C# 如何拦截应用程序发送的数据包并检查其头部和内容?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/12437620/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to intercept packets sent by an application and check their header and content?
提问by Jax
I'd like to know how can I intercept packets sent by a certain application and then to check what those packets contain. I need some advice what to do because I've never done such a thing and I want to learn by myself.
我想知道如何拦截某个应用程序发送的数据包,然后检查这些数据包包含的内容。我需要一些建议,因为我从来没有做过这样的事情,我想自己学习。
采纳答案by Harsh Baid
Pcap.Net
Pcap网
Pcap.Net is a .NET wrapper for WinPcap written in C++/CLI and C#. It Features almost all WinPcap features and includes a packet interpretation framework.
Pcap.Net 是用 C++/CLI 和 C# 编写的 WinPcap 的 .NET 包装器。它具有几乎所有 WinPcap 功能,并包括一个数据包解释框架。
SharpPcap
夏普帽
SharpPcap is a cross-platform packet capture framework for the .NET environment, based on the famous pcap / WinPcap libraries. It provides an API for capturing, injecting, analyzing and building packets using any .NET language such as C# and VB.NET.
SharpPcap 是一个用于 .NET 环境的跨平台数据包捕获框架,基于著名的 pcap / WinPcap 库。它提供了一个 API,用于使用任何 .NET 语言(例如 C# 和 VB.NET)捕获、注入、分析和构建数据包。
Comparision of Pcap.Net and SharpPcap
Pcap.Net 和 SharpPcap 的比较
Wireshark
线鲨
It is used for network troubleshooting, analysis, software and communications protocol development, and education. And I think it is the most versatile packet sniffer I used till now.
它用于网络故障排除、分析、软件和通信协议开发以及教育。而且我认为它是迄今为止我使用过的最通用的数据包嗅探器。
Fiddler
提琴手
Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect traffic, set breakpoints, and "fiddle" with incoming or outgoing data. Fiddler includes a powerful event-based scripting subsystem, and can be extended using any .NET language. Recently Fiddler has been overtook by Telerik. But it is still free AFAIK.
Fiddler 是一个 Web 调试代理,它记录您的计算机和 Internet 之间的所有 HTTP(S) 流量。Fiddler 允许您检查流量、设置断点以及“摆弄”传入或传出数据。Fiddler 包括一个强大的基于事件的脚本子系统,并且可以使用任何 .NET 语言进行扩展。最近 Fiddler 被 Telerik 超越了。但它仍然是免费的 AFAIK。
回答by GraemeMiller
You can use Fiddler to see HTTP traffic http://www.fiddler2.com/fiddler2/.
您可以使用 Fiddler 查看 HTTP 流量http://www.fiddler2.com/fiddler2/。
Alternatively Wireshark http://www.wireshark.org/for more advanced stuff
或者 Wireshark http://www.wireshark.org/更高级的东西
Summary of Packet Analyzers here http://en.wikipedia.org/wiki/Packet_analyzer
数据包分析器摘要在这里http://en.wikipedia.org/wiki/Packet_analyzer
More details of what you are trying to achieve would help us advise.
有关您要实现的目标的更多详细信息将有助于我们提供建议。
回答by Ruslan F.
Some example of c# sniffer socket creation.
c#嗅探器套接字创建的一些示例。
mainSocket = new Socket(AddressFamily.InterNetwork, SocketType.Raw,
ProtocolType.IP);
// Bind the socket to the selected IP address
mainSocket.Bind(newIPEndPoint(IPAddress.Parse(cmbInterfaces.Text),0));
// Set the socket options
mainSocket.SetSocketOption(SocketOptionLevel.IP, //Applies only to IP packets
SocketOptionName.HeaderIncluded, //Set the include header
true); //option to true
byte[] byTrue = newbyte[4]{1, 0, 0, 0};
byte[] byOut = newbyte[4];
//Socket.IOControl is analogous to the WSAIoctl method of Winsock 2
mainSocket.IOControl(IOControlCode.ReceiveAll, //SIO_RCVALL of Winsock
byTrue, byOut);
//Start receiving the packets asynchronously
mainSocket.BeginReceive(byteData, 0, byteData.Length, SocketFlags.None,
newAsyncCallback(OnReceive), null);
