如何用C#下的Raw Socket编程实现网络封包监视

thtx5 2005-03-02 10:45:59
如何用C#下的Raw Socket编程实现网络封包监视,请给出能用的源码,先谢谢各位了!!!!
...全文
413 23 打赏 收藏 转发到动态 举报
写回复
用AI写文章
23 条回复
切换为时间正序
请发表友善的回复…
发表回复
thtx5 2005-03-04
  • 打赏
  • 举报
回复
真热闹!!!!看来要晚些结贴了
amendajing 2005-03-04
  • 打赏
  • 举报
回复
mark
yuqingjiang 2005-03-04
  • 打赏
  • 举报
回复
To thx5(thtx25):
邮件已发送
To CWYCN(小卫):
可以得到发出包,刚测试过了。

此段代码的功能:监听网络上通过主机的所有数据包,无论通信双方地址是否含主机。
颐和园 2005-03-04
  • 打赏
  • 举报
回复
根据数小时的测试,未发现yuqingjiang的程序可以嗅探到发往其他主机的包。但确实可以拦截到本地主机发送\接受的包,以及发往广播地址的包
zhioy 2005-03-04
  • 打赏
  • 举报
回复
gz
thtx5 2005-03-04
  • 打赏
  • 举报
回复
搞定了,谢谢大家了!!!!!!
CWYCN 2005-03-03
  • 打赏
  • 举报
回复
这好象只能得到主机所有接收到的包,而发送的就得不到了,请高手指点
thtx5 2005-03-03
  • 打赏
  • 举报
回复
不好意思我是新手, yuqingjiang能不能发个完整源码,谢谢。thtx50207@sina.com
isaacyh 2005-03-03
  • 打赏
  • 举报
回复
这个好像只能到IP包这一层。。。

只能得到这层的数据,再外面的就不是用C#写了,所以感觉C#做不到sniffer那样的效果的。。。

如果有高手知道,请告诉一声的说。。。
isaacyh 2005-03-03
  • 打赏
  • 举报
回复
呵呵,yuqingjiang() 手里肯定有源码的说。。。

thtx5 2005-03-03
  • 打赏
  • 举报
回复
呵呵好长,研究中!!!!
thtx5 2005-03-03
  • 打赏
  • 举报
回复
我就是在网上看的代码,确实没头没尾,不管他了。 可封包截取这活儿, c#这吹的没边的语言应该可以胜任吧,如果不能,我们还不如用c++编了,费时间学c#干吗,高层的delphi、c++builder同样可以做的很好。
yuqingjiang 2005-03-03
  • 打赏
  • 举报
回复
public void Receive(byte[] receivedBytes,int receivedLength)
{
PacketArrivedEventArgs e = new PacketArrivedEventArgs();

int IPVersion = Convert.ToInt16((receivedBytes[0]&0xF0)>>4);
e.IPVersion = IPVersion.ToString();

e.HeaderLength = Convert.ToUInt32((receivedBytes[0] & 0x0F) << 2);

if(receivedBytes.Length >= 20)
{
switch(Convert.ToInt16(receivedBytes[9]))
{
case 1:
e.Protocol = "ICMP";
break;
case 2:
e.Protocol = "IGMP";
break;
case 6:
e.Protocol = "TCP";
break;
case 17:
e.Protocol = "UDP";
break;
default:
e.Protocol = "Unknow";
break;
}

e.OriginationAddress = Convert.ToInt16(receivedBytes[12]).ToString()+"."+Convert.ToInt16(receivedBytes[13]).ToString()+"."+Convert.ToInt16(receivedBytes[14]).ToString()+"."+Convert.ToInt16(receivedBytes[15]).ToString();
e.DestinationAddress = Convert.ToInt16(receivedBytes[16]).ToString()+"."+Convert.ToInt16(receivedBytes[17]).ToString()+"."+Convert.ToInt16(receivedBytes[18]).ToString()+"."+Convert.ToInt16(receivedBytes[19]).ToString();

int Oport = ((receivedBytes[20]<<8)+receivedBytes[21]);
e.OriginationPort = Oport.ToString();

int Dport = ((receivedBytes[22]<<8)+receivedBytes[23]);
e.DestinationPort = Dport.ToString();

e.PacketLength = (uint)receivedLength;

e.MessageLength = e.PacketLength - e.HeaderLength;

e.ReceiveBuffer = new byte[e.PacketLength];
e.IPHeaderBuffer = new byte[e.HeaderLength];
e.MessageBuffer = new byte[e.MessageLength];

Array.Copy(receivedBytes,0,e.ReceiveBuffer,0,(int)e.PacketLength);

Array.Copy(receivedBytes,0,e.IPHeaderBuffer,0,e.HeaderLength);

Array.Copy(receivedBytes,e.HeaderLength,e.MessageBuffer,0,(int)e.MessageLength);
}

OnPacketArrival(e);

}

public void BeginReceive()
{

if(socket != null)
{
object state = null;
state = socket;
socket.BeginReceive(receive_buf_bytes,0,receive_buf_bytes.Length,SocketFlags.None,new AsyncCallback(CallReceive),state);
}
}

private void CallReceive(IAsyncResult ar)//异步回调
{
int received_bytes = 0;
Socket m_socket = (Socket)ar.AsyncState;
if(m_socket != null)
{
if(isStop == false)
{
received_bytes = socket.EndReceive(ar);

Receive(receive_buf_bytes, received_bytes);
}
if(isStop == false)
{
BeginReceive();
}
}
}


private void MyTryRaw_PacketArrival(Object sender, PacketArrivedEventArgs e)
{

Console.WriteLine("Start Show-------------");
Console.WriteLine("HeaderLength: "+e.HeaderLength);
Console.WriteLine("IPHeader: ");
for(int i = 0; i<e.IPHeaderBuffer.Length; i++)
{
int j = i%16;
if(i>=16 && j == 0)
{
Console.WriteLine("\r\n");
}

if(e.IPHeaderBuffer[i].ToString("X").Length != 1)
{
Console.Write("{0} ",e.IPHeaderBuffer[i].ToString("X"));
}
else
{
Console.Write("0{0} ",e.IPHeaderBuffer[i].ToString("X"));
}

}
Console.WriteLine("\r\n");

Console.WriteLine("IPVersion: "+e.IPVersion);
Console.WriteLine("OriginAddress: "+e.OriginationAddress);
Console.WriteLine("OriginPort: "+e.OriginationPort);
Console.WriteLine("DestAddress: "+e.DestinationAddress);
Console.WriteLine("DestPort: "+e.DestinationPort);
Console.WriteLine("Protocol: "+e.Protocol);

Console.WriteLine("PacketLength: "+e.PacketLength);
Console.WriteLine("Packet: ");
for(int i = 0; i<e.ReceiveBuffer.Length; i++)
{
int j = i%16;
if(i>=16 && j == 0)
{
Console.WriteLine("\r\n");
}

if(e.ReceiveBuffer[i].ToString("X").Length != 1)
{
Console.Write("{0} ",e.ReceiveBuffer[i].ToString("X"));
}
else
{
Console.Write("0{0} ",e.ReceiveBuffer[i].ToString("X"));
}

}
Console.WriteLine("\r\n");

Console.WriteLine("MessageLength: "+e.MessageLength);
Console.WriteLine("Message: ");
for(int i = 0; i<e.MessageBuffer.Length; i++)
{
int j = i%16;
if(i>=16 && j == 0)
{
Console.WriteLine("\r\n");
}
if(e.MessageBuffer[i].ToString("X").Length != 1)
{
Console.Write("{0} ",e.MessageBuffer[i].ToString("X"));
}
else
{
Console.Write("0{0} ",e.MessageBuffer[i].ToString("X"));
}

}
Console.WriteLine("\r\n");
Console.WriteLine("----------------End Show!");
Console.WriteLine("----------------");
Console.WriteLine("\r\n");
Console.WriteLine("\r\n");
}
#endregion
}
}
yuqingjiang 2005-03-03
  • 打赏
  • 举报
回复
C#底层技术不弱。
操作系统级的socket嵌套字最底层只能拦截到IP包,要拦截含数据链路层的包,需要网卡的绑定与控制.sniffer和防火墙等软件的原理就是这样。
以下是侦听代码:`
using System;
using System.Net;
using System.Net.Sockets;
using System.Text;

namespace WindowsApplication1
{

public class PacketArrivedEventArgs:System.EventArgs
{
public PacketArrivedEventArgs()
{
}
public uint HeaderLength = 0;
public string Protocol = String.Empty;
public string IPVersion = String.Empty;
public string OriginationAddress = String.Empty;
public string OriginationPort = String.Empty;
public string DestinationAddress = String.Empty;
public string DestinationPort = String.Empty;
public uint PacketLength = 0;
public uint MessageLength = 0;
public byte[] ReceiveBuffer = null;
public byte[] IPHeaderBuffer = null;
public byte[] MessageBuffer = null;

}

/// <summary>
/// MyTryRaw 的摘要说明。
/// </summary>
public class MyTryRaw
{
#region Attributes

private static int len_receive_buf; //得到的数据流的长度
private byte [] receive_buf_bytes = null; //收到的字节
private Socket socket = null; //声明套接字
private const int SIO_RCVALL = unchecked((int)0x98000001);//监听所有的数据包
public static bool isStop = false;

public Socket m_socket
{
get
{
return socket;
}
}

#endregion

#region Events
public delegate void PacketArrivedEventHandler(Object sender, PacketArrivedEventArgs args);

public event PacketArrivedEventHandler PacketArrival;
#endregion

#region OnEvents
protected virtual void OnPacketArrival(PacketArrivedEventArgs e)
{
if(PacketArrival != null)
{
PacketArrival(this,e);
}

}

#endregion

#region Constructor
public MyTryRaw()
{
//
// TODO: 在此处添加构造函数逻辑
//
len_receive_buf = 4096;
receive_buf_bytes = new byte[len_receive_buf];
PacketArrival += new PacketArrivedEventHandler(MyTryRaw_PacketArrival);

}
#endregion

#region Functions

public void BindSocket()
{
IPAddress ipAddress = IPAddress.Parse("192.168.1.157");
this.socket = new Socket(AddressFamily.InterNetwork,SocketType.Raw,ProtocolType.IP);
Console.WriteLine("Start bind!");
try
{
socket.Blocking = false;
socket.Bind(new IPEndPoint(ipAddress,3721));
}
catch(Exception E)
{
throw(E);
}


Console.WriteLine("Bind success!");
}

public void SetOption()
{
Console.WriteLine("Start SetOption!");
try
{
socket.SetSocketOption(SocketOptionLevel.IP,SocketOptionName.HeaderIncluded,1);
byte []IN = new byte[4]{1, 0, 0, 0};
byte []OUT = new byte[4];
int ret_code = -1;
ret_code = socket.IOControl(SIO_RCVALL, IN, OUT);
ret_code = OUT[0] + OUT[1] + OUT[2] + OUT[3];
}
catch(Exception E)
{
throw(E);
}
Console.WriteLine("SetOption success!");
}

public void ShutDown()
{
Console.WriteLine("Start ShutDown");
if(socket != null)
{
socket.Shutdown(SocketShutdown.Both);
socket.Close();
}
socket = null;
Console.WriteLine("ShutDown Success");
}

thtx5 2005-03-03
  • 打赏
  • 举报
回复
delphi可以作到 可是没法升级到net下面,delphi2005我没法把delphi6的工程编译成net下的程序,谁成功了,发份代码吧谢谢
chsfly 2005-03-02
  • 打赏
  • 举报
回复
一起研究一下.
chsfly 2005-03-02
  • 打赏
  • 举报
回复
正在找这个东西,能发给我看看吗.MSN :chsfly@hotmail.com
21xxb 2005-03-02
  • 打赏
  • 举报
回复
帮自己up一下。
thtx5 2005-03-02
  • 打赏
  • 举报
回复
网上有代码但不能编译 ,自己先顶!!
web_gus 2005-03-02
  • 打赏
  • 举报
回复
up
加载更多回复(3)

110,502

社区成员

发帖
与我相关
我的任务
社区描述
.NET技术 C#
社区管理员
  • C#
  • Web++
  • by_封爱
加入社区
  • 近7日
  • 近30日
  • 至今
社区公告

让您成为最强悍的C#开发者

试试用AI创作助手写篇文章吧