[关闭]
@xunuo 2017-08-10T16:51:43.000000Z 字数 9547 阅读 1305

C#分析ip分片重组

网络数据包分析

sharppcap 链表 byte[]转string


  1. using System;
  2. using System.Collections.Generic;
  3. using System.Linq;
  4. using System.Text;
  5. using System.Threading.Tasks;
  6. using SharpPcap;
  7. using SharpPcap.LibPcap;
  8. using PacketDotNet;
  9. using TwzyProtocol;
  10. namespace practice1
  11. {
  12. public class ipdata
  13. {
  14. public int flag;
  15. public int offest;
  16. public string data;
  17. public ipdata() { }
  18. public ipdata next;
  19. public ipdata pre;
  20. }
  21. public class ipid
  22. {
  23. public ushort id;
  24. public ipid() { }
  25. public ipid next;
  26. public ipdata ipdatahead;
  27. }
  28. class Program
  29. {
  30. static int[] idlist = new int[200];
  31. static int num = 0;
  32. public static ipid ipidhead = new ipid();
  33. public static ipid ipidheader = new ipid();
  34. static int vis = 0;
  35. static string stringdata;
  36. static void Main(string[] args)
  37. {
  38. //获取网络设备
  39. var device = CaptureDeviceList.Instance;
  40. if (device.Count < 1)
  41. {
  42. Console.WriteLine("暂无可用网络设备!\n");
  43. return;
  44. }
  45. int i = 0;
  46. foreach (ICaptureDevice cap in device)
  47. {
  48. Console.WriteLine("{0},{1},{2}", i, cap.Name, cap.Description);//打印所有可用网络设备;
  49. i++;
  50. }
  51. //选择为要用的设备:
  52. Console.WriteLine("请选择要使用的网络设备:");
  53. int j = int.Parse(Console.ReadLine());
  54. if (j > i || j < 0)
  55. {
  56. Console.WriteLine("该设备不存在!\n");
  57. return;
  58. }
  59. ICaptureDevice dev = device[j];
  60. //string filter = "ip and tcp";
  61. ipidhead.next = null;
  62. ipidhead.ipdatahead = null;
  63. dev.OnPacketArrival += new PacketArrivalEventHandler(dev_OnPacketArrival);
  64. dev.Open(DeviceMode.Normal, 1000);
  65. dev.Filter = "ip net 222.196.33.253";
  66. dev.StartCapture();
  67. }
  68. public static string ToHexString(byte[] bytes) // byte[]转16进制string
  69. {
  70. string hexString = string.Empty;
  71. if (bytes != null)
  72. {
  73. StringBuilder strB = new StringBuilder();
  74. for (int i = 0; i < bytes.Length; i++)
  75. {
  76. strB.Append(bytes[i].ToString("X2"));
  77. }
  78. hexString = strB.ToString();
  79. }
  80. return hexString;
  81. }
  82. static void dev_OnPacketArrival(object sender, CaptureEventArgs e)
  83. {
  84. // packetdata = e.Packet.Data;
  85. stringdata = ToHexString(e.Packet.Data);
  86. // Console.WriteLine(ToHexString(packetdata));
  87. if (e.Packet.LinkLayerType == LinkLayers.Ethernet)
  88. {
  89. var packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
  90. Ethernet(packet);
  91. }
  92. }
  93. static private void Ethernet(Packet packet)
  94. {
  95. var Ethernetpacket = PacketDotNet.EthernetPacket.GetEncapsulated(packet);
  96. if (Ethernetpacket.Type == EthernetPacketType.IpV4 || Ethernetpacket.Type == EthernetPacketType.IpV6)
  97. {
  98. IpPacket ip = IpPacket.GetEncapsulated(packet);
  99. Ip(ip, packet);
  100. }
  101. }
  102. static private void Ip(IpPacket ip, Packet packet)
  103. {
  104. Console.WriteLine("总长度:" + ip.TotalLength);
  105. if (ip.Version == IpVersion.IPv4)
  106. {
  107. IPv4Packet ipv4 = ip as IPv4Packet;
  108. Console.WriteLine("Identification:" + ipv4.Id);
  109. Console.WriteLine("flag:" + ipv4.FragmentFlags);
  110. Console.WriteLine("偏移:" + ipv4.FragmentOffset.ToString());
  111. if(ipv4.FragmentFlags==1&&vis==0)
  112. {
  113. createipid(ipidhead, ipv4.Id);
  114. insert(ipidhead, ipv4.Id, ipv4.FragmentFlags, ipv4.FragmentOffset, stringdata);
  115. idlist[num++] = ipv4.Id;
  116. vis = 1;
  117. }
  118. else if(ipv4.FragmentFlags==1&&vis==1)
  119. {
  120. insert(ipidhead, ipv4.Id, ipv4.FragmentFlags, ipv4.FragmentOffset, stringdata);
  121. }
  122. else if(ipv4.FragmentFlags==0)
  123. {
  124. for(int i=0;i<num;i++)
  125. {
  126. if (ipv4.Id == idlist[i])
  127. {
  128. insert(ipidhead, ipv4.Id, ipv4.FragmentFlags, ipv4.FragmentOffset, stringdata);
  129. vis = 0;
  130. }
  131. }
  132. print(ipidhead, ipv4.Id);
  133. }
  134. }
  135. }
  136. public static void createipid(ipid ipidhead,ushort ipv4id)
  137. {
  138. ipid ipidroot = ipidhead;
  139. while (!isempty(ipidroot))
  140. {
  141. ipidroot = ipidroot.next;
  142. }
  143. ipidroot.id = ipv4id;
  144. ipidroot.next = new ipid();
  145. ipidroot.next.next = null;
  146. ipidroot.ipdatahead = null;
  147. }
  148. public static bool isempty(ipid ipidhead)
  149. {
  150. if (ipidhead.next == null)
  151. return true;
  152. else
  153. return false;
  154. }
  155. public static void insert(ipid ipidhead,ushort ipv4id,int flag,int offest,string stringdata)
  156. {
  157. while(!search(ipidhead,ipv4id))
  158. {
  159. ipidhead = ipidhead.next;
  160. }
  161. if(ipidhead.ipdatahead==null)
  162. {
  163. ipdata ipdataheader = new ipdata();
  164. ipidhead.ipdatahead = ipdataheader;
  165. ipdataheader.next = null;
  166. ipdataheader.flag = flag;
  167. ipdataheader.offest = offest;
  168. string data = stringdata;
  169. /* if (flag == 0)
  170. {
  171. ipdataheader.data = data.Substring((14 + 20)*2);
  172. }
  173. else
  174. {*/
  175. ipdataheader.data = data.Substring((14 + 20)*2);
  176. // }
  177. }
  178. else
  179. {
  180. ipdata ipdataheader = ipidhead.ipdatahead;
  181. ipdata ipdatanewheader = new ipdata();
  182. ipdatanewheader.flag = flag;
  183. ipdatanewheader.offest = offest;
  184. ipdatanewheader.next = null;
  185. string data = stringdata;
  186. /* if (flag == 0)
  187. {
  188. ipdatanewheader.data = data.Substring((14 + 20)*2);
  189. }
  190. else
  191. {*/
  192. ipdatanewheader.data = data.Substring((14 + 20)*2);
  193. // }
  194. while(ipdataheader.offest<ipdatanewheader.offest)
  195. {
  196. if (ipdataheader.next == null || ipdataheader.next.offest > ipdatanewheader.offest)
  197. {
  198. ipdatanewheader.pre = ipdataheader;
  199. ipdatanewheader.next = ipdataheader.next;
  200. ipdataheader.next = ipdatanewheader;
  201. ipdataheader.next.pre = ipdatanewheader;
  202. }
  203. else
  204. ipdataheader = ipdataheader.next;
  205. }
  206. }
  207. }
  208. public static bool search(ipid ipidhead,ushort ipv4id)
  209. {
  210. if (ipidhead.id == ipv4id)
  211. return true;
  212. else
  213. return false;
  214. }
  215. public static void print(ipid ipidhead,ushort ipv4id)
  216. {
  217. ipid ipidheader = ipidhead;
  218. while(!search(ipidheader,ipv4id))
  219. {
  220. ipidheader = ipidheader.next;
  221. }
  222. ipdata ipdataheader = ipidheader.ipdatahead;
  223. while(ipdataheader.next!=null)
  224. {
  225. Console.WriteLine(ipdataheader.data);
  226. ipdataheader = ipdataheader.next;
  227. }
  228. if(ipdataheader.next==null&&ipdataheader.data!=null)
  229. {
  230. Console.WriteLine(ipdataheader.data);
  231. }
  232. }
  233. }
  234. }

1.主函数:

  1. using System;
  2. using System.Collections.Generic;
  3. using System.Linq;
  4. using System.Text;
  5. using System.Threading.Tasks;
  6. using SharpPcap;
  7. using SharpPcap.LibPcap;
  8. using PacketDotNet;
  9. using TwzyProtocol;
  10. namespace practice1
  11. {
  12. class Program
  13. {
  14. //static int vis = 0;
  15. static string stringdata;
  16. static void Main(string[] args)
  17. {
  18. //获取网络设备
  19. var device = CaptureDeviceList.Instance;
  20. if (device.Count < 1)
  21. {
  22. Console.WriteLine("暂无可用网络设备!\n");
  23. return;
  24. }
  25. int i = 0;
  26. foreach (ICaptureDevice cap in device)
  27. {
  28. Console.WriteLine("{0},{1},{2}", i, cap.Name, cap.Description);//打印所有可用网络设备;
  29. i++;
  30. }
  31. //选择为要用的设备:
  32. Console.WriteLine("请选择要使用的网络设备:");
  33. int j = int.Parse(Console.ReadLine());
  34. if (j > i || j < 0)
  35. {
  36. Console.WriteLine("该设备不存在!\n");
  37. return;
  38. }
  39. ICaptureDevice dev = device[j];
  40. //string filter = "ip and tcp";
  41. dev.OnPacketArrival += new PacketArrivalEventHandler(dev_OnPacketArrival);
  42. dev.Open(DeviceMode.Normal, 1000);
  43. dev.Filter = "ip net 222.196.33.253";
  44. dev.StartCapture();
  45. }
  46. /*主函数中要初始化这两个
  47. * ipidhead.next = null;
  48. * ipidhead.ipdatahead = null;
  49. */
  50. public static string ToHexString(byte[] bytes) // byte[]转16进制string
  51. {
  52. string hexString = string.Empty;
  53. if (bytes != null)
  54. {
  55. StringBuilder strB = new StringBuilder();
  56. for (int i = 0; i < bytes.Length; i++)
  57. {
  58. strB.Append(bytes[i].ToString("X2"));
  59. }
  60. hexString = strB.ToString();
  61. }
  62. return hexString;
  63. }
  64. static void dev_OnPacketArrival(object sender, CaptureEventArgs e)
  65. {
  66. // packetdata = e.Packet.Data;
  67. stringdata = ToHexString(e.Packet.Data);
  68. // Console.WriteLine(ToHexString(packetdata));
  69. if (e.Packet.LinkLayerType == LinkLayers.Ethernet)
  70. {
  71. var packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
  72. Ethernet(packet);
  73. }
  74. }
  75. static private void Ethernet(Packet packet)
  76. {
  77. var Ethernetpacket = PacketDotNet.EthernetPacket.GetEncapsulated(packet);
  78. if (Ethernetpacket.Type == EthernetPacketType.IpV4 || Ethernetpacket.Type == EthernetPacketType.IpV6)
  79. {
  80. IpPacket ip = IpPacket.GetEncapsulated(packet);
  81. Class1.Ip(ip,stringdata);
  82. }
  83. }
  84. }
  85. }

2.ip类

  1. using System;
  2. using System.Collections.Generic;
  3. using System.Linq;
  4. using System.Text;
  5. using System.Threading.Tasks;
  6. using SharpPcap;
  7. using SharpPcap.LibPcap;
  8. using PacketDotNet;
  9. using TwzyProtocol;
  10. namespace practice1
  11. {
  12. public class ipdata
  13. {
  14. public int flag;
  15. public int offest;
  16. public string data;
  17. public ipdata() { }
  18. public ipdata next;
  19. public ipdata pre;
  20. }
  21. public class ipid
  22. {
  23. public ushort id;
  24. public ipid() { }
  25. public ipid next;
  26. public ipdata ipdatahead;
  27. }
  28. class Class1
  29. {
  30. static int[] idlist = new int[200];
  31. static int num = 0;
  32. public static ipid ipidhead = new ipid();
  33. public static ipid ipidheader = new ipid();
  34. static int vis = 0;
  35. public static void Ip(IpPacket ip,string stringdata)
  36. {
  37. Console.WriteLine("总长度:" + ip.TotalLength);
  38. if (ip.Version == IpVersion.IPv4)
  39. {
  40. IPv4Packet ipv4 = ip as IPv4Packet;
  41. Console.WriteLine("Identification:" + ipv4.Id);
  42. Console.WriteLine("flag:" + ipv4.FragmentFlags);
  43. Console.WriteLine("偏移:" + ipv4.FragmentOffset.ToString());
  44. if (ipv4.FragmentFlags == 1 && vis == 0)
  45. {
  46. createipid(ipidhead, ipv4.Id);
  47. insert(ipidhead, ipv4.Id, ipv4.FragmentFlags, ipv4.FragmentOffset, stringdata);
  48. idlist[num++] = ipv4.Id;
  49. vis = 1;
  50. }
  51. else if (ipv4.FragmentFlags == 1 && vis == 1)
  52. {
  53. insert(ipidhead, ipv4.Id, ipv4.FragmentFlags, ipv4.FragmentOffset, stringdata);
  54. }
  55. else if (ipv4.FragmentFlags == 0)
  56. {
  57. for (int i = 0; i < num; i++)
  58. {
  59. if (ipv4.Id == idlist[i])
  60. {
  61. insert(ipidhead, ipv4.Id, ipv4.FragmentFlags, ipv4.FragmentOffset, stringdata);
  62. vis = 0;
  63. }
  64. }
  65. Console.WriteLine(print(ipidhead, ipv4.Id));
  66. }
  67. }
  68. }
  69. public static void createipid(ipid ipidhead, ushort ipv4id)
  70. {
  71. ipid ipidroot = ipidhead;
  72. while (!isempty(ipidroot))
  73. {
  74. ipidroot = ipidroot.next;
  75. }
  76. ipidroot.id = ipv4id;
  77. ipidroot.next = new ipid();
  78. ipidroot.next.next = null;
  79. ipidroot.ipdatahead = null;
  80. }
  81. public static bool isempty(ipid ipidhead)
  82. {
  83. if (ipidhead.next == null)
  84. return true;
  85. else
  86. return false;
  87. }
  88. public static void insert(ipid ipidhead, ushort ipv4id, int flag, int offest, string stringdata)
  89. {
  90. while (!search(ipidhead, ipv4id))
  91. {
  92. ipidhead = ipidhead.next;
  93. }
  94. if (ipidhead.ipdatahead == null)
  95. {
  96. ipdata ipdataheader = new ipdata();
  97. ipidhead.ipdatahead = ipdataheader;
  98. ipdataheader.next = null;
  99. ipdataheader.flag = flag;
  100. ipdataheader.offest = offest;
  101. string data = stringdata;
  102. ipdataheader.data = data.Substring((14 + 20) * 2);
  103. }
  104. else
  105. {
  106. ipdata ipdataheader = ipidhead.ipdatahead;
  107. ipdata ipdatanewheader = new ipdata();
  108. ipdatanewheader.flag = flag;
  109. ipdatanewheader.offest = offest;
  110. ipdatanewheader.next = null;
  111. string data = stringdata;
  112. ipdatanewheader.data = data.Substring((14 + 20) * 2);
  113. while (ipdataheader.offest < ipdatanewheader.offest)
  114. {
  115. if (ipdataheader.next == null || ipdataheader.next.offest > ipdatanewheader.offest)
  116. {
  117. ipdatanewheader.pre = ipdataheader;
  118. ipdatanewheader.next = ipdataheader.next;
  119. ipdataheader.next = ipdatanewheader;
  120. ipdataheader.next.pre = ipdatanewheader;
  121. }
  122. else
  123. ipdataheader = ipdataheader.next;
  124. }
  125. }
  126. }
  127. public static bool search(ipid ipidhead, ushort ipv4id)
  128. {
  129. if (ipidhead.id == ipv4id)
  130. return true;
  131. else
  132. return false;
  133. }
  134. public static string print(ipid ipidhead, ushort ipv4id)
  135. {
  136. string s="";
  137. ipid ipidheader = ipidhead;
  138. while (!search(ipidheader, ipv4id))
  139. {
  140. ipidheader = ipidheader.next;
  141. }
  142. ipdata ipdataheader = ipidheader.ipdatahead;
  143. while (ipdataheader.next != null)
  144. {
  145. s += ipdataheader.data;
  146. //Console.WriteLine(ipdataheader.data);
  147. ipdataheader = ipdataheader.next;
  148. }
  149. if (ipdataheader.next == null && ipdataheader.data != null)
  150. {
  151. s += ipdataheader.data;
  152. // Console.WriteLine(ipdataheader.data);
  153. }
  154. return s;
  155. }
  156. }
  157. }
添加新批注
在作者公开此批注前,只有你和作者可见。
回复批注