Introduction
Winpcap has been the de facto library in packet capture applications, but the problem is that it is only natively available for C++ and C.
This is an attempt to port some of the crucial Winpcap functions for the .NET environment. The demonstration project here is written in C#.
First of all, you need to install Winpcap from winpcap's Web site and then extract the project zip file. Be sure to reference dotnetwinpcap.dll in the project if not already so.
Methods Available
-
static ArrayList FindAllDevs()
Returns an ArrayList of Device objects, each describing an Ethernet interface on the system.
-
bool Open(string source, int snaplen, int flags, int read_timeout)
Opens an Ethernet interface with source as the name of the interface obtained from a Device object, snaplen is the max number of bytes to be captured from each packet, flags=1 means promiscuous mode, read_timeout is the blocking time of ReadNext before it returns.
-
PCAP_NEXT_EX_STATE ReadNext( out PacketHeader p, out byte[] packet_data)
Reads a next packet and return the packet details (size and timestamp) to object p, and packet raw data in packet_data (array of bytes).
-
void StopDump()
Stops dumping of capture data to a file.
-
bool StartDump(string filename)
Starts dumping of capture data to a file.
-
bool SetMinToCopy(int size)
Sets the minimum number of bytes required to be received by the driver before OnReceivePacket fires. Lowering this can increase response time, but increases system calls which lowers program efficiency.
-
bool SetKernelBuffer(int bytes)
Sets the number of bytes in the driver kernel buffer for packet capture. Increase this to avoid packet loss and improve performance. Default is 1 MB.
-
void StartListen()
Starts listening for packets.
-
void StopListen()
Stops listening for packets.
-
void Close()
Stops all operations and releases all resources.
-
bool SendPacket(byte[] rawdata)
Sends bytes contained in rawdata over the wire. The ethernet checksum will be automatically added prior to sending the packet. Returns true if send is successful, false otherwise.
Properties
-
bool IsListening
true if the dotnetWinpcap object is listening, false otherwise.
-
string LastError
Returns the last error encountered by the library, if any.
Event Support
delegate void ReceivePacket (object sender, PacketHeader p, byte[] s);
event ReceivePacket OnReceivePacket;
Once StartListen() is called, OnReceivePacket will start to fire on every packet encountered, until StopListen() is called, or Close() is called.
Delegate objects of the above signature may be attached to the OnReceivePacket event to receive notification and perform further processing, as demonstrated in the demo source code.
History
- 28th May, 2003: Initial post
- 25th Aug 2003 - Updated source code
- 28th June, 2008: Updated source code
- 24th March, 2009: Updated source code to include client code as requested by Ashin
This member has not yet provided a Biography. Assume it's interesting and varied, and probably something to do with programming.
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
The combination of abbreviation and weird capitalization doesn't work well - putting the classes in a WinPcap namespace, and renaming dotnetWinpCap to something like PacketCapturer could work.
