@xunuo
2017-08-10T06:50:14.000000Z
字数 3648
阅读 1515
网络数据包分析
sharppcap
using System;using System.Collections.Generic;using System.Linq;using System.Text;using System.Threading.Tasks;using SharpPcap;using SharpPcap.LibPcap;using PacketDotNet;using TwzyProtocol;namespace practice1{class Program{static void Main(string[] args){//获取网络设备var device = CaptureDeviceList.Instance;if (device.Count < 1){Console.WriteLine("暂无可用网络设备!\n");return;}int i = 0;foreach (ICaptureDevice cap in device){Console.WriteLine("{0},{1},{2}", i, cap.Name, cap.Description);//打印所有可用网络设备;i++;}//选择为要用的设备:Console.WriteLine("请选择要使用的网络设备:");int j = int.Parse(Console.ReadLine());if(j>i||j<0){Console.WriteLine("该设备不存在!\n");return;}ICaptureDevice dev = device[j];//string filter = "ip and tcp";dev.OnPacketArrival += new PacketArrivalEventHandler(dev_OnPacketArrival);dev.Open(DeviceMode.Normal, 1000);dev.Filter = "port 53";dev.StartCapture();}static void dev_OnPacketArrival(object sender,CaptureEventArgs e){if(e.Packet.LinkLayerType==LinkLayers.Ethernet){var packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);Ethernet(packet);}}static private void Ethernet(Packet packet){var Ethernetpacket = PacketDotNet.EthernetPacket.GetEncapsulated(packet);Console.WriteLine("以太网头部长度:" + Ethernetpacket.Header.Length);//以太网首部字节长度;Console.WriteLine("目的端口:" + Ethernetpacket.DestinationHwAddress.ToString());//目的端口;Console.WriteLine("源端口:" + Ethernetpacket.SourceHwAddress.ToString());//源端口;Console.WriteLine("上层协议类型:" + Ethernetpacket.Type.ToString());//协议类型;if(Ethernetpacket.Type==EthernetPacketType.IpV4||Ethernetpacket.Type==EthernetPacketType.IpV6){IpPacket ip = IpPacket.GetEncapsulated(packet);Ip(ip,packet);}}static private void Ip(IpPacket ip,Packet packet){Console.WriteLine("--------ip协议-----------");Console.WriteLine("ip版本号:" + ip.Version);Console.WriteLine("ip首部长度:" + ip.Header.Length);Console.WriteLine("总长度:" + ip.TotalLength);Console.WriteLine("生存时间:" + ip.TimeToLive);if(ip.Version==IpVersion.IPv4){IPv4Packet ipv4 = ip as IPv4Packet;Console.WriteLine("偏移:"+ipv4.FragmentOffset.ToString());}Console.WriteLine("源ip地址:" + ip.SourceAddress);Console.WriteLine("目的ip地址:" + ip.DestinationAddress);Console.WriteLine("上层协议类型:" + ip.Protocol);if(ip.Protocol==IPProtocolType.UDP){UdpPacket udp = UdpPacket.GetEncapsulated(packet);Udp(udp,packet);}}static private void Udp(UdpPacket udp,Packet packet){Console.WriteLine("----------UDP-----------");Console.WriteLine("源端口:" + udp.SourcePort);Console.WriteLine("目的端口:" + udp.DestinationPort);if(udp.SourcePort==53|| udp.DestinationPort==53){DnsPacket dns = new DnsPacket(udp.PayloadData);Dns(dns);}}static private void Dns(DnsPacket dns){if (dns == null)return;Console.WriteLine("Transaction Id:0x" + dns.ID.ToString("x4"));Console.WriteLine("flags:0x" + dns.Flags.ToString("x4"));if (dns.QR == 0)Console.WriteLine("这是一个请求报文!\n");elseConsole.WriteLine("这是一个应答报文!\n");Console.WriteLine("Questions:" + dns.QusetionCounts);Console.WriteLine("Anser RRs:" + dns.AnswerCounts);Console.WriteLine("Authority RRs:" + dns.AuthorityCounts);Console.WriteLine("Additional RRs:" + dns.AdditionalCounts);Console.WriteLine("-------Questions---------");if(dns.Query!=null){Console.WriteLine("Name:" + dns.Query.name);Console.WriteLine(" [Name length]:" + dns.Query.name.Length);Console.WriteLine("Type:" + dns.Query.DnsType);Console.WriteLine("Class:" + dns.Query.DnsClass);}List<TwzyProtocol.DNS.DnsResponse> relist = null;Console.WriteLine("---------Answer RRs--------");if(dns.QR==1&&dns.Query!=null){relist = dns.ResponseList;foreach (var i in relist){Console.WriteLine("-----------------");Console.WriteLine("Name:" + i.name);Console.WriteLine("Type:" + i.dnsType);Console.WriteLine("Class:" + i.dnsClass);Console.WriteLine("TTL:" + i.TTL);Console.WriteLine("Data Length:" + i.payLength);Console.WriteLine("Adress:" + i.rescData);}}}}}