C# full managed implementation Pcap/PcapNG file format PcapngUtils
The nuget package ![NuGet Status](https://camo.githubusercontent.com/a16fbaa65c98a5442716fb7f16080436728998c166bcd41f527b15fde3b3db58/68747470733a2f2f646c2e64726f70626f7875736572636f6e74656e742e636f6d2f752f37353936393934362f446f776e6c6f61642f506361704e475574696c732f76312e302e372e737667)
PM> Install-Package PcapngUtils
Pcap and PcapNG are file formats used to store dumps of network traffic. There formats are described in: * Pcap: Descriptionhttps://wiki.wireshark.org/Development/LibpcapFileFormat * Pcap Next Generation: https://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html
The implementation of these formats is made by wrapping unmanaged WinPcap library. I added the implementation of both formats in a fully managed C #.
Usage
Open Pcap file
public void OpenPcapFile(string filename,CancellationToken token) { using (var reader = new PcapReader(filename)) { reader.OnReadPacketEvent += reader_OnReadPacketEvent; reader.ReadPackets(token); reader.OnReadPacketEvent -= reader_OnReadPacketEvent; } }
void reader_OnReadPacketEvent(object context, IPacket packet) { Console.WriteLine(string.Format("Packet received {0}.{1}",packet.Seconds, packet.Microseconds )); }
Open PcapNG file
public void OpenPcapNGFile(string filename,bool swapBytes,CancellationToken token) { using (var reader = new PcapNGReader("test.pcap",swapBytes)) { reader.OnReadPacketEvent += reader_OnReadPacketEvent; reader.ReadPackets(token); reader.OnReadPacketEvent -= reader_OnReadPacketEvent; } }
void reader_OnReadPacketEvent(object context, IPacket packet) { Console.WriteLine(string.Format("Packet received {0}.{1}",packet.Seconds, packet.Microseconds )); }
Better solutions, library can recognize the file format, Open Pcap/PcapNG file
public void OpenPcapORPcapNFFile(string filename,CancellationToken token) { using (var reader = IReaderFactory.GetReader(filename)) { reader.OnReadPacketEvent += reader_OnReadPacketEvent; reader.ReadPackets(token); reader.OnReadPacketEvent -= reader_OnReadPacketEvent; } }
void reader_OnReadPacketEvent(object context, IPacket packet) { Console.WriteLine(string.Format("Packet received {0}.{1}",packet.Seconds, packet.Microseconds )); }
Read packages and save to Pcap file
public void CloneFile(string inputFileName, string outputFileName, CancellationToken token)
{
using (var reader = IReaderFactory.GetReader(inputFileName))
{
using (var writer = new PcapWriter(outputFileName))
{
CommonDelegates.ReadPacketEventDelegate handler = (obj, packet) =>
{
writer.WritePacket(packet);
};
reader.OnReadPacketEvent += handler;
reader.ReadPackets(token);
reader.OnReadPacketEvent -= handler;
}
}
}
Read packages and save to PcapNG file
public void CloneFile(string inputFileName, string outputFileName, CancellationToken token)
{
using (var reader = IReaderFactory.GetReader(inputFileName))
{
using (var writer = new PcapNGWriter(outputFileName))
{
CommonDelegates.ReadPacketEventDelegate handler = (obj, packet) =>
{
writer.WritePacket(packet);
};
reader.OnReadPacketEvent += handler;
reader.ReadPackets(token);
reader.OnReadPacketEvent -= handler;
}
}
}