Packet Sniffer in C#


The attached source code is a packet sniffer. Most of featured came from ethereal. I used WinPCap libraries to do it. But the most important difference is my code only uses npf.sys of WinPCap. I ported all the function int PacketNtx.dll to C#. As I said, the features of it like ethereal which are,

  • You can stop a capture session by,
  • when a specified time duration has passed
  • when specified bytes of data captured
  • when a number of specified packets captured
  • when stop button pressed
  • You can limit the size of the packets to a specified length.You can enable/disable MAC name resolution
  • You can enable the live scrolling the captured packets
  • You can change the hardware filter
  • You can change capture mode
  • You can change Adapter Buffer size, Read Buffer size , Timeout value etc.
  • You can highlight the protocol data by either clicking the protocol node or the protocol data itself.
  • You can see the index of a protocol data and the length of it
  • You can save the captured packets int he format that ethereal understands
  • You can load a packet file captured by ethereal
  • You can partially save the captured packet by selecting them
  • You can copy the protocol data to clipboard in the format string and in the hex layout by selecting the start and stop points
  • You can sort the captured packets as desired

The code is pure managed. and it supports about 20 protocols which are,

  • ETHERNET
  • LLC
  • STP
  • NETBIOS
  • CDP
  • INTERNET
  • TCP
  • UDP
  • HTTP
  • ICMP
  • ARP
  • LOOPBACK
  • NBDS
  • NBNS
  • NBSS
  • SMB MAILSLOT
  • SMB - Not finished yet
  • DCERPC
  • DLSW - Almost finished
  • DNS - Not finished yet
  • IPX
  • TFTP
  • EIGRP