110,533
社区成员
发帖
与我相关
我的任务
分享c# pcap 抓包问题
网上广为流传的c# pcap包中,读取pcap仅仅是用一个叫做device.PcapStartCapture()的函数来完成的,这个函数是用在命令行下面的,可以输入一个整数,之后会用writeline打出指定数量的包。也可以通过问题是,我希望保存这些数据岛datatable中,这个应该怎么做?因为都在device.PcapStartCapture()中完成,我想改也改不了。
device.PcapDumpOpen()只能把capture的记录保存到pcap文件里面,我希望能在datagridview里显示出来,请问应该怎么做?
这里是一段代码:
public static void Main(string[] args)
{
string ver = Tamir.IPLib.Version.GetVersionString();
/* Print SharpPcap version */
Console.WriteLine("SharpPcap {0}, Example3.BasicCap.cs", ver);
/* Retrieve the device list */
PcapDeviceList devices = SharpPcap.GetAllDevices();
/*If no device exists, print error */
if(devices.Count<1)
{
Console.WriteLine("No device found on this machine");
return;
}
Console.WriteLine();
Console.WriteLine("The following devices are available on this machine:");
Console.WriteLine("----------------------------------------------------");
Console.WriteLine();
int i=0;
/* Scan the list printing every entry */
foreach(PcapDevice dev in devices)
{
/* Description */
Console.WriteLine("{0}) {1}",i,dev.PcapDescription);
i++;
}
Console.WriteLine();
Console.Write("-- Please choose a device to capture: ");
i = int.Parse( Console.ReadLine() );
PcapDevice device = devices[i];
//Register our handler function to the 'packet arrival' event
device.PcapOnPacketArrival +=
new SharpPcap.PacketArrivalEvent( device_PcapOnPacketArrival );
//Open the device for capturing
//true -- means promiscuous mode
//1000 -- means a read wait of 1000ms
device.PcapOpen(true, 1000);
Console.WriteLine();
Console.WriteLine("-- Listenning on {0}, hit 'Enter' to stop...",
device.PcapDescription);
//Start the capturing process
device.PcapStartCapture();
//Wait for 'Enter' from the user. 问题就在这里,我想要保存结果到datatable中,怎么保存啊?
Console.ReadLine();
//Stop the capturing process
device.PcapStopCapture();
Console.WriteLine("-- Capture stopped.");
//Close the pcap device
device.PcapClose();
}
/// <summary>
/// Prints the time and length of each received packet
/// </summary>
private static void device_PcapOnPacketArrival(object sender, Packet packet)
{
DateTime time = packet.PcapHeader.Date;
int len = packet.PcapHeader.PacketLength;
Console.WriteLine("{0}:{1}:{2},{3} Len={4}",
time.Hour, time.Minute, time.Second, time.Millisecond, len);
}
device.PcapDumpOpen()只能把capture的记录保存到pcap文件里面,我希望能在datagridview里显示出来,请问应该怎么做?
这里是一段代码:
public static void Main(string[] args)
{
string ver = Tamir.IPLib.Version.GetVersionString();
/* Print SharpPcap version */
Console.WriteLine("SharpPcap {0}, Example3.BasicCap.cs", ver);
/* Retrieve the device list */
PcapDeviceList devices = SharpPcap.GetAllDevices();
/*If no device exists, print error */
if(devices.Count<1)
{
Console.WriteLine("No device found on this machine");
return;
}
Console.WriteLine();
Console.WriteLine("The following devices are available on this machine:");
Console.WriteLine("----------------------------------------------------");
Console.WriteLine();
int i=0;
/* Scan the list printing every entry */
foreach(PcapDevice dev in devices)
{
/* Description */
Console.WriteLine("{0}) {1}",i,dev.PcapDescription);
i++;
}
Console.WriteLine();
Console.Write("-- Please choose a device to capture: ");
i = int.Parse( Console.ReadLine() );
PcapDevice device = devices[i];
//Register our handler function to the 'packet arrival' event
device.PcapOnPacketArrival +=
new SharpPcap.PacketArrivalEvent( device_PcapOnPacketArrival );
//Open the device for capturing
//true -- means promiscuous mode
//1000 -- means a read wait of 1000ms
device.PcapOpen(true, 1000);
Console.WriteLine();
Console.WriteLine("-- Listenning on {0}, hit 'Enter' to stop...",
device.PcapDescription);
//Start the capturing process
device.PcapStartCapture();
//Wait for 'Enter' from the user. 问题就在这里,我想要保存结果到datatable中,怎么保存啊?
Console.ReadLine();
//Stop the capturing process
device.PcapStopCapture();
Console.WriteLine("-- Capture stopped.");
//Close the pcap device
device.PcapClose();
}
/// <summary>
/// Prints the time and length of each received packet
/// </summary>
private static void device_PcapOnPacketArrival(object sender, Packet packet)
{
DateTime time = packet.PcapHeader.Date;
int len = packet.PcapHeader.PacketLength;
Console.WriteLine("{0}:{1}:{2},{3} Len={4}",
time.Hour, time.Minute, time.Second, time.Millisecond, len);
}
...全文
请发表友善的回复…
发表回复
修改一下昵称 2009-06-18
- 打赏
- 举报
帮顶。
kangbo818 2009-06-18
- 打赏
- 举报
帮顶
yzb85 2009-06-18
- 打赏
- 举报
明白了,问题出在private static void device_PcapOnPacketArrival上面,这个函数实际上被device.PcapStartCapture()调用了,每次打印是由这个函数完成的,那么每次做成一行datarow再压入datatable就可以了。
下面的pcapdt是一个全局的datatable变量。这里我只要了源地址和目的地址,当然可以记下更多的东西。
private static void device_PcapOnPacketArrival(object sender,Tamir.IPLib.Packets.Packet packet)
{
if (packet is EthernetPacket)
{
EthernetPacket etherFrame = (EthernetPacket)packet;
DataRow newRow;
newRow = pcapdt.NewRow();
newRow["SRCADDR"] = etherFrame.SourceHwAddress;
newRow["DESTADDR"] = etherFrame.DestinationHwAddress;
pcapdt.Rows.Add(newRow);
}
}
下面的pcapdt是一个全局的datatable变量。这里我只要了源地址和目的地址,当然可以记下更多的东西。
private static void device_PcapOnPacketArrival(object sender,Tamir.IPLib.Packets.Packet packet)
{
if (packet is EthernetPacket)
{
EthernetPacket etherFrame = (EthernetPacket)packet;
DataRow newRow;
newRow = pcapdt.NewRow();
newRow["SRCADDR"] = etherFrame.SourceHwAddress;
newRow["DESTADDR"] = etherFrame.DestinationHwAddress;
pcapdt.Rows.Add(newRow);
}
}
yzb85 2009-06-17
- 打赏
- 举报
我的目的就是想做一个读取PCAP的函数,这个包的原理是用capture一个pcap文件来得到记录,但这个记录是直接打出来的,我想存成其他格式的表格,请问应该如何操作?
yzb85 2009-06-17
- 打赏
- 举报
可是按照这个函数,读出来以后也无法利用啊。只能在命令行下打出来,这个我也用不上啊?
wlm008008008 2009-06-17
- 打赏
- 举报
恩!同意楼上
cpio 2009-06-17
- 打赏
- 举报
如果不能改变的话,就去读它生成的文件
