C#获取包数据
[英]C# Getting packet data
问题描述
I've been trying to write a script that will sniff HTTP headers. 
我一直在尝试编写一个可以嗅探HTTP头的脚本。 So far I've got the socket bound to port 80 and packets seem to be received, but I can't get them into string form. 到目前为止,我已经将套接字绑定到端口80并且数据包似乎已被接收,但我无法将它们转换为字符串形式。 All that outputs is "E" continuously. 所有输出都是“E”连续。 I changed the bytes into hex earlier and there seems to be some data coming in, but the current code is unable to change the bytes into a string. 我之前将字节更改为十六进制,似乎有一些数据进入,但当前代码无法将字节更改为字符串。 Is there some other way of decoding the bytes that will give a proper string? 有没有其他方法解码将提供正确字符串的字节?
byte[] input = BitConverter.GetBytes(1);
byte[] buffer = new byte[4096];
Socket s = new Socket(AddressFamily.InterNetwork, SocketType.Raw, ProtocolType.IP);
s.Bind(new IPEndPoint(IPAddress.Parse(strIP), 80));
s.IOControl(IOControlCode.ReceiveAll, input, null);
int bytes;
bytes = s.Receive(buffer);
while (bytes > 0)
{
log(System.Text.Encoding.ASCII.GetString(buffer, 0, bytes));
bytes = s.Receive(buffer);
}
3 个解决方案
解决方案1
6 已采纳 2009-12-05 03:20:55
When you sniff data using a raw socket, you're receiving Internet Protocol (IP) packets. 当您使用原始套接字嗅探数据时,您将收到Internet协议(IP)数据包。 Each IP packet begins with an IP header . 每个IP数据包都以IP标头开头。 This header is typically 20 bytes long, but it can be longer than that. 此标头通常长20个字节,但可能比此长。 Following the IP header is the header for the Transport Layer, eg, the Transmission Control Protocol (TCP) header or the User Datagram Protocol (UDP) header. IP报头之后是传输层的报头,例如传输控制协议 (TCP)报头或用户数据报协议 (UDP)报头。 After this header comes the data you're looking for, ie, the HTTP. 在此标题之后是您要查找的数据,即HTTP。 So when you're parsing the data, you need to skip past the IP header and the Transport Layer header first. 因此,在解析数据时,您需要首先跳过IP标头和传输层标头。
解决方案2
5 2009-12-05 02:46:19
您可能需要在此处查看此C#网络嗅探器的源代码。
解决方案3
5 2009-12-05 03:15:51
Firstly, why are you writing this using raw sockets and changing the IOControl? 首先,为什么要使用原始套接字并更改IOControl来编写它? I tried running your code on Vista and it wouldn't work, even as administrator. 我尝试在Vista上运行你的代码,即使是管理员也无法运行。 Can you use a higher level of abstraction, such as TcpClient instead? 您可以使用更高级别的抽象,例如TcpClient吗?
Secondly, you need to send a request before you get a response. 其次,您需要在收到回复之前发送请求。 The simplest request you can send is "GET /\\n" where \\n is the character for a new line. 您可以发送的最简单的请求是“GET / \\ n”,其中\\ n是新行的字符。
Here is some code that you could use (the Write method needs to check the return value too, but this is omitted for simplicity): 下面是一些您可以使用的代码(Write方法也需要检查返回值,但为简单起见省略了这一点):
using (TcpClient tcpClient = new TcpClient(strIP, 80))
{
using (Stream s = tcpClient.GetStream())
{
byte[] bytesToSend = Encoding.ASCII.GetBytes("GET /\n");
s.Write(bytesToSend, 0, bytesToSend.Length);
int bytes;
byte[] buffer = new byte[4096];
do
{
bytes = s.Read(buffer, 0, buffer.Length);
Console.WriteLine(Encoding.ASCII.GetString(buffer, 0, bytes));
} while (bytes > 0);
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.