本文主要讲述使用C#库进行抓包的示例代码,其本人在网上搜索了很久,找到了很多关于使用SharpPcap库的示例,但均会报错,通过VS种 '管理NuGet程序包'安装好了SharpPcap及其依赖,但会因为版本及其内部代码变更而导致程序报错。后面我会将完整代码上传以供参考学习(如下载我所编写代码,可以保证其库文件及依赖版本正确,visual studio版本为Microsoft Visual Studio Community 2022 (64 位) - Current版本 17.9.1)。
代码部分
1.此为初始化及开始抓包部分示例
private void MonitorBtn_Click(object sender, EventArgs e)
{
var devices = CaptureDeviceList.Instance; //初始化
//devices[0].
foreach (var dev in devices)
{
Console.WriteLine("{0}\n", dev.ToString()); // 选择网卡
}
device = LibPcapLiveDeviceList.Instance[1];
if (MonitorBtn.Text == "开始监听")
{
device.Open(DeviceModes.Promiscuous);
device.OnPacketArrival += Device_OnPacketArrival;
device.StartCapture();
MonitorAllBtn.Enabled = true;
MonitorBtn.Text = "关闭监听";
}
else if(MonitorBtn.Text == "关闭监听")
{
device.Close();
MonitorBtn.Text = "开始监听";
}
}
2.内容部分
public void Device_OnPacketArrival(object sender, PacketCapture e)
{
rawPacket = e.GetPacket();
//--------------------------------------------------------------------------
var packet = PacketDotNet.Packet.ParsePacket(rawPacket.LinkLayerType, rawPacket.Data);
var tcpPacket = packet.Extract<PacketDotNet.TcpPacket>();// 如果是TCP协议的数据包,则提取TcpPacket对象,否则为null
var udpPacket = packet.Extract<PacketDotNet.UdpPacket>(); // 如果是UDP协议的数据包,则提取UdpPacket对象,否则为null
//提取端口号
if (tcpPacket != null)
{
ipPacket = (IPPacket)tcpPacket.ParentPacket;
var sourcePort = tcpPacket.SourcePort; // 源端口号(TCP协议)
destinationPort = tcpPacket.DestinationPort; // 目标端口号(TCP协议)
// 提取校验和
var checksum = tcpPacket.Checksum;
//Console.WriteLine($"源端口: {sourcePort}, 目标端口: {destinationPort}");
//Console.WriteLine("校验和: " + checksum);
if (tcpPacket.PayloadData != null)
{
// 提取载荷
payload = Encoding.ASCII.GetString(tcpPacket.PayloadData);
}
else
{
payload = "无可用有效载荷";
}
}
else if (udpPacket != null)
{
ipPacket = (IPPacket)udpPacket.ParentPacket;
var sourcePort = udpPacket.SourcePort; // 源端口号(UDP协议)
destinationPort = udpPacket.DestinationPort; // 目标端口号(UDP协议)
// 提取校验和
var checksum = udpPacket.Checksum;
//Console.WriteLine($"源端口: {sourcePort}, 目标端口: {destinationPort}");
//Console.WriteLine("校验和: " + checksum);
}
if (ipPacket != null)
{
// 提取IP地址
var sourceIpAddress = ipPacket.SourceAddress;
var destinationIpAddress = ipPacket.DestinationAddress;
// 提取协议类型
var protocolType = ipPacket.Protocol;
// 提取TTL
var ttl = ipPacket.TimeToLive;
// 提取MAC地址
var ethernetPacket = packet.Extract<EthernetPacket>();
var sourceMacAddress = ethernetPacket.SourceHardwareAddress;
var destinationMacAddress = ethernetPacket.DestinationHardwareAddress;
// 提取时间戳
var timestamp = rawPacket.Timeval.Date;
// 提取传输数据
var data = rawPacket.Data;
}
//此为将抓取的数据包中的内容转换为ASCII码形式
string sum1111 = "";
if (tcpPacket != null && tcpPacket.PayloadData != null)
{
for (int i = 1; i <= tcpPacket.PayloadData.Length; i++)
{
if (tcpPacket.PayloadData[i - 1] >= 33 && tcpPacket.PayloadData[i - 1] <= 126)
{
sum1111 += Encoding.ASCII.GetString(new byte[1] { tcpPacket.PayloadData[i - 1] });
}
else
{
//sum1111 += tcpPacket.PayloadData[i - 1].ToString();
sum1111 += ".";
}
}
}
else if (udpPacket != null && udpPacket.PayloadData != null)
{
for (int i = 1; i <= udpPacket.PayloadData.Length; i++)
{
if ((udpPacket.PayloadData[i - 1] >= 33 && udpPacket.PayloadData[i - 1] <= 126))
{
sum1111 += Encoding.ASCII.GetString(new byte[1] { udpPacket.PayloadData[i - 1] });
}
else
{
//sum1111 += tcpPacket.PayloadData[i - 1].ToString();
sum1111 += ".";
}
}
if (FindSubstring(sum1111, "http") != null || FindSubstring(sum1111, "www") != null || FindSubstring(sum1111, "com") != null || FindSubstring(sum1111, "cn") != null)
{
if(DataListGridView.Rows.Count != 0)
{
if(DataListGridView.CurrentRow.Index != -1)
{
rowsSele = DataListGridView.CurrentRow.Index;
if (sourceIpAddress.ToString() == DataListGridView.Rows[DataListGridView.CurrentRow.Index].Cells[1].Value.ToString())
{
this.Invoke(new Action(() =>
{
textBox1.Text += "源IP地址: " + sourceIpAddress + "\r\n";
textBox1.Text += "目标IP地址: " + destinationIpAddress + "\r\n";
textBox1.Text += "目标MAC地址: " + destinationMacAddress + "\r\n";
textBox1.Text += "目标端口: " + destinationPort.ToString() + "\r\n";
textBox1.Text += "时间戳: " + timestamp + "\r\n";
textBox1.Text += "传输数据: " + sum1111 + "\r\n";
textBox1.Text += "----------------------------------------------------------" + "\r\n";
textBox1.Text += "\r\n";
textBox1.SelectionStart = textBox1.Text.Length;
textBox1.ScrollToCaret();
}));
}
}
}
}
}
此为我所编写源代码 后面可以下载我所上传资源直接查看程序会更加的清晰明了
资源下载链接:https://download.csdn.net/download/m0_54169323/88881319?spm=1001.2014.3001.5501