在PcapDotNet中自动选择设备?

时间:2017-08-22 15:32:23

标签: c# pcap.net

有没有办法选择从此列表中自动发送http流量的工作设备?

List<NetworkInterface> Interfaces = new List<NetworkInterface>();
foreach (var nic in NetworkInterface.GetAllNetworkInterfaces())
{
    if (nic.OperationalStatus == OperationalStatus.Up)
    {
        Interfaces.Add(nic);
    }
}

另外如何嗅探URL而不是IP?对不起,我是PcapDotNet的新手。

private static void PacketHandler(Packet packet)
{
    // print timestamp and length of the packet
    Console.WriteLine(packet.Timestamp.ToString("yyyy-MM-dd hh:mm:ss.fff") + " length:" + packet.Length);

    IpV4Datagram ip = packet.Ethernet.IpV4;
    UdpDatagram udp = ip.Udp;

    // print ip addresses and udp ports
    Console.WriteLine(ip.Source + ":" + udp.SourcePort + " -> " + ip.Destination + ":" + udp.DestinationPort);
}

1 个答案:

答案 0 :(得分:1)

您是否在尝试查找有关特定NIC的更多信息?如果您尝试从单个界面隔离流量,请先找出它是哪一个。下面的代码将帮助您枚举可用的接口:

 var nics = from NetworkInterface a
                  in NetworkInterface.GetAllNetworkInterfaces()
                   where a.NetworkInterfaceType == NetworkInterfaceType.Ethernet &&
                   a.Supports(NetworkInterfaceComponent.IPv4)
                   select a;

    if (nics.Any())
    {
        var nic = nics.First();
        adapter = new NetworkAdapter();
        adapter.Name = nic.Name;
        adapter.Description = nic.Description;
        adapter.Id = nic.Id;
        var props = nic.GetIPProperties();


        var ipAddresses = from UnicastIPAddressInformation info
                          in props.UnicastAddresses
                          where info.PrefixOrigin == PrefixOrigin.Manual
                          select info;

        adapter.GatewayAddressList = nic.GetIPProperties().GatewayAddresses;

        adapter.Available = (nic.OperationalStatus == OperationalStatus.Up);
    }

此外,如果您尝试嗅探URL,则必须查看DNS数据包。 DNS有助于将URL转换为IP。查看DNS。 DNS搜索将在任何连接之前进行。

编辑:这是我用来枚举适配器ID的实用工具方法:

DLL int GetAvailableAdapters()
{
    pcap_if_t *alldevs;
    pcap_if_t *devs;
    char msgBuffer[LOG_SIZE];
    int index = 0;
    char* fullname;
    int namePtr;
    char* shortname;
    struct in_addr ip;


// Retrieve the device list on the local machine
if (-1 == pcap_findalldevs_ex(PCAP_SRC_IF_STRING, NULL, &alldevs, msgBuffer))
{
    //error
    return 0;
}

// Cycle List, and make sure adapters are available/visable
for(devs = alldevs; devs != NULL; devs = devs->next)
{
    ++index;

    //
    // Print adapter description
    //
    sprintf(msgBuffer, "  [%d]:  %s", index, devs->description);
    gblLog(INFO, msgBuffer);

    //
    // Parse and Print adapters network info in dot-decimal notation
    //
    /*ip = ((struct sockaddr_in *)(devs->addresses->addr))->sin_addr;
    sprintf(msgBuffer, "        IPAddr:  %s ", inet_ntoa(ip));
    gblLog(INFO, msgBuffer);
    */

    //
    // Print the Registry Key Value from the substring of adapter name
    //
    fullname = devs->name;
    namePtr = strlen(fullname);
    shortname = fullname + namePtr;

    while(0 < namePtr && fullname[--namePtr] != '_');
    if(fullname[namePtr] == '_')
    {
        // Key is the string after "_" char, get the substring starting at that index.
        shortname = fullname + namePtr + 1;
        fullname[namePtr] = '\0';

        sprintf(msgBuffer, "        KeyVal:  %s\n", shortname);
        gblLog(INFO, msgBuffer);
    }       
    else
    {
        // Print full name if the "_" char was not found (odd formating...)
        sprintf(msgBuffer, "        KeyVal:  %s\n", fullname);
        gblLog(INFO, msgBuffer);
    }
}

if(index == 0)
{
    gblLog(INFO, "FindAllDevs() returned null devices. No network adapters found!");
}

return index; // Total num of adapters enum
}

使用此方法以及NetworkInterface,您应该能够通过其reg键将适配器与索引相关联。找到合适的适配器后,使用该索引打开pcap设备:

if (pcap_findalldevs_ex(PCAP_SRC_IF_STRING, NULL, &alldevs, errbuf) == -1)
    {
        return -1; // error
    }

    // Cycle the devs until we reach the appropriate index
    for(d = alldevs, i = 0; (i < (index- 1)); d = d->next, i++);    

    // Open the device
    if ( (adhandle= pcap_open(d->name,              // HW name of the network device.
                              65536,                // Portion of the packet to capture. 65536 max packet
                              adapterFlags,         // See adapterFlags above
                              1000,                 // 1sec timeout on idle. (We check for exit at this interval)
                              NULL,                 // No authentication, 
                              errbuf                // Error buffer
                              )) == NULL)
    {
        //error opening
        pcap_freealldevs(alldevs);  // Free the device list
        return -1;
    }