SharpPcap中文开发全攻略Word格式.docx

1、NET应用WinPcap而在他的大学最后项目的工作。The project involved analyzing and decoding VoIP traffic and he wanted to keep coding simple with C# which has time saving features like garbage collection.该项目涉及VoIP流量分析和解码，他想继续用C编码具有省时，如垃圾收集功能简单。Accessing the WinPcap API from .NET seemed to be quite a popular requirement,

2、and he found some useful projects on CodeProjects website that let you do just that: WinPcap的API的访问似乎从净是相当流行的要求，他发现在CodeProject上的一些网站，让您做到这一点有益的项目。： Packet Capture and Analyzer数据包捕获和分析仪 Raw Socket Capturing Using C#原始套接字捕获使用C Packet sniffing with winpcap functions ported to a .NET library与WinPcap的包嗅

3、探功能移植到。NET库The first project is a great ethereal .NET clone that lets you capture and analyze numerous types of protocol packets.第一个项目是一个伟大的空灵。NET的克隆，让您获取和分析大量的数据包的协议类型。However, a few issues with this project make it almost impossible to be shared among other .NET applications.然而，随着这个项目的几个问题使它几乎不可能得

4、到在其他。NET应用程序共享。Firstly, the author did not provide any generic API for capturing packets that can be used by other .NET applications.首先，作者没有提供用于捕获，可以通过其他。NET应用程序中使用任何通用的API包。He didnt separate his UI code and his analyzing and capturing code, making his capturing code depend on the GUI classes such a

5、s ListView to operate.他没有单独的UI代码和他的分析和捕获的代码，使他的捕捉代码类依赖于图形用户界面，如ListView操作。Secondly, for some reason the author chose to re-implement some of WinPcaps functions in C# by himself rather than just wrapping them.其次，由于某些原因，笔者选择了重新实现在C由他本人，而不是仅仅WinPcap的包装他们的部分职能。This means that his application cant take a

6、dvantage of the new WinPcap versions since he hard coded a certain version of WinPcap in his application.这意味着他的应用程序无法利用新的WinPcap的版本的硬编码的优势，因为他在他的WinPcap的应用程序的某些版本。The second and the third articles are nice starts for wrapper projects for WinPcap, however they didnt provide some important WinPcap fea

7、tures such as handling offline pcap files and applying kernel-level packet filters, and most importantly they provide no parser classes for analyzing protocol packets.第二个和第三个物品的包装项目为WinPcap的好开始，但他们没有提供一些重要的WinPcap的功能，如离线pcap的文件处理和应用内核级数据包过滤器，以及最重要的是他们提供了这样的分析没有协议分析器类包。Both projects didnt post their

8、library source code together with the article in order to let other people extend their work and add new features and new packet parser classes.这两个项目没有张贴的文章，以自己的库的源代码，让其他人一起延长他们的工作和增加新功能和新的数据包分析器类。And so, Tamir decided to start his own library for the task.因此，塔米尔决定开始他对自己的图书馆工作。Several versions in th

9、e 1.x series were released.在1.x系列的几个版本发布。Development slowed towards mid-2007 when the last version in the 1.x series was released, SharpPcap 1.6.2.发展放缓对2007年年中时，在1.x系列的最后一个版本发布时，SharpPcap 1.6.2。Chris Morgan took over development of SharpPcap in November of 2008.克里斯摩根发生在2008年11月超过SharpPcap发展。Since th

10、en SharpPcap has had major internal rewrites and API improvements.从那时起SharpPcap主要内部已重写和API改进。In late February 2010, SharpPcap v3.0 was released. 2010年2月下旬，SharpPcap 3.0被释放。This release represents a rewrite of SharpPcaps packet parsers.此版本是一个重写SharpPcap的数据包分析器。Packet parsing functionality was broken

11、out into a new library, Packet.Net .分组分析功能被打破，进入一个新的图书馆，Packet.Net。SharpPcap takes care of interfacing with libpcap/winpcap and Packet.Net takes care of packet dissection and creation. SharpPcap注意到与libpcap的/ WinPcap的包和Packet.Net注意到接口解剖和创造护理照顾。The details of Packet.Nets architecture will be discussed

12、 later in the tutorial.对Packet.Net的建筑的细节将在本教程的后面讨论。SharpPcap v3.5 was released February 1 st , 2011. SharpPcap v3.5版本发布了2月1 日，2011年。The 3.5 release contains significant API changes as well as WinPcap remote capture and AirPcap support. 3.5版本包含重大的空气污染指数的变化以及WinPcap的远程采集和支持AirPcap。About SharpPcap关于Sha

13、rpPcap The purpose of SharpPcap is to provide a framework for capturing, injecting and analyzing network packets for .NET applications.的目的SharpPcap是提供一个框架NET应用程序捕获，注资。和分析网络数据包。SharpPcap is openly and actively developed with its source code and file releases hosted on SourceForge. SharpPcap是公开和积极发展同它

14、的源代码和文件发布在SourceForge托管。Source code patches to improve or fix issues are welcome via the sharppcap developers mailing list .源代码补丁，以改善或解决问题欢迎通过sharppcap开发者邮件列表。Bug reports, feature requests and other queries are actively answered on the support forums and issue trackers there so if you have any troub

15、le with the library please feel free to ask.错误报告，功能要求和其他查询正在积极回答问题的论坛和跟踪支持，所以如果你有任何问题请与库随时问。SharpPcap is a fully managed cross platform library. SharpPcap是一个完全跨平台的库管理。The same assembly runs under Microsoft .NET as well as Mono on both 32 and 64bit platforms.同一程序集运行在微软的。NET以及单在32位和64位平台。The following

16、 list illustrates the features currently supported by SharpPcap:下面的列表说明了目前SharpPcap功能支持： Single assembly for Microsoft .NET and Mono platforms on Windows （32 or 64bit） , Linux （32 or 64bit） and Mac .单一组件的Microsoft。NET和 Mono平台上的Windows（32位或64位）和Linux（32或64位）和 Mac。 High performance - SharpPcap can cap

17、ture fast enough to keep up with 3MB/s scp transfer rates高性能 - SharpPcap可以捕捉足够快跟上的3MB / s的传输速率高达SCP的 WinPcap extensions are partially supported:WinPcap的扩展部分支持：o Setting the kernel buffer size设置内核缓冲区大小o Injecting packets using send queues.注射用的数据包发送队列。o Collecting network statistics on a given network

18、 interface收集在一个特定的网络接口的网络统计 AirPcap supportAirPcap支持 Enumerating and showing details about the physical network interface on a Windows machine.枚举和显示有关Windows机器上的物理网络接口的细节。 Capturing low-level network packets going through a given interface.捕获低级别的网络数据包将通过给定的接口。 Analyzing and parsing the following pro

19、tocols:分析和解析以下协议：o Ethernet以太网o SLL （Linux Cooked-Mode Capture）血清瘦素（Linux的熟食方式采集）o ARP （Address Resolution Protocol）ARP（地址解析协议）o IP （Internet Protocol） :IP（因特网协议）： IPv4IPv4的 IPv6IPv6的o TCP （Transmission Control Protocol）TCP（传输控制协议）o UDP （User Datagram Protocol）UDP（用户数据报协议）o ICMP （Internet Control Me

20、ssage Protocol） :ICMP协议（Internet控制消息协议）： ICMPv4ICMPv4 ICMPv6ICMPv6报o IGMPv2IGMPv2的o PPPoEPPPoE协议o PTP和平之路o LLDPLLDP功能o Wake-on-LAN（WOL）唤醒局域网（网络唤醒） Injecting low-level network packets on a given interface.在给定接口注入的低级别的网络数据包。 Handling （reading and writing） offline packet capture files.处理（阅读和写作）离线数据包捕获文

21、件。 Retrieving adapter statistics on packets received vs. dropped检索的数据包接收适配器统计对比下降Please check the project homepage homepage for the latest updates and bug fixes.请检查项目主页主页最新的更新和bug修复。SharpPcap architecture SharpPcap架构SharpPcap has a layered architecture, at the top level are classes that work across

22、all devices: SharpPcap具有层状结构，在顶层的类，所有设备的工作： CaptureDeviceList - Retrieves a list of all devices on the systemCaptureDeviceList -检索系统名单上的所有设备 OfflineCaptureDevice - Device that reads from a pcap capture fileOfflineCaptureDevice -文件读取装置从一个pcap的捕捉 ICaptureDevice - All capture devices have ICaptureDevic

23、e interfacesICaptureDevice -所有的捕捉设备有ICaptureDevice接口The namespaces are layed out hierarchically:该命名空间的布局层次： LibPcaplibpcap的o LibPcapLiveDevice - An ICaptureDeviceLibPcapLiveDevice -一个ICaptureDeviceo LibPcapLiveDeviceList - Retrieves a list of LibPcapLiveDevice devices （these include pcap/winpcap and

24、 airpcap devices）LibPcapLiveDeviceList -检索一个名单LibPcapLiveDevice设备（其中包括pcap的/ WinPcap的和airpcap设备） WinPcapWinPcap的o WinPcapDeviceList - Retrieves a list of WinPcapDevices （these include winpcap and airpcap devices）WinPcapDeviceList -检索一个名单WinPcapDevices（其中包括WinPcap的和airpcap设备）o WinPcapDevice - A LibPc

25、apLiveDevice with additional WinPcap features and interfacesWinPcapDevice -阿LibPcapLiveDevice额外WinPcap的功能和接口 AirPcapAirPcapo AirPcapDeviceList - Retrieves a list of AirPcapDevicesAirPcapDeviceList -检索一个名单AirPcapDeviceso AirPcapDevice - A WinPcapDevice with additional AirPcap features and interfacesA

26、irPcapDevice -阿WinPcapDevice额外AirPcap功能和接口CaptureDeviceList returns a list of fully differentiated devices.CaptureDeviceList返回一个设备清单完全分化。This means that each ICaptureDevice returned by CaptureDeviceList is either a LibPcapLiveDevice , a WinPcapDevice or a AirPcapDevice .这意味着每个ICaptureDevice由归国Captur

27、eDeviceList要么是LibPcapLiveDevice，一WinPcapDevice或AirPcapDevice。This allows you to retrieve the entire list of devices and differentiate by looking at the type of each device.这使您可以检索整个列表的设备和差异化在每个设备类型看。If you would like to get a specific type of device only, you can use one of the particular *DeviceLis

28、t classes.如果你想获得一个特定的特定类型的设备只，你可以使用一个*DeviceList类。Collapse | Copy Code/ Retrieve all capture devices/ /检索所有捕获设备var devices = CaptureDeviceList; = CaptureDeviceList VaR的装置;/ differentiate based upon types/ /类型的区分依据foreach （ICaptureDevice dev in devices）的foreach（ICaptureDevice dev的设备中） if （dev is AirPcapDevice）如果（dev 是 AirPcapDevice）/ process as an AirPcapDevice/ /过程作为AirPcapDevice else if （dev is WinPcapDevice） 否则如果（dev 是