C# 利用SharpPcap實現網路包捕獲嗅探

本文是利用SharpPcap實現網路包的捕獲的小例子，實現了埠監控，數據包捕獲等功能，主要用於學習分享。

什麼是SharpPcap？

SharpPcap 是一個.NET 環境下的網路包捕獲框架，基於著名的 pcap/WinPcap 庫開發。提供了捕獲、註入、分析和構建的功能，適用於 C# 和 VB NET 開發語言。

SharpPcap有兩部分組成：1> SharpPcap.dll 負責數據的捕獲  2> PacketDotNet.dll負責數據包的解析

思路：

1. 通過進程名字獲取對應的埠號。
2. SharpPcap獲取對應的數據包，通過解析數據包過濾相關的埠。

涉及知識點：

• Process 獲取相關進程信息。
• netstat命令：netstat -ano|find "3844" 獲取進程對應的埠
• SharpPcap相關信息：
  • 通過CaptureDeviceList的靜態方法獲取設備列表。
  • 通過OnPacketArrival事件接收數據包。
  • 通過PacketDotNet來解析數據包

效果圖下：

SharpPcap核心代碼：

  1         /// <summary>
  2         /// 開始捕捉
  3         /// </summary>
  4         /// <param name="sender"></param>
  5         /// <param name="e"></param>
  6         private void btnStart_Click(object sender, EventArgs e)
  7         {
  8             if (this.combDevice.SelectedIndex > -1)
  9             {
 10                 StartCapture(this.combDevice.SelectedIndex);
 11                 this.btnStart.Enabled = false;
 12                 this.btnStop.Enabled = true;
 13             }
 14             else {
 15                 MessageBox.Show(this,"請選擇一個設備","提示",MessageBoxButtons.OK);
 16             }
 17         }
 18 
 19         /// <summary>
 20         /// 停止捕捉
 21         /// </summary>
 22         /// <param name="sender"></param>
 23         /// <param name="e"></param>
 24         private void btnStop_Click(object sender, EventArgs e)
 25         {
 26             Shutdown();
 27             this.btnStop.Enabled = false;
 28             this.btnStart.Enabled = true;
 29         }
 30 
 31         private void StartCapture(int itemIndex)
 32         {
 33             packetCount = 0;
 34             device = CaptureDeviceList.Instance[itemIndex];
 35             packetStrings = new Queue<PacketWrapper>();
 36             bs = new BindingSource();
 37             dgvData.DataSource = bs;
 38             LastStatisticsOutput = DateTime.Now;
 39 
 40             // start the background thread
 41             backgroundThreadStop = false;
 42             backgroundThread = new Thread(BackgroundThread);
 43             backgroundThread.Start();
 44 
 45             
 46             // setup background capture
 47             device.OnPacketArrival += new PacketArrivalEventHandler(device_OnPacketArrival);
 48             device.OnCaptureStopped +=  new CaptureStoppedEventHandler(device_OnCaptureStopped);
 49             device.Open();
 50 
 51             // tcpdump filter to capture only TCP/IP packets
 52             string filter = "ip and tcp";
 53             device.Filter = filter;
 54 
 55             // force an initial statistics update
 56             captureStatistics = device.Statistics;
 57             UpdateCaptureStatistics();
 58 
 59             // start the background capture
 60             device.StartCapture();
 61 
 62             btnStop.Enabled = true;
 63         }
 64 
 65         /// <summary>
 66         /// 設備接收事件
 67         /// </summary>
 68         /// <param name="sender"></param>
 69         /// <param name="e"></param>
 70         private void device_OnPacketArrival(object sender, CaptureEventArgs e)
 71         {
 72             // print out periodic statistics about this device
 73             var Now = DateTime.Now;
 74             var interval = Now - LastStatisticsOutput;
 75             if (interval > new TimeSpan(0, 0, 2))
 76             {
 77                 Console.WriteLine("device_OnPacketArrival: " + e.Device.Statistics);
 78                 captureStatistics = e.Device.Statistics;
 79                 statisticsUiNeedsUpdate = true;
 80                 LastStatisticsOutput = Now;
 81             }
 82             
 83             lock (QueueLock)
 84             {
 85                 PacketQueue.Add(e.Packet);
 86             }
 87         }
 88 
 89         /// <summary>
 90         /// 設備停止事件
 91         /// </summary>
 92         /// <param name="sender"></param>
 93         /// <param name="status"></param>
 94         private void device_OnCaptureStopped(object sender, CaptureStoppedEventStatus status)
 95         {
 96             if (status != CaptureStoppedEventStatus.CompletedWithoutError)
 97             {
 98                 MessageBox.Show("Error stopping capture", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
 99             }
100         }
101 
102         private void UpdateCaptureStatistics()
103         {
104             tlblStatistic.Text = string.Format("接收包: {0}, 丟棄包: {1}, 介面丟棄包: {2}", captureStatistics.ReceivedPackets,captureStatistics.DroppedPackets, captureStatistics.InterfaceDroppedPackets);
105         }

關於SharpPcap手冊

 https://www.codeproject.com/Articles/12458/SharpPcap-A-Packet-Capture-Framework-for-NET

源碼下載