Click here to Skip to main content
11,486,023 members (77,295 online)
Click here to Skip to main content

Packet Sniffing with Winpcap Functions Ported to a .NET Library

, 25 Mar 2009 GPL3 382.5K 11.5K 140
Rate this:
Please Sign up or sign in to vote.
Using Winpcap functions in the .NET Framework
Sample Image - dotnetwinpcap.jpg

Introduction

Winpcap has been the de facto library in packet capture applications, but the problem is that it is only natively available for C++ and C.

This is an attempt to port some of the crucial Winpcap functions for the .NET environment. The demonstration project here is written in C#.

First of all, you need to install Winpcap from winpcap's Web site and then extract the project zip file. Be sure to reference dotnetwinpcap.dll in the project if not already so.

Methods Available

  • static ArrayList FindAllDevs()

    Returns an ArrayList of Device objects, each describing an Ethernet interface on the system.

  • bool Open(string source, int snaplen, int flags, int read_timeout)

    Opens an Ethernet interface with source as the name of the interface obtained from a Device object, snaplen is the max number of bytes to be captured from each packet, flags=1 means promiscuous mode, read_timeout is the blocking time of ReadNext before it returns.

  • PCAP_NEXT_EX_STATE ReadNext( out PacketHeader p, out byte[] packet_data)

    Reads a next packet and return the packet details (size and timestamp) to object p, and packet raw data in packet_data (array of bytes).

  • void StopDump()

    Stops dumping of capture data to a file.

  • bool StartDump(string filename) 

    Starts dumping of capture data to a file.

  • bool SetMinToCopy(int size)

    Sets the minimum number of bytes required to be received by the driver before OnReceivePacket fires. Lowering this can increase response time, but increases system calls which lowers program efficiency.

  • bool SetKernelBuffer(int bytes)

    Sets the number of bytes in the driver kernel buffer for packet capture. Increase this to avoid packet loss and improve performance. Default is 1 MB.

  • void StartListen()

    Starts listening for packets.

  • void StopListen()

    Stops listening for packets.

  • void Close()

    Stops all operations and releases all resources.

  • bool SendPacket(byte[] rawdata)

    Sends bytes contained in rawdata over the wire. The ethernet checksum will be automatically added prior to sending the packet. Returns true if send is successful, false otherwise.

Properties

  • bool IsListening

    true if the dotnetWinpcap object is listening, false otherwise.

  • string LastError

    Returns the last error encountered by the library, if any.

Event Support

delegate void ReceivePacket (object sender, PacketHeader p, byte[] s);
event ReceivePacket OnReceivePacket;

Once StartListen() is called, OnReceivePacket will start to fire on every packet encountered, until StopListen() is called, or Close() is called.

Delegate objects of the above signature may be attached to the OnReceivePacket event to receive notification and perform further processing, as demonstrated in the demo source code.

History

  • 28th May, 2003: Initial post
  • 25th Aug 2003 - Updated source code
  • 28th June, 2008: Updated source code
  • 24th March, 2009: Updated source code to include client code as requested by Ashin

License

This article, along with any associated source code and files, is licensed under The GNU General Public License (GPLv3)

Share

About the Author

Victor Tan

Australia Australia
No Biography provided

Comments and Discussions

 
QuestionHow the source code works in visualstudio2012 Pin
Member 1123070212-Feb-15 20:31
memberMember 1123070212-Feb-15 20:31 
GeneralMy vote of 5 Pin
Miklo B27-Oct-14 12:44
memberMiklo B27-Oct-14 12:44 
QuestionNeed help to Show the Dump in RichTextBox instead of File Pin
Miklo B27-Oct-14 12:43
memberMiklo B27-Oct-14 12:43 
QuestionAdding packet filtering [modified] Pin
Chris00319-Jun-12 9:22
memberChris00319-Jun-12 9:22 
QuestionAccessViolationException Pin
Member 864901414-Jun-12 1:48
memberMember 864901414-Jun-12 1:48 
GeneralCross threading Pin
Oj500025-May-11 5:48
memberOj500025-May-11 5:48 
Encountered an exception in ReceivePacket(object sender, PacketHeader p, byte[] s). Changed to this:

private void ReceivePacket(object sender, PacketHeader p, byte[] s)
{
this.pack_count++;

if (rtb.InvokeRequired)
{
rtb.Invoke(new MethodInvoker(delegate
{
rtb.AppendText("Content of p : \n");
rtb.AppendText(" Caplength: " + p.Caplength + "\n");
rtb.AppendText(" Length : " + p.Length + "\n");
rtb.AppendText(" Timestamp: " + (p.TimeStamp) + "\n");
labPacketCnt.Text = Convert.ToString(this.pack_count);
}));
}

}
Generalhelp to convert to C++/CLI Pin
miki itz clutch18-Feb-11 2:54
membermiki itz clutch18-Feb-11 2:54 
GeneralPcap.Net - a full WinPcap .NET wrapper Pin
brickner26-Feb-10 7:17
memberbrickner26-Feb-10 7:17 
GeneralThanks!! Pin
yuriyag4-Feb-11 0:00
memberyuriyag4-Feb-11 0:00 
GeneralWinCe Pin
MPH195621-Feb-10 1:12
memberMPH195621-Feb-10 1:12 
GeneralWinCE Pin
MPH195621-Feb-10 1:10
memberMPH195621-Feb-10 1:10 
GeneralC# Sample-Project dont works with c# 2008 Pin
eightbitwitch4-Feb-10 13:41
membereightbitwitch4-Feb-10 13:41 
GeneralRe: C# Sample-Project dont works with c# 2008 Pin
Member 643011-May-10 6:09
memberMember 643011-May-10 6:09 
AnswerRe: C# Sample-Project dont works with c# 2008 Pin
boblogan9-Sep-10 5:11
memberboblogan9-Sep-10 5:11 
GeneralGet all Packet, inclusive Packets with Set FIN-Flag Pin
eightbitwitch4-Feb-10 8:17
membereightbitwitch4-Feb-10 8:17 
GeneralSendPacket are not public - Not acces from VB9 Pin
eightbitwitch4-Feb-10 8:11
membereightbitwitch4-Feb-10 8:11 
GeneralChanges required to run on Vista 64 in Visual Studio 2008 Pin
Umopepisdn5-Jan-10 0:43
memberUmopepisdn5-Jan-10 0:43 
Generalthanks Pin
791671158-Sep-09 23:28
member791671158-Sep-09 23:28 
General??? please help Pin
Jordan Wis15-Aug-09 17:28
memberJordan Wis15-Aug-09 17:28 
GeneralMy vote of 1 Pin
legion_9-Jul-09 11:44
memberlegion_9-Jul-09 11:44 
Generalcraft packet Pin
Unruled Boy1-Jan-09 16:37
memberUnruled Boy1-Jan-09 16:37 
GeneralFull source uploaded Pin
Victor Tan28-Jun-08 8:25
memberVictor Tan28-Jun-08 8:25 
GeneralRe: Full source uploaded Pin
Anil Maurya24-Oct-08 4:45
memberAnil Maurya24-Oct-08 4:45 
GeneralRe: Full source uploaded Pin
Victor Tan24-Oct-08 5:30
memberVictor Tan24-Oct-08 5:30 
QuestionDecoding packets Pin
TariqHussain2-Jan-08 0:13
memberTariqHussain2-Jan-08 0:13 
QuestionIs it possible to develop a packet sniffer with out WinPcap? Pin
Diana Fernandez13-Nov-07 0:30
memberDiana Fernandez13-Nov-07 0:30 
AnswerRe: Is it possible to develop a packet sniffer with out WinPcap? Pin
wurzel_cidermaker28-Jun-08 7:58
memberwurzel_cidermaker28-Jun-08 7:58 
Questionexample for VB.NET 2005 ? Pin
tecnicosht19-Jun-07 6:03
membertecnicosht19-Jun-07 6:03 
Questionupgrade to .net 2005 ? Pin
ranchu panchu11-Jun-07 10:50
memberranchu panchu11-Jun-07 10:50 
AnswerRe: upgrade to .net 2005 ? Pin
ranchu panchu17-Jun-07 20:13
memberranchu panchu17-Jun-07 20:13 
GeneralRe: upgrade to .net 2005 ? Pin
cooke12313-Nov-07 21:36
membercooke12313-Nov-07 21:36 
QuestionUrgent:winpcap with realbasic? Pin
infantilo28-Nov-06 10:10
memberinfantilo28-Nov-06 10:10 
Questionget the content? Pin
dennis02061-Nov-06 3:33
memberdennis02061-Nov-06 3:33 
AnswerRe: get the content? Pin
dennis02061-Nov-06 4:51
memberdennis02061-Nov-06 4:51 
Generalread a file.acp Pin
DanieleBianchi21-Sep-06 6:55
memberDanieleBianchi21-Sep-06 6:55 
QuestionHow to get the payload of packet Pin
Amol pathak17-Sep-06 21:16
memberAmol pathak17-Sep-06 21:16 
QuestionI need codes in JAVA in order to read, save and use Packets captured from VoIP traffic?? (UDP) Pin
andre_toro9-Aug-06 10:28
memberandre_toro9-Aug-06 10:28 
Questiondotnetwinpcap.dll ??? Pin
pgr_home2-Aug-06 10:08
memberpgr_home2-Aug-06 10:08 
GeneralNo packet data! Pin
Lady-green27-May-06 22:52
memberLady-green27-May-06 22:52 
GeneralRe: No packet data! Pin
speedofspin19-Jul-06 6:31
memberspeedofspin19-Jul-06 6:31 
GeneralMore detail on needed changes in order to capture all of the traffic Pin
mobiledeveloper57-Jan-10 17:10
membermobiledeveloper57-Jan-10 17:10 
GeneralDo Not Decompile Pin
punkbuster9-Feb-06 7:06
memberpunkbuster9-Feb-06 7:06 
GeneralAssembling packets Pin
vetris11131-Jan-06 22:16
membervetris11131-Jan-06 22:16 
GeneralUpdated Version Pin
Shawn M Lewis24-Nov-05 16:12
memberShawn M Lewis24-Nov-05 16:12 
GeneralRe: Updated Version Pin
djaxl24-Jan-06 11:16
memberdjaxl24-Jan-06 11:16 
GeneralMail me the source code pls Pin
nunomag28-Oct-05 21:07
membernunomag28-Oct-05 21:07 
GeneralRe: Mail me the source code pls Pin
Hamid Qureshi30-Oct-05 17:59
memberHamid Qureshi30-Oct-05 17:59 
GeneralRe: Mail me the source code pls Pin
djaxl24-Jan-06 11:14
memberdjaxl24-Jan-06 11:14 
GeneralRe: Mail me the source code pls Pin
nunomag25-Jan-06 0:35
membernunomag25-Jan-06 0:35 
GeneralRe: Mail me the source code pls Pin
punkbuster6-Feb-06 12:55
memberpunkbuster6-Feb-06 12:55 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Terms of Use | Mobile
Web01 | 2.8.150520.1 | Last Updated 25 Mar 2009
Article Copyright 2003 by Victor Tan
Everything else Copyright © CodeProject, 1999-2015
Layout: fixed | fluid