Using sharppcap to read packets
I'm trying to read TCP packets using sharppcap in my .NET application but I can't seem to figure out how to check if it's a TCP packet or not, and read the data if so.
Researching this, I could only ever find posts surpassing 7 years of activity and it has obviously been updated quite the bit since then. Does anyone have an idea on how to go about this?
6 Replies
Yeah there doesn't seem to be much in the way of docs, does there!
There's an examples folder, and this one looks relevant: https://github.com/dotpcap/sharppcap/blob/master/Examples/Example5.PcapFilter/Program.cs
It looks like it uses PacketDotNet for the
Packet type. It looks like you'll get an IPv4Packet, which has Protocol property? https://github.com/dotpcap/packetnet/blob/7ca030150879fc25c65e5630343e6c517f50a9b0/PacketDotNet/IPv4Packet.cs#L276
So if you didn't want to use a filter, you could do something like e.GetPacket().GetPacket() is IPv4Packet { ProtocolType: ProtocolType.Tcp } etcThere certainly does not seem to be. Thank you, I will give this a shot. 😋
This does seem to work very well. Does it also capture requests on the local machine?
Which of the two ways?
I'm not sure what level the string filter applies at tbh
The string filter.
In Wireshark, filters apply on top of the captured packets, so you can change the filter and see packets which were previously captures which match the new filter. I'd assume that charppcap works the same way as a first approximation, but I've never used it
Hmm. I'm currently attempting to capture incoming and outgoing HTTP requests from me web-browsing, but no packets are captured matching the case.