选题背景
基于以上信息,利用WinPcap技术抓取网络数据包,对HTTP POST包进行分析,过滤出对域名qq.com访问的数据包,但是由于WinPcap考虑到很多数据结构需要自己封装且时间很少,所以决定使用sharpPcap+C# 代替常用的 WinPcap+VC来捕获数据包 实现基本思路 (1)经典的HTTP请求方式: GET /somedir/page.html HTTP/1.1Host: www.someschool.eduConnection: closeUser-agent: Mozilla/4.0Accept-language: fr |
(2)我们注意到HTTP请求报文中的第一行是以GET打头的,它实际上是HTTP请求的一种方法,类似的还有POST、HEAD等等。一般熟知的大概就是GET和POST。
(3)利用这个我们就可以用 sharpPcap 技术抓取网络数据包,在数据包中判断TCP数据报文里是否保存了HTTP数据。如果有HTTP数据且是请求报文,就获得了HTTP的 GET、POST 请求数据后进行解析,数据的解析可以通过Content-Type分析数据格式,并按照相应的解析方式进行解码,解码过程中还有对于中文字符的处理等等。
部分功能实现
基于sharpPcap,C#写的抓包程序源代码
using System; using System.Collections.Generic; using System.Linq; using System.Text; using SharpPcap; namespace SharpPcapTest { class Program { static void Main(string[] args) { PacketArrivalForm packArrivalForm = new PacketArrivalForm(); packArrivalForm.ShowDialog(); FileOperate fileOperate = new FileOperate(); string ver = SharpPcap.Version.VersionString; Console.WriteLine("SharpPcap {0}, Example1.IfList.cs", ver); String strTemp = "SharpPcap" + ver + "\n"; fileOperate.wtiteToTxtFile(@".\123.txt", strTemp); // Retrieve the device list var devices = LivePcapDeviceList.Instance; // If no devices were found print an error if (devices.Count < 1) { Console.WriteLine("No devices were found on this machine"); return; } Console.WriteLine("\nThe following devices are available on this machine:"); Console.WriteLine("----------------------------------------------------\n"); /* Scan the list printing every entry */ /*获取驱动列表*/ foreach (var dev in devices) { //Console.WriteLine("{0}\n", dev.ToString()); fileOperate.wtiteToTxtFile(@".\123.txt", dev.ToString()); strTemp += dev.ToString(); } //在对话框中显示相关的设备信息 ShowForm showForm = new ShowForm(); showForm.setRichTextBoxStr(strTemp); showForm.ShowDialog(); /*接收数据包时间等各种数据*/ int i = int.Parse(Console.ReadLine()); LivePcapDevice device = devices[i]; // Register our handler function to the 'packet arrival' event device.OnPacketArrival += new PacketArrivalEventHandler(device_OnPacketArrival); // Open the device for capturing int readTimeoutMilliseconds = 1000; device.Open(DeviceMode.Promiscuous, readTimeoutMilliseconds); Console.WriteLine(); Console.WriteLine("-- Listening on {0}, hit 'Enter' to stop...",device.Description); strTemp = "Hour\tMinute\tSecond\tMillisecond\tlen\n"; fileOperate.wtiteToTxtFile(@".\data.txt", strTemp); // Start the capturing process device.StartCapture(); // Wait for 'Enter' from the user. Console.ReadLine(); // Stop the capturing process device.StopCapture(); Console.WriteLine("-- Capture stopped."); // Print out the device statistics Console.WriteLine(device.Statistics().ToString()); fileOperate.wtiteToTxtFile(@".\data.txt", device.Statistics().ToString()); Console.Write("Hit 'Enter' to exit..."); Console.ReadLine(); } private static void device_OnPacketArrival(object sender, CaptureEventArgs e) { FileOperate fileOperate = new FileOperate(); var time = e.Packet.Timeval.Date; var len = e.Packet.Data.Length; Console.WriteLine("{0}:{1}:{2},{3} Len={4}",time.Hour, time.Minute, time.Second, time.Millisecond, len); string strTemp = time.Hour.ToString() + "\t" + time.Minute.ToString() + "\t" + time.Second.ToString() + "\t" + time.Millisecond.ToString() + "\t\t" + len.ToString() + "\n"; Console.WriteLine(e.Packet.ToString()); strTemp += "\n" + e.Packet.ToString() + "\n"; fileOperate.wtiteToTxtFile(@".\data.txt", strTemp); } } }
设备信息截图:
获取数据包数据截图:
完整源码就不附上了,附上exe下载地址:http://pan.baidu.com/s/1mgp3kWo