Skip to content

C# full managed implementation Pcap/PcapNG file format

License

Notifications You must be signed in to change notification settings

HakanL/PcapngUtils

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

80 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

PcapngUtils NuGet Version

C# full managed implementation Pcap/PcapNG file format

The nuget package

PM> Install-Package Haukcode.PcapngUtils 

Description

Pcap and PcapNG are file formats used to store dumps of network traffic. There formats are described in: * Pcap: https://wiki.wireshark.org/Development/LibpcapFileFormat * Pcap Next Generation: https://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html

The implementation of these formats is made by wrapping unmanaged WinPcap library. I added the implementation of both formats in a fully managed C #.

Usage

Open Pcap file


public void OpenPcapFile(string filename,CancellationToken token)
{
  using (var reader = new PcapReader(filename))
  {
    reader.OnReadPacketEvent += reader_OnReadPacketEvent;
    reader.ReadPackets(token);
    reader.OnReadPacketEvent -= reader_OnReadPacketEvent;
  }
}  

void reader_OnReadPacketEvent(object context, IPacket packet) { Console.WriteLine(string.Format("Packet received {0}.{1}",packet.Seconds, packet.Microseconds )); }

Open PcapNG file


public void OpenPcapNGFile(string filename,bool swapBytes,CancellationToken token)
{
  using (var reader = new PcapNGReader("test.pcap",swapBytes))
  {
    reader.OnReadPacketEvent += reader_OnReadPacketEvent;
    reader.ReadPackets(token);
    reader.OnReadPacketEvent -= reader_OnReadPacketEvent;
  }
}  

void reader_OnReadPacketEvent(object context, IPacket packet) { Console.WriteLine(string.Format("Packet received {0}.{1}",packet.Seconds, packet.Microseconds )); }

Open Pcap/PcapNG file

Better solutions, library can recognize the file format,

public void OpenPcapORPcapNFFile(string filename,CancellationToken token)
{
  using (var reader = IReaderFactory.GetReader(filename))
  {
    reader.OnReadPacketEvent += reader_OnReadPacketEvent;
    reader.ReadPackets(token);
    reader.OnReadPacketEvent -= reader_OnReadPacketEvent;
  }
}  

void reader_OnReadPacketEvent(object context, IPacket packet) { Console.WriteLine(string.Format("Packet received {0}.{1}",packet.Seconds, packet.Microseconds )); }

Read packages and save to Pcap file


public void CloneFile(string inputFileName, string outputFileName, CancellationToken token)
{
  using (var reader = IReaderFactory.GetReader(inputFileName))
  {
    using (var writer = new PcapWriter(outputFileName))
    {
      CommonDelegates.ReadPacketEventDelegate handler = (obj, packet) =>
      {
        writer.WritePacket(packet);
      };
      reader.OnReadPacketEvent += handler;
      reader.ReadPackets(token);
      reader.OnReadPacketEvent -= handler; 
    }                
  }
}

Read packages and save to PcapNG file


public void CloneFile(string inputFileName, string outputFileName, CancellationToken token)
{
  using (var reader = IReaderFactory.GetReader(inputFileName))
  {
    using (var writer = new PcapNGWriter(outputFileName))
    {
      CommonDelegates.ReadPacketEventDelegate handler = (obj, packet) =>
      {
        writer.WritePacket(packet);
      };
      reader.OnReadPacketEvent += handler;
      reader.ReadPackets(token);
      reader.OnReadPacketEvent -= handler; 
    }                
  }
}

About

C# full managed implementation Pcap/PcapNG file format

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • C# 100.0%