我的类启动新进程(Tshark)并开始捕获,从主窗体我检查类属性以更新我的 UI,我唯一指示接收到多少数据包是我的进程输出:
Frame 13: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
Arrival Time: Oct 8, 2012 01:16:42.143822000 Jerusalem Standard Time
Epoch Time: 1349651802.143822000 seconds
[Time delta from previous captured frame: 0.002140000 seconds]
[Time delta from previous displayed frame: 0.002140000 seconds]
[Time since reference or first frame: 0.038739000 seconds]
Frame Number: 13
Frame Length: 62 bytes (496 bits)
Capture Length: 62 bytes (496 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:udp:data]
Ethernet II, Src: CameoCom_fd:ae:5c (00:18:e7:fd:ae:5c), Dst: AsustekC_82:c2:2b (48:5b:39:82:c2:2b)
Destination: AsustekC_82:c2:2b (48:5b:39:82:c2:2b)
Address: AsustekC_82:c2:2b (48:5b:39:82:c2:2b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: CameoCom_fd:ae:5c (00:18:e7:fd:ae:5c)
Address: CameoCom_fd:ae:5c (00:18:e7:fd:ae:5c)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 84.229.2.201 (84.229.2.201), Dst: 192.168.0.100 (192.168.0.100)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 48
Identification: 0x64e7 (25831)
Flags: 0x00
0... .... = Reserved bit: Not set
.0.. .... = Don't fragment: Not set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 120
Protocol: UDP (17)
Header checksum: 0xc51b [correct]
[Good: True]
[Bad: False]
Source: 84.229.2.201 (84.229.2.201)
Destination: 192.168.0.100 (192.168.0.100)
User Datagram Protocol, Src Port: 26120 (26120), Dst Port: 62587 (62587)
Source port: 26120 (26120)
Destination port: 62587 (62587)
Length: 28
Checksum: 0xcfeb [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Data (20 bytes)
Data: 2100b45be8e8038b9e370ec70000f0005da90013
[Length: 20]
0000 48 5b 39 82 c2 2b 00 18 e7 fd ae 5c 08 00 45 00 H[9..+.....\..E.
0010 00 30 64 e7 00 00 78 11 c5 1b 54 e5 02 c9 c0 a8 .0d...x...T.....
0020 00 64 66 08 f4 7b 00 1c cf eb 21 00 b4 5b e8 e8 .df..{....!..[..
0030 03 8b 9e 37 0e c7 00 00 f0 00 5d a9 00 13 ...7......]...
在此示例中,“第 13 帧”表示这是第 13 号数据包,收到的每个数据包都类似于此示例。
这是我课程中如何启动 Tshark 进程并开始捕获的相关部分:
Process tshark = new Process();
tshark.StartInfo.FileName = _tshark;
tshark.StartInfo.Arguments = string.Format(" -i " + _interfaceNumber + " -V -x -s " + _packetLimitSize + " -w " + _pcapPath);
tshark.StartInfo.RedirectStandardOutput = true;
tshark.StartInfo.UseShellExecute = false;
tshark.StartInfo.CreateNoWindow = true;
tshark.StartInfo.WindowStyle = ProcessWindowStyle.Hidden;
tshark.Start();
while (!myStreamReader.EndOfStream)
{
_packet = myStreamReader.ReadLine();
if (_packet.StartsWith(" Frame Number:"))
{
string[] arr = _packet.Split(default(char[]), StringSplitOptions.RemoveEmptyEntries);
_receivesPackets = int.Parse(arr[2]);
_packetsCount++;
}
if ((DateTime.Now - lastUpdate).TotalMilliseconds > 1000)
{
lastUpdate = DateTime.Now;
OnPacketProgress(_packetsCount++);
}
}
tshark.WaitForExit();
StreamReader while 循环中的代码if (_packet.StartsWith(" Frame Number:"))从数据包中解析数据包编号,放入相关属性 (_packetsCount) 并从主表单中每 1 秒检查一次该属性,并且更新我的 UI,我的问题是在速度非常快的情况下,UI 没有更新所有数据包,例如在 2 分钟捕获 UI 显示 ~50,000 并且创建的文件超过 1,000,000 之后。有没有更有效的方法来解析/接收这些数据并变得更准确?