The attached source code is a packet sniffer. Most of featured came from ethereal. I used WinPCap libraries to do it. But the most important difference is my code only uses npf.sys of WinPCap. I ported all the function int PacketNtx.dll to C#. As I said, the features of it like ethereal which are,
- You can stop a capture session by,
- when a specified time duration has passed
- when specified bytes of data captured
- when a number of specified packets captured
- when stop button pressed
- You can limit the size of the packets to a specified length.You can enable/disable MAC name resolution
- You can enable the live scrolling the captured packets
- You can change the hardware filter
- You can change capture mode
- You can change Adapter Buffer size, Read Buffer size , Timeout value etc.
- You can highlight the protocol data by either clicking the protocol node or the protocol data itself.
- You can see the index of a protocol data and the length of it
- You can save the captured packets int he format that ethereal understands
- You can load a packet file captured by ethereal
- You can partially save the captured packet by selecting them
- You can copy the protocol data to clipboard in the format string and in the hex layout by selecting the start and stop points
- You can sort the captured packets as desired
The code is pure managed. and it supports about 20 protocols which are,
- ETHERNET
- LLC
- STP
- NETBIOS
- CDP
- INTERNET
- TCP
- UDP
- HTTP
- ICMP
- ARP
- LOOPBACK
- NBDS
- NBNS
- NBSS
- SMB MAILSLOT
- SMB - Not finished yet
- DCERPC
- DLSW - Almost finished
- DNS - Not finished yet
- IPX
- TFTP
- EIGRP