0

我正在尝试读取从客户端发送到服务器的数据包。我在 C# 中使用SharpPcap。在这种情况下,我如何理解数据包是 TCP CLOSE 数据包:

    private static void device_OnPacketArrival(object sender, CaptureEventArgs e)
    {           
        var time = e.Packet.Timeval.Date;
        var len = e.Packet.Data.Length;

        var packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);

        var tcpPacket = PacketDotNet.TcpPacket.GetEncapsulated(packet);
        if(tcpPacket != null)
        {
            var ipPacket = (PacketDotNet.IpPacket)tcpPacket.ParentPacket;
            System.Net.IPAddress srcIp = ipPacket.SourceAddress;
            System.Net.IPAddress dstIp = ipPacket.DestinationAddress;
            int srcPort = tcpPacket.SourcePort;
            int dstPort = tcpPacket.DestinationPort;

            Console.WriteLine("{0}:{1}:{2},{3} Len={4} {5}:{6} -> {7}:{8}", 
                time.Hour, time.Minute, time.Second, time.Millisecond, len,
                srcIp, srcPort, dstIp, dstPort);
        }
    }
4

1 回答 1

0

TCP 关闭在 TCP 协议中由 FIN 表示。将有 4 次握手来关闭 TCP 连接的两端。两端将各自发送一个 FIN,并由对等方确认。您应该能够通过捕获 fromework 看到这一点。

也许你可以在这里找到一些关于如何通过 api 实现它的提示:http: //www.codeproject.com/Articles/12458/SharpPcap-A-Packet-Capture-Framework-for-NET

于 2015-06-20T07:30:41.347 回答