网络流量监视 之四

    接着上一篇写， 上一篇写到收集到了IP包信息，利用这些信息，就可以基本监控一些基本流量信息了。

   

    如上图所示，可以基本监视到上行下行流量，TCP以及UDP流量。下方区域显示了对应通信IP的数据包累计总长度。

 

    需要注意的地方是，raw socket采集到的数据包，包含了很多不属于自己的UDP包，需要把这些包丢弃再进行流量统计。

    于是我写了个简单的实现统计流量信息的类，代码如下：

    /* * Created by SharpDevelop. * Coding by P-wang * Date: 2010/05/30 * Time: 15:30 * */ using System; using System.Collections.Generic; using System.Net; using System.Timers; namespace NetworkMonitor2 { delegate void AnalyzeProc(List<PackageIP> packages, int ticklen); public delegate void SpeedNotify(NetSpped speed); public delegate void IPNotify(IPNotifyItem stat); /// <summary> /// Description of AnalyzeMgr. /// </summary> public class AnalyzeMgr { private Timer m_scanner; private IPAddress m_localbindaddress; private List<PackageIP> m_datalist; private int m_lasttick; private AnalyzeProc m_analyze_processor; private SpeedNotify m_speednotify; private IPNotify m_ipnotify; public AnalyzeMgr(string bindip, SpeedNotify speednotify, IPNotify ipnotify) { m_scanner = new Timer(1000); m_scanner.Enabled = false; m_scanner.Elapsed += new ElapsedEventHandler(m_scanner_Elapsed); m_analyze_processor = DoAnalyze; m_speednotify = speednotify; m_ipnotify = ipnotify; m_datalist = new List<PackageIP>(); m_localbindaddress = IPAddress.Parse(bindip); } public void Start() { m_scanner.Start(); } public void Stop() { m_scanner.Stop(); } public void PushPackage(PackageIP package) { if(IPAddress.Equals(package.SourceAddress, m_localbindaddress) || IPAddress.Equals(package.DestinationAddress, m_localbindaddress) )//only process the package of local address { lock(m_datalist) { m_datalist.Add(package); } } } void m_scanner_Elapsed(object sender, ElapsedEventArgs e) { List<PackageIP> procdatalist = new List<PackageIP>(); lock(m_datalist) { procdatalist.AddRange(m_datalist.ToArray()); m_datalist.Clear(); } int tick = Environment.TickCount; if(m_lasttick == 0) { m_lasttick = tick; return; } int ticklen = tick - m_lasttick; m_lasttick = tick; if(procdatalist.Count > 0) {//异步调用 m_analyze_processor.BeginInvoke(procdatalist, ticklen, DoAsynAnalyze, m_analyze_processor); } } void DoAsynAnalyze(IAsyncResult ar) { AnalyzeProc invoker = (AnalyzeProc)ar.AsyncState; invoker.EndInvoke(ar); } void DoAnalyze(List<PackageIP> packages, int ticklen) { NetSpped speed = new NetSpped(); foreach(PackageIP p in packages) { if(IPAddress.Equals(p.SourceAddress, m_localbindaddress)) {//Send speed.nUpTotalLen += p.TotalLength; speed.nUppackageCnt += 1; switch(p.ProtocolType) { case Protocol.TCP: speed.nUpTCPTotalLen += p.TotalLength; speed.nUpTCPpackageCnt += 1; break; case Protocol.UDP: speed.nUpUDPTotalLen += p.TotalLength; speed.nUpUDPpackageCnt += 1; break; case Protocol.ICMP: speed.nUpICMPTotalLen += p.TotalLength; speed.nUpICMPpackageCnt += 1; break; case Protocol.IGMP: speed.nUpIGMPTotalLen += p.TotalLength; speed.nUpIGMPpackageCnt += 1; break; } IPNotifyItem stat = new IPNotifyItem(); stat.m_direct = PackageDirect.OUT; stat.m_remoteaddress = new IPAddress(p.DestinationAddress.Address); stat.m_len = p.TotalLength; stat.m_protocol = p.ProtocolType; if(m_ipnotify != null) m_ipnotify.Invoke(stat); } else {//Receive speed.nDownTotalLen += p.TotalLength; speed.nDownpackageCnt += 1; switch(p.ProtocolType) { case Protocol.TCP: speed.nDownTCPTotalLen += p.TotalLength; speed.nDownTCPpackageCnt += 1; break; case Protocol.UDP: speed.nDownUDPTotalLen += p.TotalLength; speed.nDownUDPpackageCnt += 1; break; case Protocol.ICMP: speed.nDownICMPTotalLen += p.TotalLength; speed.nDownICMPpackageCnt += 1; break; case Protocol.IGMP: speed.nDownIGMPTotalLen += p.TotalLength; speed.nDownIGMPpackageCnt += 1; break; } IPNotifyItem stat = new IPNotifyItem(); stat.m_direct = PackageDirect.IN; stat.m_remoteaddress = new IPAddress(p.SourceAddress.Address); stat.m_len = p.TotalLength; stat.m_protocol = p.ProtocolType; if(m_ipnotify != null) m_ipnotify.Invoke(stat); } } speed.CaculateSpeed(ticklen); if(m_speednotify != null) m_speednotify.Invoke(speed); } } public class NetSpped { public long nUpTotalLen; public long nDownTotalLen; public long nUpTCPTotalLen; public long nDownTCPTotalLen; public long nUpUDPTotalLen; public long nDownUDPTotalLen; public long nUpICMPTotalLen; public long nDownICMPTotalLen; public long nUpIGMPTotalLen; public long nDownIGMPTotalLen; public int nUppackageCnt; public int nDownpackageCnt; public int nUpTCPpackageCnt; public int nDownTCPpackageCnt; public int nUpUDPpackageCnt; public int nDownUDPpackageCnt; public int nUpICMPpackageCnt; public int nDownICMPpackageCnt; public int nUpIGMPpackageCnt; public int nDownIGMPpackageCnt; //Speed: Kbps public double nUpSpeed; public double nDownSpeed; public double nUpTCPSpeed; public double nDownTCPSpeed; public double nUpUDPSpeed; public double nDownUDPSpeed; public void CaculateSpeed(int ticklen) { nUpSpeed = (double)nUpTotalLen * 1000 / ticklen / 1024.0; nDownSpeed = (double)nDownTotalLen * 1000 / ticklen / 1024.0; nUpTCPSpeed = (double)nUpTCPTotalLen * 1000 / ticklen / 1024.0; nDownTCPSpeed = (double)nDownTCPTotalLen * 1000 / ticklen / 1024.0; nUpUDPSpeed = (double)nUpUDPTotalLen * 1000 / ticklen / 1024.0; nDownUDPSpeed = (double)nDownUDPTotalLen * 1000 / ticklen / 1024.0; } } public enum PackageDirect{IN, OUT}; public class IPNotifyItem { public PackageDirect m_direct; public IPAddress m_remoteaddress; public Protocol m_protocol; public long m_len; public string FLAG{ get{ return string.Format("{0}_{1}_(2)", m_direct, m_remoteaddress, m_protocol); } } } } 

 

    在NetProvider::OnReceiveData中，调用AnalyzeMgr::PushPackage把数据包加入分析队列，AnalyzeMgr中每过一秒进行一次流量分析，把数据显示到界面上。

 

    到此为止，基本实现了流量的监视，和通信IP的监视。但是还没有达到目标，我需要知道哪个进程在进行网络通讯，其使用的端口是啥，流量如何等等，这几天太忙，这些内容下次继续了。