PcapngUtils

C# full managed implementation Pcap/PcapNG file format

The nuget package

PM> Install-Package Haukcode.PcapngUtils

Description

Pcap and PcapNG are file formats used to store dumps of network traffic. There formats are described in: * Pcap: https://wiki.wireshark.org/Development/LibpcapFileFormat * Pcap Next Generation: https://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html

The implementation of these formats is made by wrapping unmanaged WinPcap library. I added the implementation of both formats in a fully managed C #.

Usage

Open Pcap file


public void OpenPcapFile(string filename,CancellationToken token)
{
  using (var reader = new PcapReader(filename))
  {
    reader.OnReadPacketEvent += reader_OnReadPacketEvent;
    reader.ReadPackets(token);
    reader.OnReadPacketEvent -= reader_OnReadPacketEvent;
  }
}  
void reader_OnReadPacketEvent(object context, IPacket packet)
{
Console.WriteLine(string.Format("Packet received {0}.{1}",packet.Seconds, packet.Microseconds ));
}

Open PcapNG file


public void OpenPcapNGFile(string filename,bool swapBytes,CancellationToken token)
{
  using (var reader = new PcapNGReader("test.pcap",swapBytes))
  {
    reader.OnReadPacketEvent += reader_OnReadPacketEvent;
    reader.ReadPackets(token);
    reader.OnReadPacketEvent -= reader_OnReadPacketEvent;
  }
}  
void reader_OnReadPacketEvent(object context, IPacket packet)
{
Console.WriteLine(string.Format("Packet received {0}.{1}",packet.Seconds, packet.Microseconds ));
}

Open Pcap/PcapNG file

Better solutions, library can recognize the file format,


public void OpenPcapORPcapNFFile(string filename,CancellationToken token)
{
  using (var reader = IReaderFactory.GetReader(filename))
  {
    reader.OnReadPacketEvent += reader_OnReadPacketEvent;
    reader.ReadPackets(token);
    reader.OnReadPacketEvent -= reader_OnReadPacketEvent;
  }
}  
void reader_OnReadPacketEvent(object context, IPacket packet)
{
Console.WriteLine(string.Format("Packet received {0}.{1}",packet.Seconds, packet.Microseconds ));
}

Read packages and save to Pcap file


public void CloneFile(string inputFileName, string outputFileName, CancellationToken token)
{
  using (var reader = IReaderFactory.GetReader(inputFileName))
  {
    using (var writer = new PcapWriter(outputFileName))
    {
      CommonDelegates.ReadPacketEventDelegate handler = (obj, packet) =>
      {
        writer.WritePacket(packet);
      };
      reader.OnReadPacketEvent += handler;
      reader.ReadPackets(token);
      reader.OnReadPacketEvent -= handler; 
    }                
  }
}

Read packages and save to PcapNG file


public void CloneFile(string inputFileName, string outputFileName, CancellationToken token)
{
  using (var reader = IReaderFactory.GetReader(inputFileName))
  {
    using (var writer = new PcapNGWriter(outputFileName))
    {
      CommonDelegates.ReadPacketEventDelegate handler = (obj, packet) =>
      {
        writer.WritePacket(packet);
      };
      reader.OnReadPacketEvent += handler;
      reader.ReadPackets(token);
      reader.OnReadPacketEvent -= handler; 
    }                
  }
}

rj2skipper / pcapngutils Goto Github PK

pcapngutils's Introduction

PcapngUtils

The nuget package

Description

Usage

Open Pcap file

Open PcapNG file

Open Pcap/PcapNG file

Read packages and save to Pcap file

Read packages and save to PcapNG file

pcapngutils's People

Contributors

Watchers

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent