locked
Programmatically Sniffing using C# and NM3 RRS feed

  • Question

  • Hi,

     

    I am a web developer in ASP.NET/C#. I have very little experience in network programming and packet sniffing. I have the following basic requirement for understanding purpose.

     

    1)      IP of client who gets connected to the server.

    2)      The time of connection start.

    3)      The time of connection close.

    4)      The reason for connection close.

     

    I would like to achieve this through C# code. Is it possible to use NM3 API to achieve this goal? Can you please share code or refer a video that explains this?

     

    Note: I have to achieve this programmatically using C# Code.

     

    Thanks

    Lijo  

    Monday, June 27, 2011 5:50 PM

All replies

  • Yes, you can certain capture and analyze the data to get this information.  However, #1 depends on where you capture from.  If you do this from the client, then you might be able to do this from any outoging traffic.  But it might be better to query the system and then use that to narrow your filter when you look at the traffic.

    The projects on http://NMExperts.CodePlex.com have some examples.  There isn't an example that shows capturing the data with C#, but you use the C++ examples and convert them.  The only caveat is that you need to make sure you have the thread modeling correct.  There is a seciton in the help file about this.

    If you need more details, feel free to ask more questions.

    Thanks,

    Paul

    Monday, June 27, 2011 6:33 PM
  • Here's a simple example.  It doesn't save frames but shows you how to setup the capture engine.

    using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Text;
    using Microsoft.NetworkMonitor;
    
    namespace SimpCap
    {
      class Program
      {
        public static CaptureCallbackDelegate capHandler;
    
        static void CapHandlerCallback(IntPtr hCaptureEngine, UInt32 uladapterIndex, IntPtr pCallerContext, IntPtr hFrame)
        {
        }
    
        [STAThread]
        static void Main(string[] args)
        {
          capHandler = new CaptureCallbackDelegate(CapHandlerCallback);
          uint ret;
    
          IntPtr myCapEng;
          ret = NetmonAPI.NmOpenCaptureEngine(out myCapEng);
          if (ret != 0)
          {
            Console.WriteLine("Error {0}\n", ret);
          }
          else
          {
            uint AdptCount;
            ret = NetmonAPI.NmGetAdapterCount(myCapEng, out AdptCount);
            if(ret != 0)
            {
              NetmonAPI.NmCloseHandle(myCapEng);
              Console.WriteLine("Error {0}\n", ret);
            }
            else
            {
              for (uint i = 0; i < AdptCount; i++)
              {
                ret = NetmonAPI.NmConfigAdapter(myCapEng, i, capHandler, IntPtr.Zero, NmCaptureCallbackExitMode.ReturnRemainFrames);
                if (ret != 0)
                {
                  Console.WriteLine("Could not config {0}, error {1}", i, ret);
                }
                else
                {
                  Console.WriteLine("Configured Adpt {0}", i);
                }
    
                ret = NetmonAPI.NmStartCapture(myCapEng, i, NmCaptureMode.LocalOnly);
                if (ret != 0)
                {
                  Console.WriteLine("Could not Start Capture on {0}, error {1}", i, ret);
                }
                else
                {
                  Console.WriteLine("Started Adpt {0}", i);
                }
    
              }
    
              System.Threading.Thread.Sleep(5000);
    
              for (uint i = 0; i < AdptCount; i++)
              {
                ret = NetmonAPI.NmConfigAdapter(myCapEng, i, capHandler, IntPtr.Zero, NmCaptureCallbackExitMode.ReturnRemainFrames);
                if (ret != 0)
                {
                  Console.WriteLine("Could not config {0}, error {1}", i, ret);
                }
                else
                {
                  Console.WriteLine("Configured Adpt {0}", i);
                }
                Console.WriteLine("Starting Adpt {0} again", i);
    
                ret = NetmonAPI.NmStartCapture(myCapEng, i, NmCaptureMode.LocalOnly);
                if (ret != 0)
                {
                  Console.WriteLine("Could not Start Capture again on {0}, error {1}", i, ret);
                }
                else
                {
                  Console.WriteLine("Started Adpt {0} again", i);
                }
    
              }
    
              for (uint i = 0; i < AdptCount; i++)
              {
                ret = NetmonAPI.NmStopCapture(myCapEng, i);
                if (ret != 0)
                {
                  Console.WriteLine("Could not Stop Capture on {0}, error {1}", i, ret);
                }
                else
                {
                  Console.WriteLine("Stopped Adpt {0}", i);
                }
              }
    
            }
    
            NetmonAPI.NmCloseHandle(myCapEng);
          }
        }
      }
    }
    

    Tuesday, June 28, 2011 2:59 PM