我的班级启动新进程(Tshark)并开始捕获,从主要表单我检查类属性以更新我的UI,我唯一的指示收到了多少数据包是我的进程输出:
Frame 13: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
Arrival Time: Oct 8, 2012 01:16:42.143822000 Jerusalem Standard Time
Epoch Time: 1349651802.143822000 seconds
[Time delta from previous captured frame: 0.002140000 seconds]
[Time delta from previous displayed frame: 0.002140000 seconds]
[Time since reference or first frame: 0.038739000 seconds]
Frame Number: 13
Frame Length: 62 bytes (496 bits)
Capture Length: 62 bytes (496 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:udp:data]
Ethernet II, Src: CameoCom_fd:ae:5c (00:18:e7:fd:ae:5c), Dst: AsustekC_82:c2:2b (48:5b:39:82:c2:2b)
Destination: AsustekC_82:c2:2b (48:5b:39:82:c2:2b)
Address: AsustekC_82:c2:2b (48:5b:39:82:c2:2b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: CameoCom_fd:ae:5c (00:18:e7:fd:ae:5c)
Address: CameoCom_fd:ae:5c (00:18:e7:fd:ae:5c)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 84.229.2.201 (84.229.2.201), Dst: 192.168.0.100 (192.168.0.100)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 48
Identification: 0x64e7 (25831)
Flags: 0x00
0... .... = Reserved bit: Not set
.0.. .... = Don't fragment: Not set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 120
Protocol: UDP (17)
Header checksum: 0xc51b [correct]
[Good: True]
[Bad: False]
Source: 84.229.2.201 (84.229.2.201)
Destination: 192.168.0.100 (192.168.0.100)
User Datagram Protocol, Src Port: 26120 (26120), Dst Port: 62587 (62587)
Source port: 26120 (26120)
Destination port: 62587 (62587)
Length: 28
Checksum: 0xcfeb [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Data (20 bytes)
Data: 2100b45be8e8038b9e370ec70000f0005da90013
[Length: 20]
0000 48 5b 39 82 c2 2b 00 18 e7 fd ae 5c 08 00 45 00 H[9..+.....\..E.
0010 00 30 64 e7 00 00 78 11 c5 1b 54 e5 02 c9 c0 a8 .0d...x...T.....
0020 00 64 66 08 f4 7b 00 1c cf eb 21 00 b4 5b e8 e8 .df..{....!..[..
0030 03 8b 9e 37 0e c7 00 00 f0 00 5d a9 00 13 ...7......]...
在此示例中,“第13帧”表示这是数据包编号13,并且收到的每个数据包都如下所示。
这是我班级的相关部分,如何启动Tshark流程并开始捕捉:
Process tshark = new Process();
tshark.StartInfo.FileName = _tshark;
tshark.StartInfo.Arguments = string.Format(" -i " + _interfaceNumber + " -V -x -s " + _packetLimitSize + " -w " + _pcapPath);
tshark.StartInfo.RedirectStandardOutput = true;
tshark.StartInfo.UseShellExecute = false;
tshark.StartInfo.CreateNoWindow = true;
tshark.StartInfo.WindowStyle = ProcessWindowStyle.Hidden;
tshark.Start();
while (!myStreamReader.EndOfStream)
{
_packet = myStreamReader.ReadLine();
if (_packet.StartsWith(" Frame Number:"))
{
string[] arr = _packet.Split(default(char[]), StringSplitOptions.RemoveEmptyEntries);
_receivesPackets = int.Parse(arr[2]);
_packetsCount++;
}
if ((DateTime.Now - lastUpdate).TotalMilliseconds > 1000)
{
lastUpdate = DateTime.Now;
OnPacketProgress(_packetsCount++);
}
}
tshark.WaitForExit();
代码 if(_packet.StartsWith(“Frame Number:”))在StreamReader内部while循环解析数据包的数据包,放入相关的属性(_packetsCount)和主要的表单我每隔1秒检查一次这个属性并更新我的UI,我的问题是在速度非常快的情况下UI没有更新所有的数据包,例如2 mun捕获UI显示~50,000并且创建的文件有超过1,000,000。 我是否有更有效的方法来解析/接收这些数据并使其更准确?