Packet Sniffing with Winpcap Functions Ported to a .NET Library

Announcements

	Try Azure, Win a Laptop
	Build a VS2010 addin win a Zune
	Monthly Competition

The Daily Insider

1024-bit RSA encryption cracked by carefully starving CPU of electricity

Daily IT news: Signup now.

Articles

Platforms, Frameworks & Libraries

Languages

General Programming

Graphics / Design

Development Lifecycle

Services

CodeProject VS2008 Addin

Feature Zones

Product Showcase

WhitePapers / Webcasts

.NET Dev Library

ASP.NET Web Hosting

Advanced Search
Add to IE Search

Print Friendly

Discuss

Report

43 votes for this article.

Popularity: 7.04 Rating: 4.31 out of 5

Download source files - 36.75 KB

Introduction

Winpcap has been the de facto library in packet capture applications, but the problem is that it is only natively available for C++ and C.

This is an attempt to port some of the crucial Winpcap functions for the .NET environment. The demonstration project here is written in C#.

First of all, you need to install Winpcap from winpcap's Web site and then extract the project zip file. Be sure to reference dotnetwinpcap.dll in the project if not already so.

Methods Available

```
static ArrayList FindAllDevs()
```
Returns an ArrayList of Device objects, each describing an Ethernet interface on the system.
```
bool Open(string source, int snaplen, int flags, int read_timeout)
```
Opens an Ethernet interface with source as the name of the interface obtained from a Device object, snaplen is the max number of bytes to be captured from each packet, flags=1 means promiscuous mode, read_timeout is the blocking time of ReadNext before it returns.
```
PCAP_NEXT_EX_STATE ReadNext( out PacketHeader p, out byte[] packet_data)
```
Reads a next packet and return the packet details (size and timestamp) to object p, and packet raw data in packet_data (array of bytes).
```
void StopDump()
```
Stops dumping of capture data to a file.
```
bool StartDump(string filename) 
```
Starts dumping of capture data to a file.
```
bool SetMinToCopy(int size)
```
Sets the minimum number of bytes required to be received by the driver before OnReceivePacket fires. Lowering this can increase response time, but increases system calls which lowers program efficiency.
```
bool SetKernelBuffer(int bytes)
```
Sets the number of bytes in the driver kernel buffer for packet capture. Increase this to avoid packet loss and improve performance. Default is 1 MB.
```
void StartListen()
```
Starts listening for packets.
```
void StopListen()
```
Stops listening for packets.
```
void Close()
```
Stops all operations and releases all resources.
```
bool SendPacket(byte[] rawdata)
```
Sends bytes contained in rawdata over the wire. The ethernet checksum will be automatically added prior to sending the packet. Returns true if send is successful, false otherwise.

Properties

```
bool IsListening
```
true if the dotnetWinpcap object is listening, false otherwise.
```
string LastError
```
Returns the last error encountered by the library, if any.

Event Support

delegate void ReceivePacket (object sender, PacketHeader p, byte[] s);
event ReceivePacket OnReceivePacket;

Once StartListen() is called, OnReceivePacket will start to fire on every packet encountered, until StopListen() is called, or Close() is called.

Delegate objects of the above signature may be attached to the OnReceivePacket event to receive notification and perform further processing, as demonstrated in the demo source code.

History

28^th May, 2003: Initial post
25^th Aug 2003 - Updated source code
28^th June, 2008: Updated source code
24^th March, 2009: Updated source code to include client code as requested by Ashin

License

This article, along with any associated source code and files, is licensed under The GNU General Public License (GPL)

About the Author

Victor Tan

Member

Location:

Australia

Other popular Internet / Network articles:

MyDownloader: A Multi-thread C# Segmented Download Manager
Sample application that manages multiple segmented downloads and supports HTTP, FTP and YouTube video downloads
An Asynchronous Socket Server and Client
An asynchronous socket server and client with encryption and compression.
Network Development Kit 2.0
Network Development Kit is a set of simple classes for a client-server architecture.
An FTP client library for .NET 2.0
Provides a useful wrapper to the FtpRequest in .NET 2.0.
Developing Firewalls for Windows 2000/XP
An article about developing Firewalls for Windows 2000/XP

Article Top

You must Sign In to use this message board.

FAQ
Noise Tolerance Layout Per page

Pcap.Net - a full WinPcap .NET wrapper

brickner

7:17 26 Feb '10

Nice article,

If you want to use WinPcap in C#, a simple way to go is to use Pcap.Net.
http://pcapdotnet.codeplex.com
It's a full wrapper (with full features) to WinPcap with open source.
It also gives you the ability to build different packets and fully interpret packets in C#.
It is written in C++/CLI, which has much better performance than the InteropServices used in the example code given here.

I hope you'll find it useful.

Boaz.

WinCe

MPH1956

1:12 21 Feb '10

Sorry for thetypoes ! Make that 'sniffing' and 'device' ! Thanks
Sign In·View Thread·PermaLink

WinCE

MPH1956

1:10 21 Feb '10

I'd like to use this type of app to do some packet snbiffing on a WinCe devcei - does anyone have any experience of that please ? Thanks in advance !
Sign In·View Thread·PermaLink

C# Sample-Project dont works with c# 2008

eightbitwitch

13:41 4 Feb '10

In Form1.cs

		private  void ReceivePacket(object sender, PacketHeader p, byte[] s) 
		
		{
			this.pack_count++;
			rtb.Focus();
			rtb.AppendText("Content of p : \n");
			rtb.AppendText("	Caplength: "+p.Caplength+"\n");
			rtb.AppendText("	Length   : "+p.Length+"\n");
			rtb.AppendText("	Timestamp: "+ (p.TimeStamp)+"\n");
			labPacketCnt.Text=Convert.ToString(this.pack_count);

		}

On Line "rtb.Focus();" come an Runtime-Error "InvalidOperationError" by cross-Thread-Access an an Forms.Control

Please, can anybody fix this Problem? I have not C# expriences, so that i cant it self.

Regards,
Valerie

Get all Packet, inclusive Packets with Set FIN-Flag

eightbitwitch

8:17 4 Feb '10

Hello, i must recognize, when a connection close by the Server. I would to it, by look at the FIN-Flag in the TCP-Header. But i only can receive the packets with Payload, and never the packets with the set FIN-Flag. Application like Etherdetect, that also based on winpcap, display me this packets. What going wrong, what is my mistake? Regards from germany, Valerie
Sign In·View Thread·PermaLink

SendPacket are not public - Not acces from VB9

eightbitwitch

8:11 4 Feb '10

Hello, i would do send packets over dotnetwinpcap/winpcap, but i can't access the method from VB9 (VB.net). I dont have any expriences in C# (oder over C-Famliy languages) and so i can n ot modofy the source for my wishes. Can anybody help? regards, Valerie (Sorry for my bad english, i'm from germany)
Sign In·View Thread·PermaLink

Changes required to run on Vista 64 in Visual Studio 2008

Umopepisdn

0:43 5 Jan '10

In order to get this going on Vista 64 and Visual Studio 2008 with the latest .Net, I had to make a few changes to the project and code.

First, dotnetWinpCap.FindAllDevs() was throwing an exception due to inability to find a 64-bit winpcap on my system. Changing all projects to build x86 only resolved this issue.

Then, ReceivePacket() complained that the form controls were being accessed from another thread. I resolved it by changing ReceivePacket():

private  void ReceivePacket(object sender, PacketHeader p, byte[] s) 
		{
            this.pack_count++;
            this.BeginInvoke(new MethodInvoker(delegate()
            {
			    rtb.Focus();
			    rtb.AppendText("Content of p : \n");
			    rtb.AppendText("	Caplength: "+p.Caplength+"\n");
			    rtb.AppendText("	Length   : "+p.Length+"\n");
			    rtb.AppendText("	Timestamp: "+ (p.TimeStamp)+"\n");
                labPacketCnt.Text = Convert.ToString(this.pack_count);
            }));
		}

Hope this helps someone.
-Umo

thanks

79167115

23:28 8 Sep '09

Thanks，your article has helped me so much!I am a software fan,I am very like your article,though I am chinese.my site the firejay welcome you.
Sign In·View Thread·PermaLink

??? please help

Jordan Wis

17:28 15 Aug '09

can someone teach me how to use this?? get back to me please soccerboy_24@charter.net thanks
Sign In·View Thread·PermaLink

My vote of 1

legion_

11:44 9 Jul '09

hui
Sign In·View Thread·PermaLink	1.00/5 (1 vote)

craft packet

Unruled Boy

16:37 1 Jan '09

can we craft a packet before it sends? let's say we change the content/ip/port etc. Regards, unruledboy_at_gmail_dot_com http://www.xnlab.com
Sign In·View Thread·PermaLink

Full source uploaded

Victor Tan

8:25 28 Jun '08

Updated the package with full source code.
Sign In·View Thread·PermaLink	2.20/5 (5 votes)

Re: Full source uploaded

Anil Maurya

4:45 24 Oct '08

It does not capture packet for WiFi Adapter? How we can do this?
Sign In·View Thread·PermaLink

Re: Full source uploaded

Victor Tan

5:30 24 Oct '08

For wifi captures, you need to set promiscuous mode to off. You can modify the source code to achieve that.
Sign In·View Thread·PermaLink	2.00/5 (1 vote)

Decoding packets

TariqHussain

0:13 2 Jan '08

hi , i wpuld like to know how to decode packets using winpcap in ur project . plz reply me as soon as possible Thankx.
Sign In·View Thread·PermaLink	1.00/5 (1 vote)

Is it possible to develop a packet sniffer with out WinPcap?

Diana Fernandez

0:30 13 Nov '07

Hi I have to develop a Network Sniffer using c#. I'm very new to network programming. Is it necessary that I've to make use of WinPcap? Does .Net provide all the functionalities of WinPcap? Regards, Diana.
Sign In·View Thread·PermaLink	2.33/5 (3 votes)

Re: Is it possible to develop a packet sniffer with out WinPcap?

wurzel_cidermaker

7:58 28 Jun '08

http://www.codeproject.com/KB/IP/CSNetworkSniffer.aspx
Sign In·View Thread·PermaLink

example for VB.NET 2005 ?

tecnicosht

6:03 19 Jun '07

Anyone have a example of packet capture in VB.NET 2005 ? Help me please. A lot of thanks.
Sign In·View Thread·PermaLink	2.00/5 (6 votes)

upgrade to .net 2005 ?

ranchu panchu

10:50 11 Jun '07

Hello, I have tried to upgrade the code to .net 2005, but I have an exception which I did not overcome. Is there anyone here who upgrade the implementation, and can send it here ? Thank you !
Sign In·View Thread·PermaLink	3.00/5 (2 votes)

Re: upgrade to .net 2005 ?

ranchu panchu

20:13 17 Jun '07

Here is what I have, the problem is that I get exception in the line:
sockaddr = ((dotnetWinpCap.sockaddr)(Marshal.PtrToStructure((System.IntPtr)pcap_addr.addr, typeof(dotnetWinpCap.sockaddr))));
Does anyone know what is wrong with this upgrade ?

using System;
using System.Collections;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;

public class Device
{
private string name;
private string description;
private string address;
private string netmask;

public Device()
{
name = null;
description = null;
address = null;
netmask = null;
return;
}
public virtual string Name
{
get
{
return name;
}
set
{
name = value;
return;
}
}
public virtual string Description
{
get
{
return description;
}
set
{
description = value;
return;
}
}
public virtual string Address
{
get
{
return address;
}
set
{
address = value;
return;
}
}
public virtual string Netmask
{
get
{
return netmask;
}
set
{
netmask = value;
return;
}
}
}
public class dotnetWinpCap
{

public class AlreadyOpenException : Exception
{
public AlreadyOpenException()
{
return;
}
public override string Message
{
get
{
return "Device attached to object already open. Close first before reopening";
}
}
}
delegate void packet_handler(int param, int header, int pkt_data);
public enum PCAP_NEXT_EX_STATE
{
SUCCESS = 1,
TIMEOUT = 0,
ERROR = -1,
EOF = -2,
UNKNOWN = -3,
}
public delegate void ReceivePacket(object sender, PacketHeader p, System.Byte[] s);
delegate void DumpEnded(object sender);
delegate void ReceivePacketInternal(object sender, int header, int data);
[StructLayout(LayoutKind.Sequential)]
public struct pcap_pkthdr
{
public dotnetWinpCap.timeval ts;
public UInt32 caplen;
public UInt32 len;
}

[StructLayout(LayoutKind.Sequential)]
public struct timeval
{
public UInt32 tv_sec;
public UInt32 tv_usec;
}

[StructLayout(LayoutKind.Sequential)]
private struct pcap_rmtauth
{
private int type;
private string username;
private string password;
}

[StructLayout(LayoutKind.Sequential)]
private struct in_addr
{
public char b1;
public char b2;
public char b3;
public char b4;
public UInt16 w1;
public UInt16 w2;
public UInt64 addr;
}

[StructLayout(LayoutKind.Sequential)]
private struct sockaddr
{
public short family;
public UInt16 port;
public byte[] addr;
public byte[] zero;
}

[StructLayout(LayoutKind.Sequential)]
private struct pcap_addr
{
public int next;
public int addr;
public int netmask;
public int broadaddr;
public int dstaddr;
}

[StructLayout(LayoutKind.Sequential)]
private struct pcap_if
{
public int next;
public string name;
public string description;
public int addresses;
public UInt32 flags;
}
private Thread ListenThread;
private bool disposed;
private dotnetWinpCap.packet_handler callback;
private string fname;
private int maxb;
private int maxp;
private bool m_islistening;
private bool m_isopen;
private string m_attachedDevice;
private int pcap_t;
private int dumper;
private StringBuilder errbuf;

public dotnetWinpCap()
{
ListenThread = null;
disposed = false;
callback = null;
fname = "";
maxb = 0;
maxp = 0;
m_islistening = false;
m_isopen = false;
m_attachedDevice = null;
pcap_t = 0;
dumper = 0;
errbuf = new StringBuilder(256);
return;
}
public virtual string AttachedDevice
{
get
{
return m_attachedDevice;
}
}

public virtual string LastError
{
get
{
return errbuf.ToString();
}
}
public virtual bool IsListening
{
get
{
return m_islistening;
}
}
public virtual bool IsOpen
{
get
{
return m_isopen;
}
}
public event dotnetWinpCap.ReceivePacket OnReceivePacket;
private event dotnetWinpCap.DumpEnded OnDumpEnded;
private event dotnetWinpCap.ReceivePacketInternal OnReceivePacketInternal;
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_findalldevs(ref int devicelist, StringBuilder errbuf);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_setbuff(int p, int kernelbufferbytes);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_live_dump(int p, string filename, int maxsize, int maxpacks);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_live_dump_ended(int p, int sync);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_dump_open(int p, string filename);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern void pcap_dump(int dumper, int h, int data);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern void pcap_dump_close(int dumper);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_sendpacket(int p, System.Byte[] buff, int size);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_loop(int p, int cnt, dotnetWinpCap.packet_handler callback, int user);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_open_live(string device, int snaplen, int promisc, int to_ms, StringBuilder ebuf);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern System.Byte[] pcap_next(int p, int pkt_header);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_setmintocopy(int p, int size);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern void pcap_freealldevs(int devicelist);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_open(string source, int snaplen, int flags, int read_timeout, int auth, StringBuilder errbuf);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_next_ex(int p, ref int pkt_header, ref int packetdata);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern void pcap_close(int p);
[DllImport("Kernel32", SetLastError=false)]
private static extern bool CloseHandle(int handle);
public static ArrayList FindAllDevs()
{
ArrayList arrayList;
dotnetWinpCap.pcap_if pcap_if;
int i;
StringBuilder stringBuilder;
int i1;
Device device;
dotnetWinpCap.pcap_addr pcap_addr;
dotnetWinpCap.sockaddr sockaddr;
dotnetWinpCap.sockaddr sockaddr1;
System.String[] arr;
arrayList = new ArrayList();
pcap_if.addresses = 0;
pcap_if.description = new StringBuilder().ToString();
pcap_if.flags = 0;
pcap_if.name = new StringBuilder().ToString();
pcap_if.next = 0;
i = 0;
stringBuilder = new StringBuilder(256);
i1 = 0;
if (dotnetWinpCap.pcap_findalldevs(ref i, stringBuilder) != -1)
{
goto ILO_006d;
}
return null;
ILO_006d:
i1 = i;
goto ILO_026f;
ILO_0075:
device = new Device();
arrayList.Add(device);
pcap_if = ((dotnetWinpCap.pcap_if)(Marshal.PtrToStructure((System.IntPtr) i, typeof(dotnetWinpCap.pcap_if))));
device.Name = pcap_if.name;
device.Description = pcap_if.description;
if (pcap_if.addresses == 0)
{
goto ILO_0267;
}
pcap_addr = ((dotnetWinpCap.pcap_addr)(Marshal.PtrToStructure((System.IntPtr)pcap_if.addresses, typeof(dotnetWinpCap.pcap_addr))));
if (pcap_addr.addr == 0)
{
goto ILO_01ab;
}
sockaddr = ((dotnetWinpCap.sockaddr)(Marshal.PtrToStructure((System.IntPtr)pcap_addr.addr, typeof(dotnetWinpCap.sockaddr))));
arr = new string[7];
arr[0] = sockaddr.addr[0].ToString();
arr[1] = ".";
arr[2] = sockaddr.addr[1].ToString();
arr[3] = ".";
arr[4] = sockaddr.addr[2].ToString();
arr[5] = ".";
arr[6] = sockaddr.addr[3].ToString();
device.Address = string.Concat(arr);
ILO_01ab:
if (pcap_addr.netmask == 0)
{
goto ILO_0267;
}
sockaddr1 = ((dotnetWinpCap.sockaddr)(Marshal.PtrToStructure((System.IntPtr)pcap_addr.netmask, typeof(dotnetWinpCap.sockaddr))));
arr = new string[7];
arr[0] = sockaddr1.addr[0].ToString();
arr[1] = ".";
arr[2] = sockaddr1.addr[1].ToString();
arr[3] = ".";
arr[4] = sockaddr1.addr[2].ToString();
arr[5] = ".";
arr[6] = sockaddr1.addr[3].ToString();
device.Netmask = string.Concat(arr);
ILO_0267:
i = pcap_if.next;
ILO_026f:
if (i != 0)
{
goto ILO_0075;
}
dotnetWinpCap.pcap_freealldevs(i1);
return arrayList;
}

public virtual bool Open(string source, int snaplen, int flags, int read_timeout)
{
if ((pcap_t != 0) == false)
{
goto ILO_0018;
}
throw new dotnetWinpCap.AlreadyOpenException();
ILO_0018:
pcap_t = dotnetWinpCap.pcap_open(source, snaplen, flags, read_timeout, 0, errbuf);
if (pcap_t == 0)
{
goto ILO_0050;
}
m_isopen = true;
m_attachedDevice = source;
return true;
ILO_0050:
m_isopen = false;
m_attachedDevice = null;
return false;
}

private void Loop()
{
int i;
callback = new dotnetWinpCap.packet_handler(this.LoopCallback);
i = 0;
new HandleRef(callback, (System.IntPtr) i);
dotnetWinpCap.pcap_loop(pcap_t, 0, callback, 0);
return;
}

private void LoopCallback(int param, int header, int pkt_data)
{
dotnetWinpCap.pcap_pkthdr pcap_pkthdr;
System.Byte[] arr;
Marshal.PtrToStringAnsi((System.IntPtr)param);
pcap_pkthdr = ((dotnetWinpCap.pcap_pkthdr)(Marshal.PtrToStructure((System.IntPtr)header, typeof(dotnetWinpCap.pcap_pkthdr))));
arr = new Byte[pcap_pkthdr.caplen];
Marshal.Copy((System.IntPtr) pkt_data, arr, 0, (int)pcap_pkthdr.caplen);
Marshal.PtrToStringAnsi((System.IntPtr)pkt_data);
return;
}

private bool OpenLive(string source, int snaplen, int promisc, int to_ms)
{
pcap_t = dotnetWinpCap.pcap_open_live(source, snaplen, promisc, to_ms, errbuf);
if (pcap_t == 0)
{
goto ILO_0025;
}
return true;
ILO_0025:
return false;
}

private dotnetWinpCap.PCAP_NEXT_EX_STATE ReadNextInternal(out PacketHeader p, out System.Byte[] packet_data, out int pkthdr, out int pktdata)
{
int i;
dotnetWinpCap.pcap_pkthdr pcap_pkthdr;
pkthdr = 0;
pktdata = 0;
p = null;
packet_data = null;
if (pcap_t != 0)
{
goto ILO_003c;
}
errbuf = new StringBuilder("No adapter is currently open");
return PCAP_NEXT_EX_STATE.ERROR;
ILO_003c:
i = dotnetWinpCap.pcap_next_ex(pcap_t, ref pkthdr, ref pktdata);
if (i != 0)
{
goto ILO_0050;
}
return 0;
ILO_0050:
if (i != 1)
{
goto ILO_00cc;
}
pcap_pkthdr = ((dotnetWinpCap.pcap_pkthdr)(Marshal.PtrToStructure((System.IntPtr) pkthdr, typeof(dotnetWinpCap.pcap_pkthdr))));
p = new PacketHeader();
p.Caplength = (int)pcap_pkthdr.caplen;
p.Length = (int)pcap_pkthdr.len;
p.ts = pcap_pkthdr.ts;
packet_data = new Byte[((System.UInt32)(p.Length))];
Marshal.Copy((System.IntPtr)pktdata, packet_data, 0, p.Length);
return PCAP_NEXT_EX_STATE.SUCCESS;
ILO_00cc:
if (i != -1)
{
goto ILO_00d2;
}
return PCAP_NEXT_EX_STATE.ERROR;
ILO_00d2:
if (i != -2)
{
goto ILO_00da;
}
return PCAP_NEXT_EX_STATE.EOF;
ILO_00da:
return PCAP_NEXT_EX_STATE.UNKNOWN;
}
public virtual dotnetWinpCap.PCAP_NEXT_EX_STATE ReadNextInternal(out PacketHeader p, out System.Byte[] packet_data)
{
int i;
return ReadNextInternal(out p, out packet_data, out i, out i);
}
public virtual bool SendPacket(System.Byte[] packet_data)
{
int i;
i = dotnetWinpCap.pcap_sendpacket(pcap_t, packet_data, packet_data.Length);
if (i != 0)
{
goto ILO_0015;
}
return true;
ILO_0015:
return false;
}
private void MonitorDump()
{
if (dotnetWinpCap.pcap_live_dump_ended(pcap_t, 1) == 0)
{
goto ILO_0022;
}
if (OnDumpEnded == null)
{
goto ILO_0022;
}
OnDumpEnded.Invoke(this);
ILO_0022:
return;
}

private void DumpPacket(object sender, int header, int data)
{
if ((dumper != 0) == false)
{
goto ILO_001f;
}
dotnetWinpCap.pcap_dump(dumper, header, data);
ILO_001f:
return;
}

public virtual void StopDump()
{
dotnetWinpCap dotnetWinpCap;
dotnetWinpCap = this;
dotnetWinpCap.OnReceivePacketInternal = (Delegate.Remove(dotnetWinpCap.OnReceivePacketInternal, new dotnetWinpCap.ReceivePacketInternal(this.DumpPacket)) as dotnetWinpCap.ReceivePacketInternal);
if ((dumper != 0) == false)
{
goto ILO_004a;
}
dotnetWinpCap.pcap_dump_close(dumper);
dumper = 0;
ILO_004a:
return;
}
public virtual bool StartDump(string filename)
{
bool bl;
dotnetWinpCap dotnetWinpCap;
if ((pcap_t != 0) == false)
{
goto ILO_004f;
}
try
{
dumper = dotnetWinpCap.pcap_dump_open(pcap_t, filename);
goto ILO_002b;
}
catch (System.Exception obj)
{
//obj;
bl = false;
goto ILO_0051;
}
ILO_002b:
dotnetWinpCap = this;
dotnetWinpCap.OnReceivePacketInternal = (Delegate.Combine(dotnetWinpCap.OnReceivePacketInternal, new dotnetWinpCap.ReceivePacketInternal(this.DumpPacket)) as dotnetWinpCap.ReceivePacketInternal);
return true;
ILO_004f:
return false;
ILO_0051:
return bl;
}

private bool StartLiveDump(string filename, int maxbytes, int maxpackets)
{
fname = filename;
maxb = maxbytes;
maxp = maxpackets;
if (dotnetWinpCap.pcap_live_dump(pcap_t, fname, maxb, maxp) != 0)
{
goto ILO_0048;
}
new Thread(new ThreadStart(this.MonitorDump));
return true;
ILO_0048:
return false;
}

public virtual int SetMinToCopy(int size)
{
if (dotnetWinpCap.pcap_setmintocopy(pcap_t, size) != 0)
{
goto ILO_0010;
}
return 1;
ILO_0010:
return 0;
}

private void ReadNextLoop()
{
PacketHeader packetHeader;
System.Byte[] arr;
int i;
int i1;
dotnetWinpCap.PCAP_NEXT_EX_STATE pCAP_NEXT_EX_STATE;
ILO_0000:
packetHeader = null;
arr = null;
pCAP_NEXT_EX_STATE = ReadNextInternal(out packetHeader, out arr, out i, out i1);
if (pCAP_NEXT_EX_STATE != PCAP_NEXT_EX_STATE.SUCCESS)
{
goto ILO_0000;
}
if (OnReceivePacket == null)
{
goto ILO_002f;
}
OnReceivePacket.Invoke(this, packetHeader, arr);
ILO_002f:
if (OnReceivePacketInternal == null)
{
goto ILO_0000;
}
OnReceivePacketInternal.Invoke(this, i, i1);
goto ILO_0000;
}

public virtual bool SetKernelBuffer(int bytes)
{
if (dotnetWinpCap.pcap_setbuff(pcap_t, bytes) == 0)
{
goto ILO_0010;
}
return false;
ILO_0010:
return true;
}

public virtual void StartListen()
{
if (ListenThread == null)
{
goto ILO_0013;
}
ListenThread.Abort();
ILO_0013:
ListenThread = new Thread(new ThreadStart(this.ReadNextLoop));
ListenThread.Start();
m_islistening = true;
return;
}

public virtual void StopListen()
{
if (ListenThread == null)
{
goto ILO_0027;
}
if (ListenThread.IsAlive == false)
{
goto ILO_0020;
}
ListenThread.Abort();
ILO_0020:
ListenThread = null;
ILO_0027:
m_islistening = false;
return;
}
public virtual void Close()
{
StopDump();
if (IsListening == false)
{
goto ILO_0014;
}
StopListen();
ILO_0014:
m_isopen = false;
m_attachedDevice = null;
if ((pcap_t != 0) == false)
{
goto ILO_004a;
}
dotnetWinpCap.pcap_close(pcap_t);
pcap_t = 0;
ILO_004a:
return;
}

private void Dispose()
{
Dispose(true);
GC.SuppressFinalize(this);
return;
}
private void Dispose(bool disposing)
{
if (disposed != false)
{
goto ILO_005a;
}
if (disposing == false)
{
goto ILO_0032;
}
if (ListenThread == null)
{
goto ILO_0032;
}
if (ListenThread.IsAlive == false)
{
goto ILO_002b;
}
ListenThread.Abort();
ILO_002b:
ListenThread = null;
ILO_0032:
if ((pcap_t != 0) == false)
{
goto ILO_005a;
}
dotnetWinpCap.pcap_close(pcap_t);
pcap_t = 0;
ILO_005a:
disposed = true;
return;
}

~dotnetWinpCap()
{
try
{
Dispose(false);
goto ILO_0010;
}
finally
{
// base.Finalize();
}
ILO_0010:
return;
}

}

public class PacketHeader
{
public dotnetWinpCap.timeval ts;
private int caplen;
private int len;

public PacketHeader(dotnetWinpCap.timeval ts, int caplen, int len)
{
caplen = 0;
len = 0;
ts = ts;
caplen = caplen;
len = len;
return;
}

public PacketHeader()
{
caplen = 0;
len = 0;
return;
}
public virtual int Caplength
{
get
{
return caplen;
}
set
{
caplen = value;
return;
}
}
public virtual int Length
{
get
{
return len;
}
set
{
len = value;
return;
}
}
public virtual DateTime TimeStamp
{
get
{
DateTime dateTime;
DateTime dateTime1;
dateTime1 = new DateTime(1970, 1, 1);
dateTime = dateTime1.AddSeconds(((System.Double)(ts.tv_sec)));
dateTime.AddMilliseconds(((System.Double)(ts.tv_usec)));
return dateTime;
}
}
}

Re: upgrade to .net 2005 ?

cooke123

21:36 13 Nov '07

in c++, struct sockaddr format is struct sockaddr { short family, char[14] data } so i change sockaddr defination like this, it can pass. struct sockaddr { short family, UInt16 port, byte ip1, byte ip2, byte ip3, byte ip4, Int64 data }
Sign In·View Thread·PermaLink

Urgent:winpcap with realbasic?

infantilo

10:10 28 Nov '06

Hi there! I'd need urgent advice how to use winpcap in realbasic. Tried vbpcap.dll but can't set parameter. Would the .net wrapper work with realbasic 2006? (Maybe one of you code-gurus could help and give advice?) yours repectfully peter
Sign In·View Thread·PermaLink

get the content?

dennis0206

3:33 1 Nov '06

Hi! Is it possible to get the content of message? Only the caplength, length, timestamp will be write into the richtextbox. the problem is there are only these 3 attributes. may you got the function "startdump()". but it only writes it into a textfile. i dont got it to write it into an other richtextbox. you understand my problem?
Sign In·View Thread·PermaLink	5.00/5 (1 vote)

Re: get the content?

dennis0206

4:51 1 Nov '06

sry!!! dont have read all the messages....
Sign In·View Thread·PermaLink	5.00/5 (1 vote)

read a file.acp

DanieleBianchi

6:55 21 Sep '06

there is a method to read a file.acp(for example the same file that the program have created when I make StartDump) using a similar code with c#, because I will have the possibility to control the traffic after the sniffing. thanks
Sign In·View Thread·PermaLink

General News Question Answer Joke Rant Admin

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+PgUp/PgDown to switch pages.

PermaLink | Privacy | Terms of Use
Last Updated: 25 Mar 2009
Editor: Deeksha Shenoy