Previous Tip  |  Next Tip  |  Index (recent)   |  Design Tips   | [Bill's Home]

410. Off-line Packet Analysis

I've managed to read-in TCP Dump packets [Download][Tutorial], such as:

The code I've used just uses the off-line packet analysis facility in WinPCap:

this.dgPackets.Rows.Clear();
PcapDevice device = null;
Packet packet = null;
openFileDialog1.InitialDirectory = homeFolder+"\\log";
openFileDialog1.Filter = "txt files (*.pcap)|*.pcap|All files (*.*)|*.*";
openFileDialog1.FilterIndex = 1;

openFileDialog1.ShowDialog();

try
{
device = SharpPcap.GetPcapOfflineDevice(openFileDialog1.FileName);
device.PcapOpen();

}
catch (Exception e1)
{
MessageBox.Show("Error: " + e1.Message);
return;
}
int count = 0;
while ((packet = device.PcapGetNextPacket()) != null)
{
if (packet is TCPPacket)
{
DateTime time = packet.PcapHeader.Date;
TCPPacket tcp = (TCPPacket)packet;
string srcIp = tcp.SourceAddress;
string dstIp = tcp.DestinationAddress;
int srcPort = tcp.SourcePort;
int dstPort = tcp.DestinationPort;

ASCIIEncoding utf = new System.Text.ASCIIEncoding();
string s = utf.GetString(getridofnonprint(tcp.Data));

count++;
dgPackets.RowsDefaultCellStyle.BackColor = Color.LightPink;
this.dgPackets.Rows.Add(count.ToString(),"TCP",showflag(tcp),time.ToString(), srcIp, srcPort,dstIp,dstPort,s);

// dgPackets.CurrentCell.RowIndex = 0;

try
{
for (int i = 0; i < 9; i++)
{
dgPackets.CurrentCell = this.dgPackets[i, count - 1];

dgPackets.CurrentCell.ToolTipText = string.Format("{0}:\r\n{1}", dgPackets.Columns[i].HeaderText, dgPackets[i, count - 1].Value);
}
}
catch (Exception ex)
{ MessageBox.Show("Exception:" + ex.Message); }
}