0

我尝试使用 SharpPcap 库捕获数据包。我能够返回数据包的详细信息,但我无法获取数据包内的消息内容。

使用 .Data 的数据包返回消息,当我使用它时它正在返回(System.Byte [])。

这是图书馆网站: http: //www.codeproject.com/KB/IP/sharppcap.aspx

这是我的代码:

string packetData;
        private void packetCapturingThreadMethod()
            {

            Packet packet = null;
           int countOfPacketCaptures = 0;

            while ((packet = device.GetNextPacket()) != null)
                {

                packet = device.GetNextPacket();
                if (packet is TCPPacket)
                    {
                    TCPPacket tcp = (TCPPacket)packet;
                    myPacket tempPacket = new myPacket();

                    tempPacket.packetType = "TCP";
                    tempPacket.sourceAddress = Convert.ToString(tcp.SourceAddress);
                    tempPacket.destinationAddress = Convert.ToString(tcp.DestinationAddress);
                    tempPacket.sourcePort = Convert.ToString(tcp.SourcePort);
                    tempPacket.destinationPort = Convert.ToString(tcp.DestinationPort);
                    tempPacket.packetMessage = Convert.ToString(tcp.Data);
                    packetsList.Add(tempPacket);

                     packetData = 
                        "Type= TCP" +
                        "   Source Address = "+  Convert.ToString(tcp.SourceAddress)+
                       "   Destination Address =" +Convert.ToString(tcp.DestinationAddress)+
                       "   SourcePort =" +    Convert.ToString(tcp.SourcePort)+
                       "   SourcePort =" +Convert.ToString(tcp.DestinationPort)+
                       "   Messeage =" + Convert.ToString(tcp.Data);
                    txtpackets.Invoke(new UpdatetxtpacketsCallback(this.Updatetxtpackets),
            new object[] { packetData });


                    string[] row = { packetsList[countOfPacketCaptures].packetType, packetsList[countOfPacketCaptures].sourceAddress, packetsList[countOfPacketCaptures].destinationAddress, packetsList[countOfPacketCaptures].sourcePort, packetsList[countOfPacketCaptures].destinationPort, packetsList[countOfPacketCaptures].packetMessage };
                    try { //dgwPacketInfo.Rows.Add(row); countOfPacketCaptures++;
                    //lblCapturesLabels.Text = Convert.ToString(countOfPacketCaptures);
                    }
                    catch (Exception e) { }

                    }
                else if (packet is UDPPacket)
                    {

                    UDPPacket udp = (UDPPacket)packet;


                    myPacket tempPacket = new myPacket();

                    tempPacket.packetType = "UDP";
                    tempPacket.sourceAddress = Convert.ToString(udp.SourceAddress);
                    tempPacket.destinationAddress = Convert.ToString(udp.DestinationAddress);
                    tempPacket.sourcePort = Convert.ToString(udp.SourcePort);
                    tempPacket.destinationPort = Convert.ToString(udp.DestinationPort);
                    tempPacket.packetMessage = udp.Data.ToArray() + "\n";
                    packetsList.Add(tempPacket);

                    packetData = 
                        "Type= UDP" +
                        "   Source Address = "+  Convert.ToString(udp.SourceAddress)+
                       "   Destination Address =" +Convert.ToString(udp.DestinationAddress)+
                       "   SourcePort =" +    Convert.ToString(udp.SourcePort)+
                       "   SourcePort =" +Convert.ToString(udp.DestinationPort)+
                       "   Messeage =" + udp.Data.ToArray() + "\n";
                    string[] row = { packetsList[countOfPacketCaptures].packetType, packetsList[countOfPacketCaptures].sourceAddress, packetsList[countOfPacketCaptures].destinationAddress, packetsList[countOfPacketCaptures].sourcePort, packetsList[countOfPacketCaptures].destinationPort, packetsList[countOfPacketCaptures].packetMessage };
                    try {
                        //dgwPacketInfo.Rows.Add(row);
                    //countOfPacketCaptures++;
                    //lblCapturesLabels.Text = Convert.ToString(countOfPacketCaptures);
                        txtpackets.Invoke(new UpdatetxtpacketsCallback(this.Updatetxtpackets),
               new object[] { packetData });

                    }
                    catch (Exception e) { }


                    }


                }
            }
4

2 回答 2

2

我找到了答案...

数据是一个字节数组,所以我需要使用位转换器而不是使用:

Convert.ToString(tcp.Data);

我应该使用:

BitConverter.ToString(tcp.Data)
于 2010-03-24T01:31:20.870 回答
0

解析器并不复杂......

我查看了 Packet.Net 代码(它是 SharpPcap 的解析),所有字段都以常用格式存储。

IP 地址以 System.Net.IPAddress 格式存储,因此您只需在它们上调用 .ToString 即可获取正确包含点标记的文本字符串。

端口号存储为 ushort ,可以与任何其他整数一样打印。

唯一需要以二进制形式解释的部分是数据字段,因为它会根据下一层使用的协议而变化。SharpPcap/Packet.Net 已经为您完成了大部分工作,并且字段以与协议规范中的最方便或相同的形式存储。只需使用智能感知来检查字段的类型,如果它不是您熟悉的类型(例如 System.Net.IPAddress 或 System.NetworkInformation.PhysicalAddress(对于 MAC 地址)),只需用谷歌搜索即可。

于 2010-11-10T07:29:16.247 回答