以下的代码的原作是opensource的一个叫sniffer.net的,用vb.net写的,这里只是简单的用c#翻译了一下,暂时还只能监控所有数据包,不能监控某一个进程的数据包,代码如下:
using System;
using System.Text;
using System.Net;
using System.Net.Sockets;
using System.Runtime.InteropServices;
namespace UpdateTester
{
/**//// <summary>
/// Monitor 的摘要说明。
/// </summary>
public class Monitor
{
public delegate void NewPacketEventHandler(Monitor m, Packet p);
public event NewPacketEventHandler NewPacket;
private Socket m_Monitor;
private IPAddress m_Ip;
private byte m_Buffer = new byte[65535];
private const System.Int32 IOC_VENDOR = 0x18000000;
private const int IOC_IN = -2147483648;
private const int SIO_RCVALL = IOC_IN ^ IOC_VENDOR ^ 1;
private const int SECURITY_BUILTIN_DOMAIN_RID = 0x20;
private const int DOMAIN_ALIAS_RID_ADMINS = 0x220;
public System.Net.IPAddress IP
{
get { return m_Ip; }
}
public byte Buffer
{
get { return m_Buffer; }
}
public Monitor()
{
//
// TODO: 在此处添加构造函数逻辑
//
}
public Monitor(IPAddress IpAddress)
{
if (!(Environment.OSVersion.Platform == PlatformID.Win32NT) && Environment.OSVersion.Version.Major<5)
{
throw new NotSupportedException("This program requires Windows 2000, Windows XP or Windows .NET Server!");
}
m_Ip = IpAddress;
}
public void Start()
{
if (m_Monitor==null)
{
try
{
m_Monitor = new Socket(AddressFamily.InterNetwork, SocketType.Raw, ProtocolType.IP);
m_Monitor.Bind(new IPEndPoint(IP, 0));
m_Monitor.IOControl(SIO_RCVALL, BitConverter.GetBytes(1), null);
m_Monitor.BeginReceive(m_Buffer, 0, m_Buffer.Length, SocketFlags.None, new AsyncCallback(OnReceive), null);
}
catch (Exception e)
{
m_Monitor = null;
throw new SocketException();
}
}
}
public void Stop()
{
if (m_Monitor!=null)
{
m_Monitor.Close();
}
m_Monitor = null;
}
public void OnReceive(System.IAsyncResult ar)
{
try
{
int received = m_Monitor.EndReceive(ar);
try
&