SharpPcap handles packet capturing in the same manner as Wireshark, so you can set filters to limit the packet being captured to a specific port the same way in SharpPcap as you can in wireshark. Except, SharpPcap will be a much lighter weight option vs wireshark.

SharpPcap 以与 Wireshark 相同的方式处理数据包捕获，因此您可以像在 Wireshark 中一样，在 SharpPcap 中设置过滤器以将捕获的数据包限制到特定端口。除此之外，与wireshark相比，SharpPcap将是一个更轻的选择。

Download the SharpPcap source treeand look at the Example05.SetFilter.

下载 SharpPcap源代码树并查看 Example05.SetFilter。

To narrow down the results so you capture only the packets you want to see you'll need to employ a few filters.

要缩小结果范围以便仅捕获您想要查看的数据包，您需要使用一些过滤器。

Pcap uses a common language across all applications that use it do specify the filters to set. Capture programs that use winpcap (windows) or libpcap (*nix) include, sharppcap, wireshark, pcap.net, winpcap, libpcap, tcpdump, etc... For a great resource on how to use pcap filters see this link.

Pcap 在所有使用它的应用程序中使用通用语言，并指定要设置的过滤器。使用 winpcap (windows) 或 libpcap (*nix) 的捕获程序包括：sharpcap、wireshark、pcap.net、winpcap、libpcap、tcpdump 等...有关如何使用 pcap 过滤器的重要资源，请参阅此链接。

Here are the filters you need:

以下是您需要的过滤器：

• ether host ehost
• port port

• 以太主机ehost
• 港口港口

Where the ehost is the MAC address of the computer sending/receiving the packets and the port is the port you want to monitor. So the full filter string would be.

其中 ehost 是发送/接收数据包的计算机的 MAC 地址，端口是您要监视的端口。所以完整的过滤器字符串将是。

SetFilter("ether host ff:ff:ff:ff:ff:ff and port 60");

The MAC and port here are for illustration purposes only, you'd obviously change them with the values that pertain to your specific setup.

这里的 MAC 和端口仅用于说明目的，您显然可以使用与您的特定设置相关的值来更改它们。

This, used in the SetFilter example will simply print out a line of info with the time of when the packet was captured to the command line every time a packet is captured and meets the criteria if your filter.

这个，在 SetFilter 示例中使用将简单地打印出一行信息，以及每次捕获数据包时捕获数据包的时间，并且如果您的过滤器符合条件。

If you want more detailed info about the packet, such as info from the headers or the packet's payload, you'll need to parse the incoming raw packet. Be sure to ask for help on the sourceforge project's forum if you need some tips on how to do this. The project developers are very active and always willing to help.

如果您需要有关数据包的更多详细信息，例如来自标头或数据包负载的信息，您需要解析传入的原始数据包。如果您需要一些有关如何执行此操作的提示，请务必在 sourceforge 项目的论坛上寻求帮助。项目开发人员非常活跃，总是乐于提供帮助。

The best way that will limit the impact your tool will have on performance is via an ETW (Event Tracing for Windows) Real-time Consumer (i.e. a tool that activates an ETW trace and reads it immediately instead of saving it to a file). This MSDN sampleis a great way to see how to do this via C# and it gives you some code to get started.

限制您的工具对性能的影响的最佳方法是通过 ETW（Windows 事件跟踪）实时使用者（即激活 ETW 跟踪并立即读取它而不是将其保存到文件的工具）。此 MSDN 示例是了解如何通过 C# 执行此操作的好方法，它为您提供了一些入门代码。