@xunuo
2017-08-10T08:51:43.000000Z
字数 9547
阅读 1164
网络数据包分析
sharppcap 链表 byte[]转string
using System;using System.Collections.Generic;using System.Linq;using System.Text;using System.Threading.Tasks;using SharpPcap;using SharpPcap.LibPcap;using PacketDotNet;using TwzyProtocol;namespace practice1{public class ipdata{public int flag;public int offest;public string data;public ipdata() { }public ipdata next;public ipdata pre;}public class ipid{public ushort id;public ipid() { }public ipid next;public ipdata ipdatahead;}class Program{static int[] idlist = new int[200];static int num = 0;public static ipid ipidhead = new ipid();public static ipid ipidheader = new ipid();static int vis = 0;static string stringdata;static void Main(string[] args){//获取网络设备var device = CaptureDeviceList.Instance;if (device.Count < 1){Console.WriteLine("暂无可用网络设备!\n");return;}int i = 0;foreach (ICaptureDevice cap in device){Console.WriteLine("{0},{1},{2}", i, cap.Name, cap.Description);//打印所有可用网络设备;i++;}//选择为要用的设备:Console.WriteLine("请选择要使用的网络设备:");int j = int.Parse(Console.ReadLine());if (j > i || j < 0){Console.WriteLine("该设备不存在!\n");return;}ICaptureDevice dev = device[j];//string filter = "ip and tcp";ipidhead.next = null;ipidhead.ipdatahead = null;dev.OnPacketArrival += new PacketArrivalEventHandler(dev_OnPacketArrival);dev.Open(DeviceMode.Normal, 1000);dev.Filter = "ip net 222.196.33.253";dev.StartCapture();}public static string ToHexString(byte[] bytes) // byte[]转16进制string{string hexString = string.Empty;if (bytes != null){StringBuilder strB = new StringBuilder();for (int i = 0; i < bytes.Length; i++){strB.Append(bytes[i].ToString("X2"));}hexString = strB.ToString();}return hexString;}static void dev_OnPacketArrival(object sender, CaptureEventArgs e){// packetdata = e.Packet.Data;stringdata = ToHexString(e.Packet.Data);// Console.WriteLine(ToHexString(packetdata));if (e.Packet.LinkLayerType == LinkLayers.Ethernet){var packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);Ethernet(packet);}}static private void Ethernet(Packet packet){var Ethernetpacket = PacketDotNet.EthernetPacket.GetEncapsulated(packet);if (Ethernetpacket.Type == EthernetPacketType.IpV4 || Ethernetpacket.Type == EthernetPacketType.IpV6){IpPacket ip = IpPacket.GetEncapsulated(packet);Ip(ip, packet);}}static private void Ip(IpPacket ip, Packet packet){Console.WriteLine("总长度:" + ip.TotalLength);if (ip.Version == IpVersion.IPv4){IPv4Packet ipv4 = ip as IPv4Packet;Console.WriteLine("Identification:" + ipv4.Id);Console.WriteLine("flag:" + ipv4.FragmentFlags);Console.WriteLine("偏移:" + ipv4.FragmentOffset.ToString());if(ipv4.FragmentFlags==1&&vis==0){createipid(ipidhead, ipv4.Id);insert(ipidhead, ipv4.Id, ipv4.FragmentFlags, ipv4.FragmentOffset, stringdata);idlist[num++] = ipv4.Id;vis = 1;}else if(ipv4.FragmentFlags==1&&vis==1){insert(ipidhead, ipv4.Id, ipv4.FragmentFlags, ipv4.FragmentOffset, stringdata);}else if(ipv4.FragmentFlags==0){for(int i=0;i<num;i++){if (ipv4.Id == idlist[i]){insert(ipidhead, ipv4.Id, ipv4.FragmentFlags, ipv4.FragmentOffset, stringdata);vis = 0;}}print(ipidhead, ipv4.Id);}}}public static void createipid(ipid ipidhead,ushort ipv4id){ipid ipidroot = ipidhead;while (!isempty(ipidroot)){ipidroot = ipidroot.next;}ipidroot.id = ipv4id;ipidroot.next = new ipid();ipidroot.next.next = null;ipidroot.ipdatahead = null;}public static bool isempty(ipid ipidhead){if (ipidhead.next == null)return true;elsereturn false;}public static void insert(ipid ipidhead,ushort ipv4id,int flag,int offest,string stringdata){while(!search(ipidhead,ipv4id)){ipidhead = ipidhead.next;}if(ipidhead.ipdatahead==null){ipdata ipdataheader = new ipdata();ipidhead.ipdatahead = ipdataheader;ipdataheader.next = null;ipdataheader.flag = flag;ipdataheader.offest = offest;string data = stringdata;/* if (flag == 0){ipdataheader.data = data.Substring((14 + 20)*2);}else{*/ipdataheader.data = data.Substring((14 + 20)*2);// }}else{ipdata ipdataheader = ipidhead.ipdatahead;ipdata ipdatanewheader = new ipdata();ipdatanewheader.flag = flag;ipdatanewheader.offest = offest;ipdatanewheader.next = null;string data = stringdata;/* if (flag == 0){ipdatanewheader.data = data.Substring((14 + 20)*2);}else{*/ipdatanewheader.data = data.Substring((14 + 20)*2);// }while(ipdataheader.offest<ipdatanewheader.offest){if (ipdataheader.next == null || ipdataheader.next.offest > ipdatanewheader.offest){ipdatanewheader.pre = ipdataheader;ipdatanewheader.next = ipdataheader.next;ipdataheader.next = ipdatanewheader;ipdataheader.next.pre = ipdatanewheader;}elseipdataheader = ipdataheader.next;}}}public static bool search(ipid ipidhead,ushort ipv4id){if (ipidhead.id == ipv4id)return true;elsereturn false;}public static void print(ipid ipidhead,ushort ipv4id){ipid ipidheader = ipidhead;while(!search(ipidheader,ipv4id)){ipidheader = ipidheader.next;}ipdata ipdataheader = ipidheader.ipdatahead;while(ipdataheader.next!=null){Console.WriteLine(ipdataheader.data);ipdataheader = ipdataheader.next;}if(ipdataheader.next==null&&ipdataheader.data!=null){Console.WriteLine(ipdataheader.data);}}}}
1.主函数:
using System;using System.Collections.Generic;using System.Linq;using System.Text;using System.Threading.Tasks;using SharpPcap;using SharpPcap.LibPcap;using PacketDotNet;using TwzyProtocol;namespace practice1{class Program{//static int vis = 0;static string stringdata;static void Main(string[] args){//获取网络设备var device = CaptureDeviceList.Instance;if (device.Count < 1){Console.WriteLine("暂无可用网络设备!\n");return;}int i = 0;foreach (ICaptureDevice cap in device){Console.WriteLine("{0},{1},{2}", i, cap.Name, cap.Description);//打印所有可用网络设备;i++;}//选择为要用的设备:Console.WriteLine("请选择要使用的网络设备:");int j = int.Parse(Console.ReadLine());if (j > i || j < 0){Console.WriteLine("该设备不存在!\n");return;}ICaptureDevice dev = device[j];//string filter = "ip and tcp";dev.OnPacketArrival += new PacketArrivalEventHandler(dev_OnPacketArrival);dev.Open(DeviceMode.Normal, 1000);dev.Filter = "ip net 222.196.33.253";dev.StartCapture();}/*主函数中要初始化这两个* ipidhead.next = null;* ipidhead.ipdatahead = null;*/public static string ToHexString(byte[] bytes) // byte[]转16进制string{string hexString = string.Empty;if (bytes != null){StringBuilder strB = new StringBuilder();for (int i = 0; i < bytes.Length; i++){strB.Append(bytes[i].ToString("X2"));}hexString = strB.ToString();}return hexString;}static void dev_OnPacketArrival(object sender, CaptureEventArgs e){// packetdata = e.Packet.Data;stringdata = ToHexString(e.Packet.Data);// Console.WriteLine(ToHexString(packetdata));if (e.Packet.LinkLayerType == LinkLayers.Ethernet){var packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);Ethernet(packet);}}static private void Ethernet(Packet packet){var Ethernetpacket = PacketDotNet.EthernetPacket.GetEncapsulated(packet);if (Ethernetpacket.Type == EthernetPacketType.IpV4 || Ethernetpacket.Type == EthernetPacketType.IpV6){IpPacket ip = IpPacket.GetEncapsulated(packet);Class1.Ip(ip,stringdata);}}}}
2.ip类
using System;using System.Collections.Generic;using System.Linq;using System.Text;using System.Threading.Tasks;using SharpPcap;using SharpPcap.LibPcap;using PacketDotNet;using TwzyProtocol;namespace practice1{public class ipdata{public int flag;public int offest;public string data;public ipdata() { }public ipdata next;public ipdata pre;}public class ipid{public ushort id;public ipid() { }public ipid next;public ipdata ipdatahead;}class Class1{static int[] idlist = new int[200];static int num = 0;public static ipid ipidhead = new ipid();public static ipid ipidheader = new ipid();static int vis = 0;public static void Ip(IpPacket ip,string stringdata){Console.WriteLine("总长度:" + ip.TotalLength);if (ip.Version == IpVersion.IPv4){IPv4Packet ipv4 = ip as IPv4Packet;Console.WriteLine("Identification:" + ipv4.Id);Console.WriteLine("flag:" + ipv4.FragmentFlags);Console.WriteLine("偏移:" + ipv4.FragmentOffset.ToString());if (ipv4.FragmentFlags == 1 && vis == 0){createipid(ipidhead, ipv4.Id);insert(ipidhead, ipv4.Id, ipv4.FragmentFlags, ipv4.FragmentOffset, stringdata);idlist[num++] = ipv4.Id;vis = 1;}else if (ipv4.FragmentFlags == 1 && vis == 1){insert(ipidhead, ipv4.Id, ipv4.FragmentFlags, ipv4.FragmentOffset, stringdata);}else if (ipv4.FragmentFlags == 0){for (int i = 0; i < num; i++){if (ipv4.Id == idlist[i]){insert(ipidhead, ipv4.Id, ipv4.FragmentFlags, ipv4.FragmentOffset, stringdata);vis = 0;}}Console.WriteLine(print(ipidhead, ipv4.Id));}}}public static void createipid(ipid ipidhead, ushort ipv4id){ipid ipidroot = ipidhead;while (!isempty(ipidroot)){ipidroot = ipidroot.next;}ipidroot.id = ipv4id;ipidroot.next = new ipid();ipidroot.next.next = null;ipidroot.ipdatahead = null;}public static bool isempty(ipid ipidhead){if (ipidhead.next == null)return true;elsereturn false;}public static void insert(ipid ipidhead, ushort ipv4id, int flag, int offest, string stringdata){while (!search(ipidhead, ipv4id)){ipidhead = ipidhead.next;}if (ipidhead.ipdatahead == null){ipdata ipdataheader = new ipdata();ipidhead.ipdatahead = ipdataheader;ipdataheader.next = null;ipdataheader.flag = flag;ipdataheader.offest = offest;string data = stringdata;ipdataheader.data = data.Substring((14 + 20) * 2);}else{ipdata ipdataheader = ipidhead.ipdatahead;ipdata ipdatanewheader = new ipdata();ipdatanewheader.flag = flag;ipdatanewheader.offest = offest;ipdatanewheader.next = null;string data = stringdata;ipdatanewheader.data = data.Substring((14 + 20) * 2);while (ipdataheader.offest < ipdatanewheader.offest){if (ipdataheader.next == null || ipdataheader.next.offest > ipdatanewheader.offest){ipdatanewheader.pre = ipdataheader;ipdatanewheader.next = ipdataheader.next;ipdataheader.next = ipdatanewheader;ipdataheader.next.pre = ipdatanewheader;}elseipdataheader = ipdataheader.next;}}}public static bool search(ipid ipidhead, ushort ipv4id){if (ipidhead.id == ipv4id)return true;elsereturn false;}public static string print(ipid ipidhead, ushort ipv4id){string s="";ipid ipidheader = ipidhead;while (!search(ipidheader, ipv4id)){ipidheader = ipidheader.next;}ipdata ipdataheader = ipidheader.ipdatahead;while (ipdataheader.next != null){s += ipdataheader.data;//Console.WriteLine(ipdataheader.data);ipdataheader = ipdataheader.next;}if (ipdataheader.next == null && ipdataheader.data != null){s += ipdataheader.data;// Console.WriteLine(ipdataheader.data);}return s;}}}