.SUCCESS;
ILO_00cc:
if (i != -1)
{
goto ILO_00d2;
}
return PCAP_NEXT_EX_STATE.ERROR;
ILO_00d2:
if (i != -2)
{
goto ILO_00da;
}
return PCAP_NEXT_EX_STATE.EOF;
ILO_00da:
return PCAP_NEXT_EX_STATE.UNKNOWN;
}
public virtual dotnetWinpCap.PCAP_NEXT_EX_STATE ReadNextInternal(out PacketHeader p, out System.Byte[] packet_data)
{
int i;
return ReadNextInternal(out p, out packet_data, out i, out i);
}
public virtual bool SendPacket(System.Byte[] packet_data)
{
int i;
i = dotnetWinpCap.pcap_sendpacket(pcap_t, packet_data, packet_data.Length);
if (i != 0)
{
goto ILO_0015;
}
return true;
ILO_0015:
return false;
}
private void MonitorDump()
{
if (dotnetWinpCap.pcap_live_dump_ended(pcap_t, 1) == 0)
{
goto ILO_0022;
}
if (OnDumpEnded == null)
{
goto ILO_0022;
}
OnDumpEnded.Invoke(this);
ILO_0022:
return;
}
private void DumpPacket(object sender, int header, int data)
{
if ((dumper != 0) == false)
{
goto ILO_001f;
}
dotnetWinpCap.pcap_dump(dumper, header, data);
ILO_001f:
return;
}
public virtual void StopDump()
{
dotnetWinpCap dotnetWinpCap;
dotnetWinpCap = this;
dotnetWinpCap.OnReceivePacketInternal = (Delegate.Remove(dotnetWinpCap.OnReceivePacketInternal, new dotnetWinpCap.ReceivePacketInternal(this.DumpPacket)) as dotnetWinpCap.ReceivePacketInternal);
if ((dumper != 0) == false)
{
goto ILO_004a;
}
dotnetWinpCap.pcap_dump_close(dumper);
dumper = 0;
ILO_004a:
return;
}
public virtual bool StartDump(string filename)
{
bool bl;
dotnetWinpCap dotnetWinpCap;
if ((pcap_t != 0) == false)
{
goto ILO_004f;
}
try
{
dumper = dotnetWinpCap.pcap_dump_open(pcap_t, filename);
goto ILO_002b;
}
catch (System.Exception obj)
{
//obj;
bl = false;
goto ILO_0051;
}
ILO_002b:
dotnetWinpCap = this;
dotnetWinpCap.OnReceivePacketInternal = (Delegate.Combine(dotnetWinpCap.OnReceivePacketInternal, new dotnetWinpCap.ReceivePacketInternal(this.DumpPacket)) as dotnetWinpCap.ReceivePacketInternal);
return true;
ILO_004f:
return false;
ILO_0051:
return bl;
}
private bool StartLiveDump(string filename, int maxbytes, int maxpackets)
{
fname = filename;
maxb = maxbytes;
maxp = maxpackets;
if (dotnetWinpCap.pcap_live_dump(pcap_t, fname, maxb, maxp) != 0)
{
goto ILO_0048;
}
new Thread(new ThreadStart(this.MonitorDump));
return true;
ILO_0048:
return false;
}
public virtual int SetMinToCopy(int size)
{
if (dotnetWinpCap.pcap_setmintocopy(pcap_t, size) != 0)
{
goto ILO_0010;
}
return 1;
ILO_0010:
return 0;
}
private void ReadNextLoop()
{
PacketHeader packetHeader;
System.Byte[] arr;
int i;
int i1;
dotnetWinpCap.PCAP_NEXT_EX_STATE pCAP_NEXT_EX_STATE;
ILO_0000:
packetHeader = null;
arr = null;
pCAP_NEXT_EX_STATE = ReadNextInternal(out packetHeader, out arr, out i, out i1);
if (pCAP_NEXT_EX_STATE != PCAP_NEXT_EX_STATE.SUCCESS)
{
goto ILO_0000;
}
if (OnReceivePacket == null)
{
goto ILO_002f;
}
OnReceivePacket.Invoke(this, packetHeader, arr);
ILO_002f:
if (OnReceivePacketInternal == null)
{
goto ILO_0000;
}
OnReceivePacketInternal.Invoke(this, i, i1);
goto ILO_0000;
}
public virtual bool SetKernelBuffer(int bytes)
{
if (dotnetWinpCap.pcap_setbuff(pcap_t, bytes) == 0)
{
goto ILO_0010;
}
return false;
ILO_0010:
return true;
}
public virtual void StartListen()
{
if (ListenThread == null)
{
goto ILO_0013;
}
ListenThread.Abort();
ILO_0013:
ListenThread = new Thread(new ThreadStart(this.ReadNextLoop));
ListenThread.Start();
m_islistening = true;
return;
}
public virtual void StopListen()
{
if (ListenThread == null)
{
goto ILO_0027;
}
if (ListenThread.IsAlive == false)
{
goto ILO_0020;
}
ListenThread.Abort();
ILO_0020:
ListenThread = null;
ILO_0027:
m_islistening = false;
return;
}
public virtual void Close()
{
StopDump();
if (IsListening == false)
{
goto ILO_0014;
}
StopListen();
ILO_0014:
m_isopen = false;
m_attachedDevice = null;
if ((pcap_t != 0) == false)
{
goto ILO_004a;
}
dotnetWinpCap.pcap_close(pcap_t);
pcap_t = 0;
ILO_004a:
return;
}
private void Dispose()
{
Dispose(true);
GC.SuppressFinalize(this);
return;
}
private void Dispose(bool disposing)
{
if (disposed != false)
{
goto ILO_005a;
}
if (disposing == false)
{
goto ILO_0032;
}
if (ListenThread == null)
{
goto ILO_0032;
}
if (ListenThread.IsAlive == false)
{
goto ILO_002b;
}
ListenThread.Abort();
ILO_002b:
ListenThread = null;
ILO_0032:
if ((pcap_t != 0) == false)
{
goto ILO_005a;
}
dotnetWinpCap.pcap_close(pcap_t);
pcap_t = 0;
ILO_005a:
disposed = true;
return;
}
~dotnetWinpCap()
{
try
{
Dispose(false);
goto ILO_0010;
}
finally
{
// base.Finalize();
}
ILO_0010:
return;
}
}
public class PacketHeader
{
public dotnetWinpCap.timeval ts;
private int caplen;
private int len;
public PacketHeader(dotnetWinpCap.timeval ts, int caplen, int len)
{
caplen = 0;
len = 0;
ts = ts;
caplen = caplen;
len = len;
return;
}
public PacketHeader()
{
caplen = 0;
len = 0;
return;
}
public virtual int Caplength
{
get
{
return caplen;
}
set
{
caplen = value;
return;
}
}
public virtual int Length
{
get
{
return len;
}
set
{
len = value;
return;
}
}
public virtual DateTime TimeStamp
{
get
{
DateTime dateTime;
DateTime dateTime1;
dateTime1 = new DateTime(1970, 1, 1);
dateTime = dateTime1.AddSeconds(((System.Double)(ts.tv_sec)));
dateTime.AddMilliseconds(((System.Double)(ts.tv_usec)));
return dateTime;
}
}
}
|
|
|
|
|
|
|
I'm developing a winPCap services, I need to implement it with dotnetwinpcap.dll or I could use wpcap.dll and packet.dll? I use Visual Studio.net 2003.
Thanks
Alessandro
|
|
|
|
|
|
|
Hi! and congratulations,
I am doing a project in the university and I am looking for a library to dissect IP packets in c#. I know there is something similar in Perl using
use NetPacket::Ethernet;
use NetPacket::IP;
Do you know any library to do something like that ?
thank you
|
|
|
|
|
|
|
hi everybody!
first of all sorry for my english!
i want to write a simple NIDS(Network Intrusion Detection System).
i have many problem.
1- how to capture packet and save in sql database.
how to seperate each type of packet(tcp,icmp,ip,...)
2- how to write rule with dotnet?
|
|
|
|
|
|
|
Hi,
Will you continue to work on this project or is it dead now?
narf!
|
|
|
|
|
|
|
actually I was going to ask the same question. What's the verdict man?
|
|
|
|
|
|
|
I'm writing a small app with a network statistics component that I'd like to use dotnetwinpcap for. Is that OK? It looks like the author hasn't posted in a while so if anyone else has gotten a response from him on a similar question, please respond.
|
|
|
|
|
|
|
Never mind about my last question, I figured it out.
I am curious about why this wrapper doesn't get the milliseconds in the timestamp. I'm not sure about the rest of the world, but I see more than 1 packet a second....
Any ideas how I can more accurately get the time of each packet?
~Liron
|
|
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Rant 
Admin