用c#监控网络流量

监控|流量|网络

   以下的代码的原作是opensource的一个叫sniffer.net的，用vb.net写的，这里只是简单的用c#翻译了一下，暂时还只能监控所有数据包，不能监控某一个进程的数据包,代码如下：
using System;
using System.Text;
using System.Net;
using System.Net.Sockets;
using System.Runtime.InteropServices;
namespace UpdateTester
{
 /**//// <summary>
 /// Monitor 的摘要说明。
 /// </summary>
 public class Monitor
 {
  public delegate void NewPacketEventHandler(Monitor m, Packet p);
  public event NewPacketEventHandler NewPacket;
  private Socket m_Monitor;
  private IPAddress m_Ip;
  private byte[] m_Buffer = new byte[65535];
  private const System.Int32 IOC_VENDOR = 0x18000000;
  private const int IOC_IN = -2147483648;
  private const int SIO_RCVALL = IOC_IN ^ IOC_VENDOR ^ 1;
  private const int SECURITY_BUILTIN_DOMAIN_RID = 0x20;
  private const int DOMAIN_ALIAS_RID_ADMINS = 0x220;

  public System.Net.IPAddress IP
  {
   get { return m_Ip; }
  }

  public byte[] Buffer
  {
   get { return m_Buffer; }
  }

  public Monitor()
  {
   //
   // TODO: 在此处添加构造函数逻辑
   //
  }

  public Monitor(IPAddress IpAddress)
  {
   if (!(Environment.OSVersion.Platform == PlatformID.Win32NT) && Environment.OSVersion.Version.Major<5)
   {
    throw new NotSupportedException("This program requires Windows 2000, Windows XP or Windows .NET Server!");
   }
   m_Ip = IpAddress;
  }

  public void Start()
  {
   if (m_Monitor==null)
   {
    try
    {
     m_Monitor = new Socket(AddressFamily.InterNetwork, SocketType.Raw, ProtocolType.IP);
     m_Monitor.Bind(new IPEndPoint(IP, 0));
     m_Monitor.IOControl(SIO_RCVALL, BitConverter.GetBytes(1), null);
     m_Monitor.BeginReceive(m_Buffer, 0, m_Buffer.Length, SocketFlags.None, new AsyncCallback(OnReceive), null);
    }
    catch (Exception e)
    {
     m_Monitor = null;
     throw new SocketException();
    }
   }
  }

  public void Stop()
  {
   if (m_Monitor!=null)
   {
    m_Monitor.Close();
   }
   m_Monitor = null;
  }

  public void OnReceive(System.IAsyncResult ar)
  {
   try
   {
    int received = m_Monitor.EndReceive(ar);

    try
    {
     if (m_Monitor!=null)
     {
      byte[] pkt = new byte[received];
      Array.Copy(Buffer, 0, pkt, 0, received);
      OnNewPacket(new Packet(pkt, DateTime.Now));
     }
    }
    catch(Exception e)
    {
     throw;
    }

    m_Monitor.BeginReceive(Buffer, 0, Buffer.Length, SocketFlags.None, new AsyncCallback(OnReceive), null);
   }
   catch (Exception e)
   {

   }
  }

  protected void OnNewPacket(Packet p)
  {
   NewPacket(this, p);
  }
 }
}

using System;
using System.Text;
using System.Net;
using System.Net.Sockets;

namespace UpdateTester
{

 public enum Precedence
 {
  Routine = 0,
  Priority = 1,
  Immediate = 2,
  Flash = 3,
  FlashOverride = 4,
  CRITICECP = 5,
  InternetworkControl = 6,
  NetworkControl = 7
 }

 public enum Delay
 {
  NormalDelay = 0,
  LowDelay = 1
 }

 public enum Throughput
 {
  NormalThroughput = 0,
  HighThroughput = 1
 }

 public enum Reliability
 {
  NormalReliability = 0,
  HighReliability = 1
 }

 public enum Protocol
 {
  Ggp = 3,
  Icmp = 1,
  Idp = 22,
  Igmp = 2,
  IP = 4,
  ND = 77,
  Pup = 12,
  Tcp = 6,
  Udp = 17,
  Other = -1
 }
 /**//// <summary>
 /// Packet 的摘要说明。
 /// </summary>
 public class Packet
 {

  private byte[] m_Raw;
  private DateTime m_Time;
  private int m_Version;
  private int m_HeaderLength;
  private Precedence m_Precedence;
  private Delay m_Delay;
  private Throughput m_Throughput;
  private Reliability m_Reliability;
  private int m_TotalLength;
  private int m_Identification;
  private int m_TimeToLive;
  private Protocol m_Protocol;
  private byte[] m_Checksum;
  private string m_SourceAddress;
  private string m_DestinationAddress;
  private int m_SourcePort;
  private int m_DestinationPort;

  public Packet()
  {
   //
   // TODO: 在此处添加构造函数逻辑
   //
  }
  //
  //  public Packet(byte[] raw):(byte[] raw, DateTime time)
  //  {
  //   Packet(raw, DateTime.Now);
  //  }

  public Packet(byte[] raw, DateTime time)
  {
   if (raw==null)
   {
    throw new ArgumentNullException();
   }
   if (raw.Length<20)
   {
    throw new ArgumentException();
   }

   this.m_Raw = raw;
   this.m_Time = time;
   this.m_HeaderLength = (raw[0] & 0xF) * 4;
   if ((raw[0] & 0xF) < 5) {throw new ArgumentException();}
   this.m_Precedence = (Precedence)((raw[1] & 0xE0) >> 5);
   this.m_Delay = (Delay)((raw[1] & 0x10) >> 4);
   this.m_Throughput = (Throughput)((raw[1] & 0x8) >> 3);
   this.m_Reliability = (Reliability)((raw[1] & 0x4) >> 2);
   this.m_TotalLength = raw[2] * 256 + raw[3];
   if ( ! (this.m_TotalLength == raw.Length)) { throw new ArgumentException();} // invalid size of packet;
   this.m_Identification = raw[4] * 256 + raw[5];
   this.m_TimeToLive = raw[8];

   m_Protocol = (Protocol)raw[9];

   m_Checksum = new byte[2];
   m_Checksum[0] = raw[11];
   m_Checksum[1] = raw[10];

   try
   {
    m_SourceAddress = GetIPAddress(raw, 12);
    m_DestinationAddress = GetIPAddress(raw, 16);
   }
   catch (Exception e)
   {
    throw;
   }

   if (m_Protocol == Protocol.Tcp || m_Protocol == Protocol.Udp)
   {
    m_SourcePort = raw[m_HeaderLength] * 256 + raw[m_HeaderLength + 1];
    m_DestinationPort = raw[m_HeaderLength + 2] * 256 + raw[m_HeaderLength + 3];
   }
   else
   {
               
    m_SourcePort = -1;
    m_DestinationPort = -1;
   }
  }

  public string GetIPAddress(byte[] bArray, int nStart)
  {
   byte[] tmp = new byte[4];

   if (bArray.Length > nStart + 2)
   {
    tmp[0] = bArray[nStart];
    tmp[1] = bArray[nStart + 1];
    tmp[2] = bArray[nStart + 2];
    tmp[3] = bArray[nStart + 3];
   }

   return tmp[0] + "." + tmp[1] + "." + tmp[2] + "." + tmp[3];
  }

  public int TotalLength
  {
   get { return m_TotalLength; }
  }

  public DateTime Time
  {
   get { return this.m_Time; }
  }

  public Protocol Protocol
  {
   get { return this.m_Protocol; }
  }

  public string SourceAddress
  {
   get { return this.m_SourceAddress; }
  }

  public string Source
  {
   get
   {
    if ( m_SourcePort != -1 )
    {
     return SourceAddress.ToString() + ":" + m_SourcePort.ToString();
    }
    else
    {
     return SourceAddress.ToString();
    }
   }
  }

  public string Destination
  {
   get
   {
    if (this.m_DestinationPort != -1)
    {
     return DestinationAddress.ToString() + ":" + m_DestinationPort.ToString();
    }
    else
    {
     return DestinationAddress.ToString();
     }
   }
  }

  public string DestinationAddress
  {

   get
   {
    return m_DestinationAddress;
   }
  }
 }
}

在主程序里
private Monitor[] m_PacketMonitors;
  private ArrayList m_Packets;
  private System.Windows.Forms.StatusBar statusBar1;
  private int m_PacketsSize;

执行方法中
private void StartMonitor()
  {
   IPAddress[] hosts = Dns.Resolve(Dns.GetHostName()).AddressList;

   if (hosts.Length == 0) { throw new NotSupportedException("This computer does not have non-loopback interfaces installed!");}
   for (int i=0; i<hosts.Length; i++)
   {
   }

   m_PacketMonitors = new Monitor[1];
   m_Packets = new ArrayList();
   m_PacketMonitors[0] = new Monitor(hosts[0]);

// 添加代理，每次有新的packet到时都出发下面哪个动作
   m_PacketMonitors[0].NewPacket+=new Monitor.NewPacketEventHandler(this.OnNewPacket);
   m_PacketMonitors[0].Start();
  }

// 这个方法用于把packet显示到一个地方

private void OnNewPacket(Monitor m, Packet p)
  {
   m_Packets.Add(p);
   m_PacketsSize += p.TotalLength;
   try
   {
    txtLog.Text += p.Time.ToString()+p.Protocol.ToString()+p.Source.ToString()+p.Destination.ToString()+p.TotalLength.ToString();
 
   }
   catch (Exception e)
   {
    MessageBox.Show(e.Message);
   }

   statusBar1.Text = String.Format("Intercepted {0} packet(s) [{1} bytes]", m_Packets.Count, m_PacketsSize);
  }