@xunuo
2017-08-10T16:51:43.000000Z
字数 9547
阅读 1305
网络数据包分析
sharppcap
链表
byte[]转string
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using SharpPcap;
using SharpPcap.LibPcap;
using PacketDotNet;
using TwzyProtocol;
namespace practice1
{
public class ipdata
{
public int flag;
public int offest;
public string data;
public ipdata() { }
public ipdata next;
public ipdata pre;
}
public class ipid
{
public ushort id;
public ipid() { }
public ipid next;
public ipdata ipdatahead;
}
class Program
{
static int[] idlist = new int[200];
static int num = 0;
public static ipid ipidhead = new ipid();
public static ipid ipidheader = new ipid();
static int vis = 0;
static string stringdata;
static void Main(string[] args)
{
//获取网络设备
var device = CaptureDeviceList.Instance;
if (device.Count < 1)
{
Console.WriteLine("暂无可用网络设备!\n");
return;
}
int i = 0;
foreach (ICaptureDevice cap in device)
{
Console.WriteLine("{0},{1},{2}", i, cap.Name, cap.Description);//打印所有可用网络设备;
i++;
}
//选择为要用的设备:
Console.WriteLine("请选择要使用的网络设备:");
int j = int.Parse(Console.ReadLine());
if (j > i || j < 0)
{
Console.WriteLine("该设备不存在!\n");
return;
}
ICaptureDevice dev = device[j];
//string filter = "ip and tcp";
ipidhead.next = null;
ipidhead.ipdatahead = null;
dev.OnPacketArrival += new PacketArrivalEventHandler(dev_OnPacketArrival);
dev.Open(DeviceMode.Normal, 1000);
dev.Filter = "ip net 222.196.33.253";
dev.StartCapture();
}
public static string ToHexString(byte[] bytes) // byte[]转16进制string
{
string hexString = string.Empty;
if (bytes != null)
{
StringBuilder strB = new StringBuilder();
for (int i = 0; i < bytes.Length; i++)
{
strB.Append(bytes[i].ToString("X2"));
}
hexString = strB.ToString();
}
return hexString;
}
static void dev_OnPacketArrival(object sender, CaptureEventArgs e)
{
// packetdata = e.Packet.Data;
stringdata = ToHexString(e.Packet.Data);
// Console.WriteLine(ToHexString(packetdata));
if (e.Packet.LinkLayerType == LinkLayers.Ethernet)
{
var packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
Ethernet(packet);
}
}
static private void Ethernet(Packet packet)
{
var Ethernetpacket = PacketDotNet.EthernetPacket.GetEncapsulated(packet);
if (Ethernetpacket.Type == EthernetPacketType.IpV4 || Ethernetpacket.Type == EthernetPacketType.IpV6)
{
IpPacket ip = IpPacket.GetEncapsulated(packet);
Ip(ip, packet);
}
}
static private void Ip(IpPacket ip, Packet packet)
{
Console.WriteLine("总长度:" + ip.TotalLength);
if (ip.Version == IpVersion.IPv4)
{
IPv4Packet ipv4 = ip as IPv4Packet;
Console.WriteLine("Identification:" + ipv4.Id);
Console.WriteLine("flag:" + ipv4.FragmentFlags);
Console.WriteLine("偏移:" + ipv4.FragmentOffset.ToString());
if(ipv4.FragmentFlags==1&&vis==0)
{
createipid(ipidhead, ipv4.Id);
insert(ipidhead, ipv4.Id, ipv4.FragmentFlags, ipv4.FragmentOffset, stringdata);
idlist[num++] = ipv4.Id;
vis = 1;
}
else if(ipv4.FragmentFlags==1&&vis==1)
{
insert(ipidhead, ipv4.Id, ipv4.FragmentFlags, ipv4.FragmentOffset, stringdata);
}
else if(ipv4.FragmentFlags==0)
{
for(int i=0;i<num;i++)
{
if (ipv4.Id == idlist[i])
{
insert(ipidhead, ipv4.Id, ipv4.FragmentFlags, ipv4.FragmentOffset, stringdata);
vis = 0;
}
}
print(ipidhead, ipv4.Id);
}
}
}
public static void createipid(ipid ipidhead,ushort ipv4id)
{
ipid ipidroot = ipidhead;
while (!isempty(ipidroot))
{
ipidroot = ipidroot.next;
}
ipidroot.id = ipv4id;
ipidroot.next = new ipid();
ipidroot.next.next = null;
ipidroot.ipdatahead = null;
}
public static bool isempty(ipid ipidhead)
{
if (ipidhead.next == null)
return true;
else
return false;
}
public static void insert(ipid ipidhead,ushort ipv4id,int flag,int offest,string stringdata)
{
while(!search(ipidhead,ipv4id))
{
ipidhead = ipidhead.next;
}
if(ipidhead.ipdatahead==null)
{
ipdata ipdataheader = new ipdata();
ipidhead.ipdatahead = ipdataheader;
ipdataheader.next = null;
ipdataheader.flag = flag;
ipdataheader.offest = offest;
string data = stringdata;
/* if (flag == 0)
{
ipdataheader.data = data.Substring((14 + 20)*2);
}
else
{*/
ipdataheader.data = data.Substring((14 + 20)*2);
// }
}
else
{
ipdata ipdataheader = ipidhead.ipdatahead;
ipdata ipdatanewheader = new ipdata();
ipdatanewheader.flag = flag;
ipdatanewheader.offest = offest;
ipdatanewheader.next = null;
string data = stringdata;
/* if (flag == 0)
{
ipdatanewheader.data = data.Substring((14 + 20)*2);
}
else
{*/
ipdatanewheader.data = data.Substring((14 + 20)*2);
// }
while(ipdataheader.offest<ipdatanewheader.offest)
{
if (ipdataheader.next == null || ipdataheader.next.offest > ipdatanewheader.offest)
{
ipdatanewheader.pre = ipdataheader;
ipdatanewheader.next = ipdataheader.next;
ipdataheader.next = ipdatanewheader;
ipdataheader.next.pre = ipdatanewheader;
}
else
ipdataheader = ipdataheader.next;
}
}
}
public static bool search(ipid ipidhead,ushort ipv4id)
{
if (ipidhead.id == ipv4id)
return true;
else
return false;
}
public static void print(ipid ipidhead,ushort ipv4id)
{
ipid ipidheader = ipidhead;
while(!search(ipidheader,ipv4id))
{
ipidheader = ipidheader.next;
}
ipdata ipdataheader = ipidheader.ipdatahead;
while(ipdataheader.next!=null)
{
Console.WriteLine(ipdataheader.data);
ipdataheader = ipdataheader.next;
}
if(ipdataheader.next==null&&ipdataheader.data!=null)
{
Console.WriteLine(ipdataheader.data);
}
}
}
}
1.主函数:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using SharpPcap;
using SharpPcap.LibPcap;
using PacketDotNet;
using TwzyProtocol;
namespace practice1
{
class Program
{
//static int vis = 0;
static string stringdata;
static void Main(string[] args)
{
//获取网络设备
var device = CaptureDeviceList.Instance;
if (device.Count < 1)
{
Console.WriteLine("暂无可用网络设备!\n");
return;
}
int i = 0;
foreach (ICaptureDevice cap in device)
{
Console.WriteLine("{0},{1},{2}", i, cap.Name, cap.Description);//打印所有可用网络设备;
i++;
}
//选择为要用的设备:
Console.WriteLine("请选择要使用的网络设备:");
int j = int.Parse(Console.ReadLine());
if (j > i || j < 0)
{
Console.WriteLine("该设备不存在!\n");
return;
}
ICaptureDevice dev = device[j];
//string filter = "ip and tcp";
dev.OnPacketArrival += new PacketArrivalEventHandler(dev_OnPacketArrival);
dev.Open(DeviceMode.Normal, 1000);
dev.Filter = "ip net 222.196.33.253";
dev.StartCapture();
}
/*主函数中要初始化这两个
* ipidhead.next = null;
* ipidhead.ipdatahead = null;
*/
public static string ToHexString(byte[] bytes) // byte[]转16进制string
{
string hexString = string.Empty;
if (bytes != null)
{
StringBuilder strB = new StringBuilder();
for (int i = 0; i < bytes.Length; i++)
{
strB.Append(bytes[i].ToString("X2"));
}
hexString = strB.ToString();
}
return hexString;
}
static void dev_OnPacketArrival(object sender, CaptureEventArgs e)
{
// packetdata = e.Packet.Data;
stringdata = ToHexString(e.Packet.Data);
// Console.WriteLine(ToHexString(packetdata));
if (e.Packet.LinkLayerType == LinkLayers.Ethernet)
{
var packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
Ethernet(packet);
}
}
static private void Ethernet(Packet packet)
{
var Ethernetpacket = PacketDotNet.EthernetPacket.GetEncapsulated(packet);
if (Ethernetpacket.Type == EthernetPacketType.IpV4 || Ethernetpacket.Type == EthernetPacketType.IpV6)
{
IpPacket ip = IpPacket.GetEncapsulated(packet);
Class1.Ip(ip,stringdata);
}
}
}
}
2.ip类
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using SharpPcap;
using SharpPcap.LibPcap;
using PacketDotNet;
using TwzyProtocol;
namespace practice1
{
public class ipdata
{
public int flag;
public int offest;
public string data;
public ipdata() { }
public ipdata next;
public ipdata pre;
}
public class ipid
{
public ushort id;
public ipid() { }
public ipid next;
public ipdata ipdatahead;
}
class Class1
{
static int[] idlist = new int[200];
static int num = 0;
public static ipid ipidhead = new ipid();
public static ipid ipidheader = new ipid();
static int vis = 0;
public static void Ip(IpPacket ip,string stringdata)
{
Console.WriteLine("总长度:" + ip.TotalLength);
if (ip.Version == IpVersion.IPv4)
{
IPv4Packet ipv4 = ip as IPv4Packet;
Console.WriteLine("Identification:" + ipv4.Id);
Console.WriteLine("flag:" + ipv4.FragmentFlags);
Console.WriteLine("偏移:" + ipv4.FragmentOffset.ToString());
if (ipv4.FragmentFlags == 1 && vis == 0)
{
createipid(ipidhead, ipv4.Id);
insert(ipidhead, ipv4.Id, ipv4.FragmentFlags, ipv4.FragmentOffset, stringdata);
idlist[num++] = ipv4.Id;
vis = 1;
}
else if (ipv4.FragmentFlags == 1 && vis == 1)
{
insert(ipidhead, ipv4.Id, ipv4.FragmentFlags, ipv4.FragmentOffset, stringdata);
}
else if (ipv4.FragmentFlags == 0)
{
for (int i = 0; i < num; i++)
{
if (ipv4.Id == idlist[i])
{
insert(ipidhead, ipv4.Id, ipv4.FragmentFlags, ipv4.FragmentOffset, stringdata);
vis = 0;
}
}
Console.WriteLine(print(ipidhead, ipv4.Id));
}
}
}
public static void createipid(ipid ipidhead, ushort ipv4id)
{
ipid ipidroot = ipidhead;
while (!isempty(ipidroot))
{
ipidroot = ipidroot.next;
}
ipidroot.id = ipv4id;
ipidroot.next = new ipid();
ipidroot.next.next = null;
ipidroot.ipdatahead = null;
}
public static bool isempty(ipid ipidhead)
{
if (ipidhead.next == null)
return true;
else
return false;
}
public static void insert(ipid ipidhead, ushort ipv4id, int flag, int offest, string stringdata)
{
while (!search(ipidhead, ipv4id))
{
ipidhead = ipidhead.next;
}
if (ipidhead.ipdatahead == null)
{
ipdata ipdataheader = new ipdata();
ipidhead.ipdatahead = ipdataheader;
ipdataheader.next = null;
ipdataheader.flag = flag;
ipdataheader.offest = offest;
string data = stringdata;
ipdataheader.data = data.Substring((14 + 20) * 2);
}
else
{
ipdata ipdataheader = ipidhead.ipdatahead;
ipdata ipdatanewheader = new ipdata();
ipdatanewheader.flag = flag;
ipdatanewheader.offest = offest;
ipdatanewheader.next = null;
string data = stringdata;
ipdatanewheader.data = data.Substring((14 + 20) * 2);
while (ipdataheader.offest < ipdatanewheader.offest)
{
if (ipdataheader.next == null || ipdataheader.next.offest > ipdatanewheader.offest)
{
ipdatanewheader.pre = ipdataheader;
ipdatanewheader.next = ipdataheader.next;
ipdataheader.next = ipdatanewheader;
ipdataheader.next.pre = ipdatanewheader;
}
else
ipdataheader = ipdataheader.next;
}
}
}
public static bool search(ipid ipidhead, ushort ipv4id)
{
if (ipidhead.id == ipv4id)
return true;
else
return false;
}
public static string print(ipid ipidhead, ushort ipv4id)
{
string s="";
ipid ipidheader = ipidhead;
while (!search(ipidheader, ipv4id))
{
ipidheader = ipidheader.next;
}
ipdata ipdataheader = ipidheader.ipdatahead;
while (ipdataheader.next != null)
{
s += ipdataheader.data;
//Console.WriteLine(ipdataheader.data);
ipdataheader = ipdataheader.next;
}
if (ipdataheader.next == null && ipdataheader.data != null)
{
s += ipdataheader.data;
// Console.WriteLine(ipdataheader.data);
}
return s;
}
}
}