12,064,633 members (23,033 online)
Winpcap has been the de facto library in packet capture applications, but the problem is that it is only natively available for C++ and C.
This is an attempt to port some of the crucial Winpcap functions for the .NET environment. The demonstration project here is written in C#.
First of all, you need to install Winpcap from winpcap's Web site and then extract the project zip file. Be sure to reference dotnetwinpcap.dll in the project if not already so.
static ArrayList FindAllDevs()
Device objects, each describing an Ethernet interface on the system.
bool Open(string source, int snaplen, int flags, int read_timeout)
Opens an Ethernet interface with
source as the name of the interface obtained from a
snaplen is the max number of bytes to be captured from each packet,
flags=1 means promiscuous mode,
read_timeout is the blocking time of
ReadNext before it returns.
PCAP_NEXT_EX_STATE ReadNext( out PacketHeader p, out byte packet_data)
Reads a next packet and return the packet details (size and timestamp) to object
p, and packet raw data in
packet_data (array of bytes).
Stops dumping of capture data to a file.
bool StartDump(string filename)
Starts dumping of capture data to a file.
bool SetMinToCopy(int size)
Sets the minimum number of bytes required to be received by the driver before
OnReceivePacket fires. Lowering this can increase response time, but increases system calls which lowers program efficiency.
bool SetKernelBuffer(int bytes)
Sets the number of bytes in the driver kernel buffer for packet capture. Increase this to avoid packet loss and improve performance. Default is 1 MB.
Starts listening for packets.
Stops listening for packets.
Stops all operations and releases all resources.
bool SendPacket(byte rawdata)
Sends bytes contained in
rawdata over the wire. The ethernet checksum will be automatically added prior to sending the packet. Returns
true if send is successful,
true if the
dotnetWinpcap object is listening,
Returns the last error encountered by the library, if any.
delegate void ReceivePacket (object sender, PacketHeader p, byte s); event ReceivePacket OnReceivePacket;
StartListen() is called,
OnReceivePacket will start to fire on every packet encountered, until
StopListen() is called, or
Close() is called.
Delegate objects of the above signature may be attached to the
OnReceivePacket event to receive notification and perform further processing, as demonstrated in the demo source code.