Mon 26 Mar 2007
WinPcapNet first release
Posted by ben under PcapNet
WinPcapNet is a .NET wrapper for the famous WinPcap Library.
It is being developed in C++/CLI for maximum speed of execution between managed languages and WinPcap driver.
Not really evoluted for the moment, it permits the minimum required :
- retrieve the Network devices
- open - close a device
- set a capture filter
- read packets on the network
- send packets on the network
The main purpose being to propose .NET developers an easy way to use WinPcap.
Futur releases will include driver loading / unloading services on the fly, and a packet factory class.
You can download the DLL here, and a C# example showing off the use of the wrapper.
Another example to resolve the cross-threading problem.
.
21 Responses to “ WinPcapNet first release ”
Comments:
Leave a Reply
Trackbacks & Pingbacks:
-
Trackback from Brown
June 21st, 2007 at 12:57 amBrown…
OMG! I cant beleive it….
/img/button_xhtml.gif){kind=small}
/img/button_css.gif)
/img/button_rss.gif){kind=small}
/img/button_atom.gif){kind=small}
June 25th, 2007 at 3:20 pm
Great stuff. I’m using this for a little project I’m working on
Got only one issue with the example code though; InvalidOperationsException in the DoWork event because it’s trying to access the text box and .NET won’t let it. Any ideas?
June 25th, 2007 at 4:17 pm
What happens in this example is a cross thread problem, it is unsafe since the form is called from another thread than the one which created it.
To resolve this problem, you have to “invoke” the function from a delegate.
I am uploading a new example, hope it will fix your problem.
Thanks for your comment.
Ben.
June 25th, 2007 at 4:53 pm
Great, thanks a lot. Nice commentary as well, multi-threading isn’t my speciality
June 25th, 2007 at 6:04 pm
One last thing, how do I go about using the setFilter method? I’ve checked the WinPCAP reference but they don’t mention what the netmask uint should be …
June 25th, 2007 at 6:25 pm
It is used only in the case your interface does not have any addresses, to precise the network class, just leave it to 0 and it should work fine, example :
pcap.pcapnet_setFilter(”host 192.168.1.1 and arp”,0);
June 25th, 2007 at 6:27 pm
By the way, how did you find this page ?! since I am not advertising it I’m quite surprised!
What kind of application are you developing ?
June 25th, 2007 at 6:44 pm
Concerning the filter; I tried to use it before openLive, and it gave me an AccessViolationException (Attempted to read or write protected memory. This is often an indication that other memory is corrupt.) while using pcap.pcapnet_setFilter(”tcp”, 0);. I assume I’m doing this at the wrong time?
I don’t know how I found this page. I have worked with libpcap in *NIX before when I developed an enterprise IM logging/filtering back-end system. When back at home, I thought I’d apply the packet capturing library for some personal projects and looked into a .NET variant because I’m not a C\C++ guru (and don’t really want to be). I googled around and found this page somehow. It’s not easy to find, but I had it bookmarked
Right now I’m making a little tool that parses packets sent by a specific game. You can make a lobby to start a multi player game, then people join etc. The only way to identify people is by their nickname, but there’s a fair amount of annoying kids that want to harass everyone once the game has started, you can kick them, but all they have to do is create another profile. What I’m doing is making a little tool that parses the packets sent by the game to (hopefully) associate the names with their IPs to get rid of them when they rejoin with a new profile
June 25th, 2007 at 6:57 pm
Ok, the setFilter has to happen AFTER openLive rather than BEFORE it. Thanks anyway
June 25th, 2007 at 7:03 pm
Yes, you must set the filter after the card has been opened with openLive(..).
If I have the time I will try to change the design to make it as easy as possible, but still have to do this damn packet factory for easy data manipulation and the driver loading.
That’s a good idea, you will tell me about the game I will have a look !
June 25th, 2007 at 7:09 pm
I’ve already written some of my own code to simplify the use (nothing much, a PcapNIC and PcapNICController class to get the different interfaces in a more .NET-like way and a PcapFacade that should hide most of the PcapNet handling).
The game I was talking about is Company of Heroes. It uses Quazal.com to offer the multi-player part of the game. I have already done some research into the packets with Wireshark, and I know for a fact that when other people join a lobby you’re in, there are 1 or more packets that get sent or received with the nickname and IP in them, so all I have to do is parse them out (first I need to get my PcapNet test case working though).
September 12th, 2007 at 3:14 pm
really nice work….well done i just found it as i was looking for a .NET wrapper ..thank u
November 2nd, 2007 at 4:27 pm
Very nice work indeed. I couldn’t find any other DLL that uses CLI to talk to WinPcap. Could I offer my help in developing this?
November 25th, 2007 at 3:40 am
Thanx for your comment Gregory, the project is closed and did not go very far, just the basis as I don’t have any time.
If I get the time, I would go for a total rewrite (in c++/cli) of the pcap dll, straightly from the driver (.sys) instead of a simple wraper that needs the base DLL. If you have time, maybe you could start this idea !
January 24th, 2008 at 10:48 pm
So, is the source available? Or is it buried in one of the examples I’ve yet to open?
January 25th, 2008 at 2:49 am
Dear Michael Graff,
I will have a look in my old documents if I can still find the sources, but nothing great in it, a simple wrapper, about 50 lines of code.
January 25th, 2008 at 4:17 pm
For those of us who don’t know what we’re doing in this whole .net managed code thing, any examples of how to wrap a library would be welcomed!
BTW, it would be nice if the pcapnet_if type were smarter, and could act as an indexed value. This would allow one to say:
pcap->pcapnet_findalldevs(nics, errbuff);
for (int i = 0 ; i
February 20th, 2008 at 4:53 pm
post up yer source. post it. winpcap and libpcap and jpcap and.. and.. and… are all GNU v2/3, get on with it so others can help you out.
March 10th, 2008 at 4:27 am
Hi 5l1v3r,
First, thanks for your comment.
I have no interest into keeping the sources for myself, all of my mini tools/programs are free and open sources…
The thing is that for some programs as this one, I really can’t find out where I put the sources or simply don’t have time to look after them in my hdd, this mini wrapper has been done a year ago, I have changed 2 or 3 times my hdds since…
As soon as I get the time I promise I will post the sources.
Ben.
March 10th, 2008 at 4:32 am
Also, if you can’t wait, you can grab a free tool called “Reflector” somewhere on google, it permits to decompile nicely all .NET sources which have not been ofuscated.
Give it a try on the DLL pcap wrapper, you will see, its magic!
May 20th, 2008 at 4:05 pm
any luck finding the source? or any updates on the project?