|
|
Introduction
Winpcap (winpcap.polito.it) has been the de facto library in packet capture applications, but the problem is it is only natively available for C++ and C.
This is an attempt to port some of the crucial Winpcap functions for the .NET environment. The demonstration project here is written in C#.
First of all, you need to install Winpcap from winpcap's web site and then extract the project zip file. Be sure to reference dotnetwinpcap.dll in the project if not already so.
Methods available
static ArrayList FindAllDevs() - Returns an ArrayList of Device objects, each describing an Ethernet interface on the system.
bool Open(string source, int snaplen, int flags, int read_timeout) - Opens an Ethernet interface with source as the name of the interface obtained from a Device object, snaplen is the max number of bytes to be captured from each packet, flags=1 means promiscuous mode, read_timeout is the blocking time of ReadNext before it returns.
PCAP_NEXT_EX_STATE ReadNext( out PacketHeader p, out byte[] packet_data) - Reads a next packet and return the packet details (size and timestamp) to object p, and packet raw data in packet_data (array of bytes).
void StopDump() - stops dumping of capture data to a file.
bool StartDump(string filename) - starts dumping of capture data to a file.
bool SetMinToCopy(int size) - sets the minimum number of bytes required to be received by the driver before OnReceivePacket fires. Lowering this can increase response time, but increases system calls which lowers program efficiency.
bool SetKernelBuffer(int bytes) - sets the number of bytes in the driver kernel buffer for packet capture. Increase this to avoid packet loss and improve performance. Default is 1 MB.
void StartListen() - starts listening for packets
void StopListen() - stops listening for packets
void Close() - stops all operations and releases all resource
bool SendPacket(byte[] rawdata) - sends bytes contained in rawdata over the wire. The ethernet checksum will be automatically added prior to sending the packet. Returns true if send is successful, false otherwise.
Properties
bool IsListening - true if the dotnetWinpcap object is listening, false otherwise.
string LastError - returns the last error encountered by the library, if any.
Event support
delegate void ReceivePacket (object sender, PacketHeader p, byte[] s);
event ReceivePacket OnReceivePacket;
Once StartListen() is called, OnReceivePacket will start to fire on every packet encountered, until StopListen() is called, or Close() is called.
Delegate objects of the above signature may be attached to the OnReceivePacket event to receive notification and perform further processing, as demonstrated in the demo source code.
Coming up...
The next version will include driver-level filtering of packets, depending on demand for further development.
History
25 Aug 2003 - Updated source code
| You must Sign In to use this message board. |
|
| | Msgs 1 to 25 of 77 (Total in Forum: 77) (Refresh) | FirstPrevNext |
|
|
 |
|
|
hi ,
i wpuld like to know how to decode packets using
winpcap in ur project .
plz reply me as soon as possible
Thankx.
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
Hi
I have to develop a Network Sniffer using c#. I'm very new to network programming.
Is it necessary that I've to make use of WinPcap?
Does .Net provide all the functionalities of WinPcap?
Regards,
Diana.
|
| Sign In·View Thread·PermaLink | 5.00/5 (1 vote) |
|
|
|
|
|
|
|
|
|
Hello,
I have tried to upgrade the code to .net 2005, but I have an exception which I did not overcome.
Is there anyone here who upgrade the implementation, and can send it here ?
Thank you !
|
| Sign In·View Thread·PermaLink | 5.00/5 (1 vote) |
|
|
|
|
|
|
Here is what I have, the problem is that I get exception in the line:
sockaddr = ((dotnetWinpCap.sockaddr)(Marshal.PtrToStructure((System.IntPtr)pcap_addr.addr, typeof(dotnetWinpCap.sockaddr))));
Does anyone know what is wrong with this upgrade ?
using System;
using System.Collections;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
public class Device
{
private string name;
private string description;
private string address;
private string netmask;
public Device()
{
name = null;
description = null;
address = null;
netmask = null;
return;
}
public virtual string Name
{
get
{
return name;
}
set
{
name = value;
return;
}
}
public virtual string Description
{
get
{
return description;
}
set
{
description = value;
return;
}
}
public virtual string Address
{
get
{
return address;
}
set
{
address = value;
return;
}
}
public virtual string Netmask
{
get
{
return netmask;
}
set
{
netmask = value;
return;
}
}
}
public class dotnetWinpCap
{
public class AlreadyOpenException : Exception
{
public AlreadyOpenException()
{
return;
}
public override string Message
{
get
{
return "Device attached to object already open. Close first before reopening";
}
}
}
delegate void packet_handler(int param, int header, int pkt_data);
public enum PCAP_NEXT_EX_STATE
{
SUCCESS = 1,
TIMEOUT = 0,
ERROR = -1,
EOF = -2,
UNKNOWN = -3,
}
public delegate void ReceivePacket(object sender, PacketHeader p, System.Byte[] s);
delegate void DumpEnded(object sender);
delegate void ReceivePacketInternal(object sender, int header, int data);
[StructLayout(LayoutKind.Sequential)]
public struct pcap_pkthdr
{
public dotnetWinpCap.timeval ts;
public UInt32 caplen;
public UInt32 len;
}
[StructLayout(LayoutKind.Sequential)]
public struct timeval
{
public UInt32 tv_sec;
public UInt32 tv_usec;
}
[StructLayout(LayoutKind.Sequential)]
private struct pcap_rmtauth
{
private int type;
private string username;
private string password;
}
[StructLayout(LayoutKind.Sequential)]
private struct in_addr
{
public char b1;
public char b2;
public char b3;
public char b4;
public UInt16 w1;
public UInt16 w2;
public UInt64 addr;
}
[StructLayout(LayoutKind.Sequential)]
private struct sockaddr
{
public short family;
public UInt16 port;
public byte[] addr;
public byte[] zero;
}
[StructLayout(LayoutKind.Sequential)]
private struct pcap_addr
{
public int next;
public int addr;
public int netmask;
public int broadaddr;
public int dstaddr;
}
[StructLayout(LayoutKind.Sequential)]
private struct pcap_if
{
public int next;
public string name;
public string description;
public int addresses;
public UInt32 flags;
}
private Thread ListenThread;
private bool disposed;
private dotnetWinpCap.packet_handler callback;
private string fname;
private int maxb;
private int maxp;
private bool m_islistening;
private bool m_isopen;
private string m_attachedDevice;
private int pcap_t;
private int dumper;
private StringBuilder errbuf;
public dotnetWinpCap()
{
ListenThread = null;
disposed = false;
callback = null;
fname = "";
maxb = 0;
maxp = 0;
m_islistening = false;
m_isopen = false;
m_attachedDevice = null;
pcap_t = 0;
dumper = 0;
errbuf = new StringBuilder(256);
return;
}
public virtual string AttachedDevice
{
get
{
return m_attachedDevice;
}
}
public virtual string LastError
{
get
{
return errbuf.ToString();
}
}
public virtual bool IsListening
{
get
{
return m_islistening;
}
}
public virtual bool IsOpen
{
get
{
return m_isopen;
}
}
public event dotnetWinpCap.ReceivePacket OnReceivePacket;
private event dotnetWinpCap.DumpEnded OnDumpEnded;
private event dotnetWinpCap.ReceivePacketInternal OnReceivePacketInternal;
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_findalldevs(ref int devicelist, StringBuilder errbuf);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_setbuff(int p, int kernelbufferbytes);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_live_dump(int p, string filename, int maxsize, int maxpacks);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_live_dump_ended(int p, int sync);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_dump_open(int p, string filename);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern void pcap_dump(int dumper, int h, int data);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern void pcap_dump_close(int dumper);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_sendpacket(int p, System.Byte[] buff, int size);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_loop(int p, int cnt, dotnetWinpCap.packet_handler callback, int user);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_open_live(string device, int snaplen, int promisc, int to_ms, StringBuilder ebuf);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern System.Byte[] pcap_next(int p, int pkt_header);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_setmintocopy(int p, int size);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern void pcap_freealldevs(int devicelist);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_open(string source, int snaplen, int flags, int read_timeout, int auth, StringBuilder errbuf);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_next_ex(int p, ref int pkt_header, ref int packetdata);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern void pcap_close(int p);
[DllImport("Kernel32", SetLastError=false)]
private static extern bool CloseHandle(int handle);
public static ArrayList FindAllDevs()
{
ArrayList arrayList;
dotnetWinpCap.pcap_if pcap_if;
int i;
StringBuilder stringBuilder;
int i1;
Device device;
dotnetWinpCap.pcap_addr pcap_addr;
dotnetWinpCap.sockaddr sockaddr;
dotnetWinpCap.sockaddr sockaddr1;
System.String[] arr;
arrayList = new ArrayList();
pcap_if.addresses = 0;
pcap_if.description = new StringBuilder().ToString();
pcap_if.flags = 0;
pcap_if.name = new StringBuilder().ToString();
pcap_if.next = 0;
i = 0;
stringBuilder = new StringBuilder(256);
i1 = 0;
if (dotnetWinpCap.pcap_findalldevs(ref i, stringBuilder) != -1)
{
goto ILO_006d;
}
return null;
ILO_006d:
i1 = i;
goto ILO_026f;
ILO_0075:
device = new Device();
arrayList.Add(device);
pcap_if = ((dotnetWinpCap.pcap_if)(Marshal.PtrToStructure((System.IntPtr) i, typeof(dotnetWinpCap.pcap_if))));
device.Name = pcap_if.name;
device.Description = pcap_if.description;
if (pcap_if.addresses == 0)
{
goto ILO_0267;
}
pcap_addr = ((dotnetWinpCap.pcap_addr)(Marshal.PtrToStructure((System.IntPtr)pcap_if.addresses, typeof(dotnetWinpCap.pcap_addr))));
if (pcap_addr.addr == 0)
{
goto ILO_01ab;
}
sockaddr = ((dotnetWinpCap.sockaddr)(Marshal.PtrToStructure((System.IntPtr)pcap_addr.addr, typeof(dotnetWinpCap.sockaddr))));
arr = new string[7];
arr[0] = sockaddr.addr[0].ToString();
arr[1] = ".";
arr[2] = sockaddr.addr[1].ToString();
arr[3] = ".";
arr[4] = sockaddr.addr[2].ToString();
arr[5] = ".";
arr[6] = sockaddr.addr[3].ToString();
device.Address = string.Concat(arr);
ILO_01ab:
if (pcap_addr.netmask == 0)
{
goto ILO_0267;
}
sockaddr1 = ((dotnetWinpCap.sockaddr)(Marshal.PtrToStructure((System.IntPtr)pcap_addr.netmask, typeof(dotnetWinpCap.sockaddr))));
arr = new string[7];
arr[0] = sockaddr1.addr[0].ToString();
arr[1] = ".";
arr[2] = sockaddr1.addr[1].ToString();
arr[3] = ".";
arr[4] = sockaddr1.addr[2].ToString();
arr[5] = ".";
arr[6] = sockaddr1.addr[3].ToString();
device.Netmask = string.Concat(arr);
ILO_0267:
i = pcap_if.next;
ILO_026f:
if (i != 0)
{
goto ILO_0075;
}
dotnetWinpCap.pcap_freealldevs(i1);
return arrayList;
}
public virtual bool Open(string source, int snaplen, int flags, int read_timeout)
{
if ((pcap_t != 0) == false)
{
goto ILO_0018;
}
throw new dotnetWinpCap.AlreadyOpenException();
ILO_0018:
pcap_t = dotnetWinpCap.pcap_open(source, snaplen, flags, read_timeout, 0, errbuf);
if (pcap_t == 0)
{
goto ILO_0050;
}
m_isopen = true;
m_attachedDevice = source;
return true;
ILO_0050:
m_isopen = false;
m_attachedDevice = null;
return false;
}
private void Loop()
{
int i;
callback = new dotnetWinpCap.packet_handler(this.LoopCallback);
i = 0;
new HandleRef(callback, (System.IntPtr) i);
dotnetWinpCap.pcap_loop(pcap_t, 0, callback, 0);
return;
}
private void LoopCallback(int param, int header, int pkt_data)
{
dotnetWinpCap.pcap_pkthdr pcap_pkthdr;
System.Byte[] arr;
Marshal.PtrToStringAnsi((System.IntPtr)param);
pcap_pkthdr = ((dotnetWinpCap.pcap_pkthdr)(Marshal.PtrToStructure((System.IntPtr)header, typeof(dotnetWinpCap.pcap_pkthdr))));
arr = new Byte[pcap_pkthdr.caplen];
Marshal.Copy((System.IntPtr) pkt_data, arr, 0, (int)pcap_pkthdr.caplen);
Marshal.PtrToStringAnsi((System.IntPtr)pkt_data);
return;
}
private bool OpenLive(string source, int snaplen, int promisc, int to_ms)
{
pcap_t = dotnetWinpCap.pcap_open_live(source, snaplen, promisc, to_ms, errbuf);
if (pcap_t == 0)
{
goto ILO_0025;
}
return true;
ILO_0025:
return false;
}
private dotnetWinpCap.PCAP_NEXT_EX_STATE ReadNextInternal(out PacketHeader p, out System.Byte[] packet_data, out int pkthdr, out int pktdata)
{
int i;
dotnetWinpCap.pcap_pkthdr pcap_pkthdr;
pkthdr = 0;
pktdata = 0;
p = null;
packet_data = null;
if (pcap_t != 0)
{
goto ILO_003c;
}
errbuf = new StringBuilder("No adapter is currently open");
return PCAP_NEXT_EX_STATE.ERROR;
ILO_003c:
i = dotnetWinpCap.pcap_next_ex(pcap_t, ref pkthdr, ref pktdata);
if (i != 0)
{
goto ILO_0050;
}
return 0;
ILO_0050:
if (i != 1)
{
goto ILO_00cc;
}
pcap_pkthdr = ((dotnetWinpCap.pcap_pkthdr)(Marshal.PtrToStructure((System.IntPtr) pkthdr, typeof(dotnetWinpCap.pcap_pkthdr))));
p = new PacketHeader();
p.Caplength = (int)pcap_pkthdr.caplen;
p.Length = (int)pcap_pkthdr.len;
p.ts = pcap_pkthdr.ts;
packet_data = new Byte[((System.UInt32)(p.Length))];
Marshal.Copy((System.IntPtr)pktdata, packet_data, 0, p.Length);
return PCAP_NEXT_EX_STATE.SUCCESS;
ILO_00cc:
if (i != -1)
{
goto ILO_00d2;
}
return PCAP_NEXT_EX_STATE.ERROR;
ILO_00d2:
if (i != -2)
{
goto ILO_00da;
}
return PCAP_NEXT_EX_STATE.EOF;
ILO_00da:
return PCAP_NEXT_EX_STATE.UNKNOWN;
}
public virtual dotnetWinpCap.PCAP_NEXT_EX_STATE ReadNextInternal(out PacketHeader p, out System.Byte[] packet_data)
{
int i;
return ReadNextInternal(out p, out packet_data, out i, out i);
}
public virtual bool SendPacket(System.Byte[] packet_data)
{
int i;
i = dotnetWinpCap.pcap_sendpacket(pcap_t, packet_data, packet_data.Length);
if (i != 0)
{
goto ILO_0015;
}
return true;
ILO_0015:
return false;
}
private void MonitorDump()
{
if (dotnetWinpCap.pcap_live_dump_ended(pcap_t, 1) == 0)
{
goto ILO_0022;
}
if (OnDumpEnded == null)
{
goto ILO_0022;
}
OnDumpEnded.Invoke(this);
ILO_0022:
return;
}
private void DumpPacket(object sender, int header, int data)
{
if ((dumper != 0) == false)
{
goto ILO_001f;
}
dotnetWinpCap.pcap_dump(dumper, header, data);
ILO_001f:
return;
}
public virtual void StopDump()
{
dotnetWinpCap dotnetWinpCap;
dotnetWinpCap = this;
dotnetWinpCap.OnReceivePacketInternal = (Delegate.Remove(dotnetWinpCap.OnReceivePacketInternal, new dotnetWinpCap.ReceivePacketInternal(this.DumpPacket)) as dotnetWinpCap.ReceivePacketInternal);
if ((dumper != 0) == false)
{
goto ILO_004a;
}
dotnetWinpCap.pcap_dump_close(dumper);
dumper = 0;
ILO_004a:
return;
}
public virtual bool StartDump(string filename)
{
bool bl;
dotnetWinpCap dotnetWinpCap;
if ((pcap_t != 0) == false)
{
goto ILO_004f;
}
try
{
dumper = dotnetWinpCap.pcap_dump_open(pcap_t, filename);
goto ILO_002b;
}
catch (System.Exception obj)
{
//obj;
bl = false;
goto ILO_0051;
}
ILO_002b:
dotnetWinpCap = this;
dotnetWinpCap.OnReceivePacketInternal = (Delegate.Combine(dotnetWinpCap.OnReceivePacketInternal, new dotnetWinpCap.ReceivePacketInternal(this.DumpPacket)) as dotnetWinpCap.ReceivePacketInternal);
return true;
ILO_004f:
return false;
ILO_0051:
return bl;
}
private bool StartLiveDump(string filename, int maxbytes, int maxpackets)
{
fname = filename;
maxb = maxbytes;
maxp = maxpackets;
if (dotnetWinpCap.pcap_live_dump(pcap_t, fname, maxb, maxp) != 0)
{
goto ILO_0048;
}
new Thread(new ThreadStart(this.MonitorDump));
return true;
ILO_0048:
return false;
}
public virtual int SetMinToCopy(int size)
{
if (dotnetWinpCap.pcap_setmintocopy(pcap_t, size) != 0)
{
goto ILO_0010;
}
return 1;
ILO_0010:
return 0;
}
private void ReadNextLoop()
{
PacketHeader packetHeader;
System.Byte[] arr;
int i;
int i1;
dotnetWinpCap.PCAP_NEXT_EX_STATE pCAP_NEXT_EX_STATE;
ILO_0000:
packetHeader = null;
arr = null;
pCAP_NEXT_EX_STATE = ReadNextInternal(out packetHeader, out arr, out i, out i1);
if (pCAP_NEXT_EX_STATE != PCAP_NEXT_EX_STATE.SUCCESS)
{
goto ILO_0000;
}
if (OnReceivePacket == null)
{
goto ILO_002f;
}
OnReceivePacket.Invoke(this, packetHeader, arr);
ILO_002f:
if (OnReceivePacketInternal == null)
{
goto ILO_0000;
}
OnReceivePacketInternal.Invoke(this, i, i1);
goto ILO_0000;
}
public virtual bool SetKernelBuffer(int bytes)
{
if (dotnetWinpCap.pcap_setbuff(pcap_t, bytes) == 0)
{
goto ILO_0010;
}
return false;
ILO_0010:
return true;
}
public virtual void StartListen()
{
if (ListenThread == null)
{
goto ILO_0013;
}
ListenThread.Abort();
ILO_0013:
ListenThread = new Thread(new ThreadStart(this.ReadNextLoop));
ListenThread.Start();
m_islistening = true;
return;
}
public virtual void StopListen()
{
if (ListenThread == null)
{
goto ILO_0027;
}
if (ListenThread.IsAlive == false)
{
goto ILO_0020;
}
ListenThread.Abort();
ILO_0020:
ListenThread = null;
ILO_0027:
m_islistening = false;
return;
}
public virtual void Close()
{
StopDump();
if (IsListening == false)
{
goto ILO_0014;
}
StopListen();
ILO_0014:
m_isopen = false;
m_attachedDevice = null;
if ((pcap_t != 0) == false)
{
goto ILO_004a;
}
dotnetWinpCap.pcap_close(pcap_t);
pcap_t = 0;
ILO_004a:
return;
}
private void Dispose()
{
Dispose(true);
GC.SuppressFinalize(this);
return;
}
private void Dispose(bool disposing)
{
if (disposed != false)
{
goto ILO_005a;
}
if (disposing == false)
{
goto ILO_0032;
}
if (ListenThread == null)
{
goto ILO_0032;
}
if (ListenThread.IsAlive == false)
{
goto ILO_002b;
}
ListenThread.Abort();
ILO_002b:
ListenThread = null;
ILO_0032:
if ((pcap_t != 0) == false)
{
goto ILO_005a;
}
dotnetWinpCap.pcap_close(pcap_t);
pcap_t = 0;
ILO_005a:
disposed = true;
return;
}
~dotnetWinpCap()
{
try
{
Dispose(false);
goto ILO_0010;
}
finally
{
// base.Finalize();
}
ILO_0010:
return;
}
}
public class PacketHeader
{
public dotnetWinpCap.timeval ts;
private int caplen;
private int len;
public PacketHeader(dotnetWinpCap.timeval ts, int caplen, int len)
{
caplen = 0;
len = 0;
ts = ts;
caplen = caplen;
len = len;
return;
}
public PacketHeader()
{
caplen = 0;
len = 0;
return;
}
public virtual int Caplength
{
get
{
return caplen;
}
set
{
caplen = value;
return;
}
}
public virtual int Length
{
get
{
return len;
}
set
{
len = value;
return;
}
}
public virtual DateTime TimeStamp
{
get
{
DateTime dateTime;
DateTime dateTime1;
dateTime1 = new DateTime(1970, 1, 1);
dateTime = dateTime1.AddSeconds(((System.Double)(ts.tv_sec)));
dateTime.AddMilliseconds(((System.Double)(ts.tv_usec)));
return dateTime;
}
}
}
|
| Sign In·View Thread·PermaLink | 2.00/5 (1 vote) |
|
|
|
|
|
|
in c++, struct sockaddr format is
struct sockaddr {
short family,
char[14] data
}
so i change sockaddr defination like this, it can pass.
struct sockaddr {
short family,
UInt16 port,
byte ip1,
byte ip2,
byte ip3,
byte ip4,
Int64 data
}
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
Hi there!
I'd need urgent advice how to use winpcap in realbasic. Tried vbpcap.dll but can't set parameter. Would the .net wrapper work with realbasic 2006? (Maybe one of you code-gurus could help and give advice?)
yours repectfully
peter
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
Hi!
Is it possible to get the content of message? Only the caplength, length, timestamp will be write into the richtextbox. the problem is there are only these 3 attributes.
may you got the function "startdump()". but it only writes it into a textfile. i dont got it to write it into an other richtextbox. 
you understand my problem? 
|
| Sign In·View Thread·PermaLink | 5.00/5 (1 vote) |
|
|
|
|
|
|
|
|
|
there is a method to read a file.acp(for example the same file that the program have created when I make StartDump) using a similar code with c#, because I will have the possibility to control the traffic after the sniffing.
thanks
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
|
|
|
I´m studing Electronical Engeneering in Universidad Simon Bolivar at Venezuela. For my thesis I have to create a homemade software that can capture traffic of VoIP among PC´s, after that I have to calculate some parameters of Quality of Service. I am aware Ethereal does all of these, and I know that Ethereal has free access to the codes, I downloaded " wireshark-0.99.2.tar". I have to develop my software in JAVA, I noticed that the codes are there but they are written in C. I´m not too good programming, I was assigned to this area for my thesis of fifth year, but clearly is not my specialty, therefore my project seems imposible for me, but I have faith you can help me with the codes in Java, (I know jpcap could help me, but I have no clue how to develop the software). The program I have to develop is simple and is only for academic porpuses, therefore I`m positive someone would be able to help me... please!!... I only need the codes for those specific functions...
Thanks for your time and future help! 
Sincerely yours,
Andreina Toro
PD: if I´m able to finish my thesis on time with your help, your invited to Caracas to my graduation on march!...
andre_t
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
This is just what i'm looking for, but the website does not seem to have the file dotnetwinpcap.dll.
Downloaded the developer pack for v3.1, but nothing in the zip apart from C++ files.
Can anyone help?
Thanks
|
| Sign In·View Thread·PermaLink | 1.55/5 (5 votes) |
|
|
|
|
|
|
This library is sweet, simple and easy to use.
However, the packet library only captures the header, instead of copying the entier packet of data, the packet listening routine just caputres the header bytes. Kind'a usless, so I did some changes to the code.
the only thing that needs to be changed is the InternalReadNext where the size of the buffer is determined from the header size, not the packet length. Change that and you ready to go.
Also, i noticed in order to get packets, you must set the SetMinToCopy to something, i set it to 1 and it works nicely, otherwise i think it's quite larg and it wont capture the packets in realtime, it some odd delay that won't go away if you don't change this.
|
| Sign In·View Thread·PermaLink | 1.00/5 (1 vote) |
|
|
|
|
|
|
The setmintocopy value means that winpcap will buffer packets up to this amount before firing. IF you want near real time response set it to something like 64. 1 is a bit low and will result in unncessary system calls.
|
| Sign In·View Thread·PermaLink | 2.00/5 (1 vote) |
|
|
|
|
|
|
I just wanted to say that I was able to contact the creator of this dll, and he specifically said that no one is allowed to decompile it. This means we can't have the source code. It's really a shame too.
Since he hasn't looked at the boards in so long, I thought I'd clarify that for others.
|
| Sign In·View Thread·PermaLink | 5.00/5 (1 vote) |
|
|
|
|
|
|
How to assemble the packets to get back image files and getting the search keywords used in google.com or other?
pls hlp me.
hi
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
|
|
|
Jpcap (Java) implements filtering, try using or porting that code (available on Sourceforge).
|
| Sign In·View Thread·PermaLink | 3.50/5 (2 votes) |
|
|
|
|
|
|
Could you mail me the source code of dotnetwinpcap.dll? It's very well done. Tks. My mail is nunommagalhaes@hotmail.com.
Greetings all,
Nuno Magalhaes.
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
|
|
|
[assembly: System.Reflection.AssemblyKeyName("")]
[assembly: System.Reflection.AssemblyKeyFile("d:\\data\\programming\\vcs\\key.snk")]
[assembly: System.Reflection.AssemblyDelaySign(false)]
[assembly: System.Reflection.AssemblyTrademark("")]
[assembly: System.Reflection.AssemblyCopyright("(c) 2003 Victor Tan")]
[assembly: System.Reflection.AssemblyProduct("")]
[assembly: System.Reflection.AssemblyCompany("utopian_centaury@yahoo.com")]
[assembly: System.Reflection.AssemblyConfiguration("")]
[assembly: System.Reflection.AssemblyDescription("Winpcap port for .NET framework")]
[assembly: System.Reflection.AssemblyTitle("dotnetWinpcap library")]
using System;
using System.Collections;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
public class Device
{
private string name;
private string description;
private string address;
private string netmask;
public Device()
{
name = null;
description = null;
address = null;
netmask = null;
return;
}
public virtual string Name
{
get
{
return name;
}
set
{
name = value;
return;
}
}
public virtual string Description
{
get
{
return description;
}
set
{
description = value;
return;
}
}
public virtual string Address
{
get
{
return address;
}
set
{
address = value;
return;
}
}
public virtual string Netmask
{
get
{
return netmask;
}
set
{
netmask = value;
return;
}
}
}
public class dotnetWinpCap
{
public class AlreadyOpenException : Exception
{
public AlreadyOpenException()
{
return;
}
public override string Message
{
get
{
return "Device attached to object already open. Close first before reopening";
}
}
}
delegate void packet_handler(int param, int header, int pkt_data);
public enum PCAP_NEXT_EX_STATE
{
SUCCESS = 1,
TIMEOUT = 0,
ERROR = -1,
EOF = -2,
UNKNOWN = -3,
}
delegate void ReceivePacket(object sender, PacketHeader p, System.Byte[] s);
delegate void DumpEnded(object sender);
delegate void ReceivePacketInternal(object sender, int header, int data);
public struct pcap_pkthdr
{
public dotnetWinpCap.timeval ts;
public UInt32 caplen;
public UInt32 len;
}
public struct timeval
{
public UInt32 tv_sec;
public UInt32 tv_usec;
}
private struct pcap_rmtauth
{
private int type;
private string username;
private string password;
}
private struct in_addr
{
public char b1;
public char b2;
public char b3;
public char b4;
public UInt16 w1;
public UInt16 w2;
public UInt64 addr;
}
private struct sockaddr
{
public short family;
public UInt16 port;
public System.Byte[] addr;
public System.Byte[] zero;
}
private struct pcap_addr
{
public int next;
public int addr;
public int netmask;
public int broadaddr;
public int dstaddr;
}
private struct pcap_if
{
public int next;
public string name;
public string description;
public int addresses;
public UInt32 flags;
}
private Thread ListenThread;
private bool disposed;
private dotnetWinpCap.packet_handler callback;
private string fname;
private int maxb;
private int maxp;
private bool m_islistening;
private bool m_isopen;
private string m_attachedDevice;
private int pcap_t;
private int dumper;
private dotnetWinpCap.ReceivePacket OnReceivePacket;
private dotnetWinpCap.DumpEnded OnDumpEnded;
private dotnetWinpCap.ReceivePacketInternal OnReceivePacketInternal;
private StringBuilder errbuf;
public dotnetWinpCap()
{
ListenThread = null;
disposed = 0;
callback = null;
fname = "";
maxb = 0;
maxp = 0;
m_islistening = 0;
m_isopen = 0;
m_attachedDevice = null;
pcap_t = IntPtr.Zero;
dumper = IntPtr.Zero;
errbuf = new StringBuilder(256);
return;
}
public virtual string AttachedDevice
{
get
{
return m_attachedDevice;
}
}
public virtual string LastError
{
get
{
return errbuf.ToString();
}
}
public virtual bool IsListening
{
get
{
return m_islistening;
}
}
public virtual bool IsOpen
{
get
{
return m_isopen;
}
}
public event dotnetWinpCap.ReceivePacket OnReceivePacket;
private event dotnetWinpCap.DumpEnded OnDumpEnded;
private event dotnetWinpCap.ReceivePacketInternal OnReceivePacketInternal;
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_findalldevs(ref int devicelist, StringBuilder errbuf);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_setbuff(int p, int kernelbufferbytes);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_live_dump(int p, string filename, int maxsize, int maxpacks);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_live_dump_ended(int p, int sync);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_dump_open(int p, string filename);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern void pcap_dump(int dumper, int h, int data);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern void pcap_dump_close(int dumper);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_sendpacket(int p, System.Byte[] buff, int size);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_loop(int p, int cnt, dotnetWinpCap.packet_handler callback, int user);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_open_live(string device, int snaplen, int promisc, int to_ms, StringBuilder ebuf);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern System.Byte[] pcap_next(int p, int pkt_header);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_setmintocopy(int p, int size);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern void pcap_freealldevs(int devicelist);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_open(string source, int snaplen, int flags, int read_timeout, int auth, StringBuilder errbuf);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern int pcap_next_ex(int p, ref int pkt_header, ref int packetdata);
[DllImport("wpcap.dll", SetLastError=false)]
private static extern void pcap_close(int p);
[DllImport("Kernel32", SetLastError=false)]
private static extern bool CloseHandle(int handle);
public static ArrayList FindAllDevs()
{
ArrayList arrayList;
dotnetWinpCap.pcap_if pcap_if;
int i;
StringBuilder stringBuilder;
int i1;
Device device;
dotnetWinpCap.pcap_addr pcap_addr;
dotnetWinpCap.sockaddr sockaddr;
dotnetWinpCap.sockaddr sockaddr1;
System.StringSystem.String[] arr;
arrayList = new ArrayList();
pcap_if.addresses = IntPtr.Zero;
pcap_if.description = new StringBuilder().ToString();
pcap_if.flags = 0;
pcap_if.name = new StringBuilder().ToString();
pcap_if.next = IntPtr.Zero;
i = IntPtr.Zero;
stringBuilder = new StringBuilder(256);
i1 = IntPtr.Zero;
if (dotnetWinpCap.pcap_findalldevs(ref i, stringBuilder) != -1)
{
goto ILO_006d;
}
return null;
ILO_006d:
i1 = i;
goto ILO_026f;
ILO_0075:
device = new Device();
arrayList.Add(device);
pcap_if = ((dotnetWinpCap.pcap_if)(Marshal.PtrToStructure(i, typeof(dotnetWinpCap.pcap_if))));
device.Name = pcap_if.name;
device.Description = pcap_if.description;
if (pcap_if.addresses.ToInt32() == 0)
{
goto ILO_0267;
}
pcap_addr = ((dotnetWinpCap.pcap_addr)(Marshal.PtrToStructure(pcap_if.addresses, typeof(dotnetWinpCap.pcap_addr))));
if (pcap_addr.addr.ToInt32() == 0)
{
goto ILO_01ab;
}
sockaddr = ((dotnetWinpCap.sockaddr)(Marshal.PtrToStructure(pcap_addr.addr, typeof(dotnetWinpCap.sockaddr))));
arr = new string[7];
arr[0] = sockaddr.addr[0].ToString();
arr[1] = ".";
arr[2] = sockaddr.addr[1].ToString();
arr[3] = ".";
arr[4] = sockaddr.addr[2].ToString();
arr[5] = ".";
arr[6] = sockaddr.addr[3].ToString();
device.Address = string.Concat(arr);
ILO_01ab:
if (pcap_addr.netmask.ToInt32() == 0)
{
goto ILO_0267;
}
sockaddr1 = ((dotnetWinpCap.sockaddr)(Marshal.PtrToStructure(pcap_addr.netmask, typeof(dotnetWinpCap.sockaddr))));
arr = new string[7];
arr[0] = sockaddr1.addr[0].ToString();
arr[1] = ".";
arr[2] = sockaddr1.addr[1].ToString();
arr[3] = ".";
arr[4] = sockaddr1.addr[2].ToString();
arr[5] = ".";
arr[6] = sockaddr1.addr[3].ToString();
device.Netmask = string.Concat(arr);
ILO_0267:
i = pcap_if.next;
ILO_026f:
if (i.ToInt32() != 0)
{
goto ILO_0075;
}
dotnetWinpCap.pcap_freealldevs(i1);
return arrayList;
}
public virtual bool Open(string source, int snaplen, int flags, int read_timeout)
{
if ((pcap_t != IntPtr.Zero) == 0)
{
goto ILO_0018;
}
throw new dotnetWinpCap.AlreadyOpenException();
ILO_0018:
pcap_t = dotnetWinpCap.pcap_open(source, snaplen, flags, read_timeout, IntPtr.Zero, errbuf);
if (pcap_t.ToInt32() == 0)
{
goto ILO_0050;
}
m_isopen = 1;
m_attachedDevice = source;
return 1;
ILO_0050:
m_isopen = 0;
m_attachedDevice = null;
return 0;
}
private void Loop()
{
int i;
callback = new dotnetWinpCap.packet_handler(this.LoopCallback);
i = IntPtr.Zero;
new HandleRef(callback, i);
dotnetWinpCap.pcap_loop(pcap_t, 0, callback, IntPtr.Zero);
return;
}
private void LoopCallback(int param, int header, int pkt_data)
{
dotnetWinpCap.pcap_pkthdr pcap_pkthdr;
System.ByteSystem.Byte[] arr;
Marshal.PtrToStringAnsi(param);
pcap_pkthdr = ((dotnetWinpCap.pcap_pkthdr)(Marshal.PtrToStructure(header, typeof(dotnetWinpCap.pcap_pkthdr))));
arr = new Byte[pcap_pkthdr.caplen];
Marshal.Copy(pkt_data, arr, 0, pcap_pkthdr.caplen);
Marshal.PtrToStringAnsi(pkt_data);
return;
}
private bool OpenLive(string source, int snaplen, int promisc, int to_ms)
{
pcap_t = dotnetWinpCap.pcap_open_live(source, snaplen, promisc, to_ms, errbuf);
if (pcap_t.ToInt32() == 0)
{
goto ILO_0025;
}
return 1;
ILO_0025:
return 0;
}
private dotnetWinpCap.PCAP_NEXT_EX_STATE ReadNextInternal(out PacketHeader p, out System.Byte[] packet_data, out int pkthdr, out int pktdata)
{
int i | | | | | |
