[关闭]
@xunuo 2017-08-10T14:50:14.000000Z 字数 3648 阅读 1258

C#分析dns

网络数据包分析

sharppcap

  1. using System;
  2. using System.Collections.Generic;
  3. using System.Linq;
  4. using System.Text;
  5. using System.Threading.Tasks;
  6. using SharpPcap;
  7. using SharpPcap.LibPcap;
  8. using PacketDotNet;
  9. using TwzyProtocol;
  10. namespace practice1
  11. {
  12. class Program
  13. {
  14. static void Main(string[] args)
  15. {
  16. //获取网络设备
  17. var device = CaptureDeviceList.Instance;
  18. if (device.Count < 1)
  19. {
  20. Console.WriteLine("暂无可用网络设备!\n");
  21. return;
  22. }
  23. int i = 0;
  24. foreach (ICaptureDevice cap in device)
  25. {
  26. Console.WriteLine("{0},{1},{2}", i, cap.Name, cap.Description);//打印所有可用网络设备;
  27. i++;
  28. }
  29. //选择为要用的设备:
  30. Console.WriteLine("请选择要使用的网络设备:");
  31. int j = int.Parse(Console.ReadLine());
  32. if(j>i||j<0)
  33. {
  34. Console.WriteLine("该设备不存在!\n");
  35. return;
  36. }
  37. ICaptureDevice dev = device[j];
  38. //string filter = "ip and tcp";
  39. dev.OnPacketArrival += new PacketArrivalEventHandler(dev_OnPacketArrival);
  40. dev.Open(DeviceMode.Normal, 1000);
  41. dev.Filter = "port 53";
  42. dev.StartCapture();
  43. }
  44. static void dev_OnPacketArrival(object sender,CaptureEventArgs e)
  45. {
  46. if(e.Packet.LinkLayerType==LinkLayers.Ethernet)
  47. {
  48. var packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
  49. Ethernet(packet);
  50. }
  51. }
  52. static private void Ethernet(Packet packet)
  53. {
  54. var Ethernetpacket = PacketDotNet.EthernetPacket.GetEncapsulated(packet);
  55. Console.WriteLine("以太网头部长度:" + Ethernetpacket.Header.Length);//以太网首部字节长度;
  56. Console.WriteLine("目的端口:" + Ethernetpacket.DestinationHwAddress.ToString());//目的端口;
  57. Console.WriteLine("源端口:" + Ethernetpacket.SourceHwAddress.ToString());//源端口;
  58. Console.WriteLine("上层协议类型:" + Ethernetpacket.Type.ToString());//协议类型;
  59. if(Ethernetpacket.Type==EthernetPacketType.IpV4||Ethernetpacket.Type==EthernetPacketType.IpV6)
  60. {
  61. IpPacket ip = IpPacket.GetEncapsulated(packet);
  62. Ip(ip,packet);
  63. }
  64. }
  65. static private void Ip(IpPacket ip,Packet packet)
  66. {
  67. Console.WriteLine("--------ip协议-----------");
  68. Console.WriteLine("ip版本号:" + ip.Version);
  69. Console.WriteLine("ip首部长度:" + ip.Header.Length);
  70. Console.WriteLine("总长度:" + ip.TotalLength);
  71. Console.WriteLine("生存时间:" + ip.TimeToLive);
  72. if(ip.Version==IpVersion.IPv4)
  73. {
  74. IPv4Packet ipv4 = ip as IPv4Packet;
  75. Console.WriteLine("偏移:"+ipv4.FragmentOffset.ToString());
  76. }
  77. Console.WriteLine("源ip地址:" + ip.SourceAddress);
  78. Console.WriteLine("目的ip地址:" + ip.DestinationAddress);
  79. Console.WriteLine("上层协议类型:" + ip.Protocol);
  80. if(ip.Protocol==IPProtocolType.UDP)
  81. {
  82. UdpPacket udp = UdpPacket.GetEncapsulated(packet);
  83. Udp(udp,packet);
  84. }
  85. }
  86. static private void Udp(UdpPacket udp,Packet packet)
  87. {
  88. Console.WriteLine("----------UDP-----------");
  89. Console.WriteLine("源端口:" + udp.SourcePort);
  90. Console.WriteLine("目的端口:" + udp.DestinationPort);
  91. if(udp.SourcePort==53|| udp.DestinationPort==53)
  92. {
  93. DnsPacket dns = new DnsPacket(udp.PayloadData);
  94. Dns(dns);
  95. }
  96. }
  97. static private void Dns(DnsPacket dns)
  98. {
  99. if (dns == null)
  100. return;
  101. Console.WriteLine("Transaction Id:0x" + dns.ID.ToString("x4"));
  102. Console.WriteLine("flags:0x" + dns.Flags.ToString("x4"));
  103. if (dns.QR == 0)
  104. Console.WriteLine("这是一个请求报文!\n");
  105. else
  106. Console.WriteLine("这是一个应答报文!\n");
  107. Console.WriteLine("Questions:" + dns.QusetionCounts);
  108. Console.WriteLine("Anser RRs:" + dns.AnswerCounts);
  109. Console.WriteLine("Authority RRs:" + dns.AuthorityCounts);
  110. Console.WriteLine("Additional RRs:" + dns.AdditionalCounts);
  111. Console.WriteLine("-------Questions---------");
  112. if(dns.Query!=null)
  113. {
  114. Console.WriteLine("Name:" + dns.Query.name);
  115. Console.WriteLine(" [Name length]:" + dns.Query.name.Length);
  116. Console.WriteLine("Type:" + dns.Query.DnsType);
  117. Console.WriteLine("Class:" + dns.Query.DnsClass);
  118. }
  119. List<TwzyProtocol.DNS.DnsResponse> relist = null;
  120. Console.WriteLine("---------Answer RRs--------");
  121. if(dns.QR==1&&dns.Query!=null)
  122. {
  123. relist = dns.ResponseList;
  124. foreach (var i in relist)
  125. {
  126. Console.WriteLine("-----------------");
  127. Console.WriteLine("Name:" + i.name);
  128. Console.WriteLine("Type:" + i.dnsType);
  129. Console.WriteLine("Class:" + i.dnsClass);
  130. Console.WriteLine("TTL:" + i.TTL);
  131. Console.WriteLine("Data Length:" + i.payLength);
  132. Console.WriteLine("Adress:" + i.rescData);
  133. }
  134. }
  135. }
  136. }
  137. }
添加新批注
在作者公开此批注前,只有你和作者可见。
回复批注