这节的代码来自官方示例第6个，主要功能是实时获取Tcp/ip数据包的源地址及端口号还有目的地址及其端口号。

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using SharpPcap;
using PacketDotNet;
namespace SharpPcap_Demo
{
    class Program
    {
        static void Main(string[] args)
        {
            //显示当前SharpPcap版本号
            string ver = SharpPcap.Version.VersionString;
            Console.WriteLine("SharpPcap Version : {0}",ver);

            //获取网络设备
            var devices = LivePcapDeviceList.Instance;
            if (devices.Count < 1)
            {
                Console.WriteLine("No devices were found on this machine");
                return;
            }

            Console.WriteLine("The following devices are available on this machine:");
            Console.WriteLine("----------------------------------------------------");
            int i = 0;
            foreach (LivePcapDevice dev in devices)
            {
                Console.WriteLine("{0} {1} {2}",i,dev.Name,dev.Description);
                i++;
            }
            //选择一个要监听的设备
            Console.Write("Please choose a device to capture:");
            i = int.Parse(Console.ReadLine());
            LivePcapDevice device = devices[i];
            device.OnPacketArrival += new PacketArrivalEventHandler(DeviceOnPacketArrival);
            int readTimeoutMillisecond = 1000;
            //开启混杂模式
            device.Open(DeviceMode.Promiscuous,readTimeoutMillisecond);
            //过滤tcp/ip包
            string filter = "ip and tcp";
            device.SetFilter(filter);
            Console.WriteLine("The following tcpdump filter will be applied:{0}",filter);
            Console.WriteLine("Listening on {0},hit 'Ctrl+C' to exit...",device.Description);
            //开始监听进程,不停止
            device.Capture();
            //关闭设备
            device.Close();
        }
        private static void DeviceOnPacketArrival(object sender, CaptureEventArgs e)
        {
            var time = e.Packet.Timeval.Date;
            var len = e.Packet.Data.Length;
            var packet = PacketDotNet.Packet.ParsePacket(e.Packet);
            var tcpPacket = PacketDotNet.TcpPacket.GetEncapsulated(packet);
            if (tcpPacket != null)
            {
                var ipPacket = (PacketDotNet.IpPacket)tcpPacket.ParentPacket;
                //数据包源地址
                System.Net.IPAddress srcIp = ipPacket.SourceAddress;
                //数据包目的地址
                System.Net.IPAddress dstIp = ipPacket.DestinationAddress;
                //源地址端口
                int srcPort = tcpPacket.SourcePort;
                //目的地址端口
                int dstPort = tcpPacket.DestinationPort;
                Console.WriteLine("{0}:{1}:{2},{3} Len={4} {5}:{6} -> {7}:{8}",time.Hour,time.Minute,time.Second,time.Millisecond,len,srcIp,srcPort,dstIp,dstPort);
            }
        }
    }
}

转载请注明：于哲的博客 » SharpPcap学习笔记2