@xunuo
2017-08-10T14:50:14.000000Z
字数 3648
阅读 1258
网络数据包分析
sharppcap
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using SharpPcap;
using SharpPcap.LibPcap;
using PacketDotNet;
using TwzyProtocol;
namespace practice1
{
class Program
{
static void Main(string[] args)
{
//获取网络设备
var device = CaptureDeviceList.Instance;
if (device.Count < 1)
{
Console.WriteLine("暂无可用网络设备!\n");
return;
}
int i = 0;
foreach (ICaptureDevice cap in device)
{
Console.WriteLine("{0},{1},{2}", i, cap.Name, cap.Description);//打印所有可用网络设备;
i++;
}
//选择为要用的设备:
Console.WriteLine("请选择要使用的网络设备:");
int j = int.Parse(Console.ReadLine());
if(j>i||j<0)
{
Console.WriteLine("该设备不存在!\n");
return;
}
ICaptureDevice dev = device[j];
//string filter = "ip and tcp";
dev.OnPacketArrival += new PacketArrivalEventHandler(dev_OnPacketArrival);
dev.Open(DeviceMode.Normal, 1000);
dev.Filter = "port 53";
dev.StartCapture();
}
static void dev_OnPacketArrival(object sender,CaptureEventArgs e)
{
if(e.Packet.LinkLayerType==LinkLayers.Ethernet)
{
var packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
Ethernet(packet);
}
}
static private void Ethernet(Packet packet)
{
var Ethernetpacket = PacketDotNet.EthernetPacket.GetEncapsulated(packet);
Console.WriteLine("以太网头部长度:" + Ethernetpacket.Header.Length);//以太网首部字节长度;
Console.WriteLine("目的端口:" + Ethernetpacket.DestinationHwAddress.ToString());//目的端口;
Console.WriteLine("源端口:" + Ethernetpacket.SourceHwAddress.ToString());//源端口;
Console.WriteLine("上层协议类型:" + Ethernetpacket.Type.ToString());//协议类型;
if(Ethernetpacket.Type==EthernetPacketType.IpV4||Ethernetpacket.Type==EthernetPacketType.IpV6)
{
IpPacket ip = IpPacket.GetEncapsulated(packet);
Ip(ip,packet);
}
}
static private void Ip(IpPacket ip,Packet packet)
{
Console.WriteLine("--------ip协议-----------");
Console.WriteLine("ip版本号:" + ip.Version);
Console.WriteLine("ip首部长度:" + ip.Header.Length);
Console.WriteLine("总长度:" + ip.TotalLength);
Console.WriteLine("生存时间:" + ip.TimeToLive);
if(ip.Version==IpVersion.IPv4)
{
IPv4Packet ipv4 = ip as IPv4Packet;
Console.WriteLine("偏移:"+ipv4.FragmentOffset.ToString());
}
Console.WriteLine("源ip地址:" + ip.SourceAddress);
Console.WriteLine("目的ip地址:" + ip.DestinationAddress);
Console.WriteLine("上层协议类型:" + ip.Protocol);
if(ip.Protocol==IPProtocolType.UDP)
{
UdpPacket udp = UdpPacket.GetEncapsulated(packet);
Udp(udp,packet);
}
}
static private void Udp(UdpPacket udp,Packet packet)
{
Console.WriteLine("----------UDP-----------");
Console.WriteLine("源端口:" + udp.SourcePort);
Console.WriteLine("目的端口:" + udp.DestinationPort);
if(udp.SourcePort==53|| udp.DestinationPort==53)
{
DnsPacket dns = new DnsPacket(udp.PayloadData);
Dns(dns);
}
}
static private void Dns(DnsPacket dns)
{
if (dns == null)
return;
Console.WriteLine("Transaction Id:0x" + dns.ID.ToString("x4"));
Console.WriteLine("flags:0x" + dns.Flags.ToString("x4"));
if (dns.QR == 0)
Console.WriteLine("这是一个请求报文!\n");
else
Console.WriteLine("这是一个应答报文!\n");
Console.WriteLine("Questions:" + dns.QusetionCounts);
Console.WriteLine("Anser RRs:" + dns.AnswerCounts);
Console.WriteLine("Authority RRs:" + dns.AuthorityCounts);
Console.WriteLine("Additional RRs:" + dns.AdditionalCounts);
Console.WriteLine("-------Questions---------");
if(dns.Query!=null)
{
Console.WriteLine("Name:" + dns.Query.name);
Console.WriteLine(" [Name length]:" + dns.Query.name.Length);
Console.WriteLine("Type:" + dns.Query.DnsType);
Console.WriteLine("Class:" + dns.Query.DnsClass);
}
List<TwzyProtocol.DNS.DnsResponse> relist = null;
Console.WriteLine("---------Answer RRs--------");
if(dns.QR==1&&dns.Query!=null)
{
relist = dns.ResponseList;
foreach (var i in relist)
{
Console.WriteLine("-----------------");
Console.WriteLine("Name:" + i.name);
Console.WriteLine("Type:" + i.dnsType);
Console.WriteLine("Class:" + i.dnsClass);
Console.WriteLine("TTL:" + i.TTL);
Console.WriteLine("Data Length:" + i.payLength);
Console.WriteLine("Adress:" + i.rescData);
}
}
}
}
}