C# SharpPcap issues

Question

I've been very interested in using SharpPcap, but so far it's not been going well.

The main problem is the following code:

   private static void device_OnPacketArrival(object sender, CaptureEventArgs packet)
   {
        if(packet is TCPPacket)
        {                
            DateTime time = packet.Timeval.Date;
            int len = packet.PcapHeader.len;

            TCPPacket tcp = (TCPPacket)packet;
            string srcIp = tcp.SourceAddress;
            string dstIp = tcp.DestinationAddress;
            int srcPort = tcp.SourcePort;
            int dstPort = tcp.DestinationPort;

            Console.WriteLine("{0}:{1}:{2},
                {3} Len={4} {5}:{6} -> {7}:{8}", 
                time.Hour, time.Minute, time.Second, 
                time.Millisecond, len, srcIp, srcPort, 
                dstIp, dstPort);
        }
    }

"The type or namespace TCPPacket could not be found"

OK, so I figured it must be TcpPacket? -but then it came up with this error:

"The given expression is never of the provided ('PacketDotNet.TcpPacket') type"

Ignoring that:

"'SharpPcap.CaptureEventArgs' does not contain a definition for 'Timeval' and no extension method 'Timeval' accepting a first argument of type 'SharpPcap.CaptureEventArgs' could be found"

And so on, and so on. So my question is, am I missing something?

I have the PacketDotNet and SharpPcap library's, and added both the using statements.

Solution: Packet pack = Packet.ParsePacket(packet.Packet); TcpPacket tcpPacket = TcpPacket.GetEncapsulated(pack);

    DateTime time = packet.Packet.Timeval.Date;
    int len = packet.Packet.Data.Length;

    if (tcpPacket != null)
    {
        IpPacket ipPacket = (IpPacket)tcpPacket.ParentPacket;


            IPAddress srcIp = ipPacket.SourceAddress;
            IPAddress dstIp = ipPacket.DestinationAddress;
            ushort srcPort = tcpPacket.SourcePort;
            ushort dstPort = tcpPacket.DestinationPort;

            MessageBox.Show(String.Format("{0}:{1}:{2},{3} Len={4} {5}:{6} -> {7}:{8}",
                                time.Hour, time.Minute, time.Second, time.Millisecond, len,
                                srcIp, srcPort, dstIp, dstPort)
                );
    }

score 3 · Accepted Answer · answered Jan 06 '11 at 14:13

Solution:

Packet pack = Packet.ParsePacket(packet.Packet);
TcpPacket tcpPacket = TcpPacket.GetEncapsulated(pack);

DateTime time = packet.Packet.Timeval.Date;
int len = packet.Packet.Data.Length;

if (tcpPacket != null)
{
    IpPacket ipPacket = (IpPacket)tcpPacket.ParentPacket;


        IPAddress srcIp = ipPacket.SourceAddress;
        IPAddress dstIp = ipPacket.DestinationAddress;
        ushort srcPort = tcpPacket.SourcePort;
        ushort dstPort = tcpPacket.DestinationPort;

        MessageBox.Show(String.Format("{0}:{1}:{2},{3} Len={4} {5}:{6} -> {7}:{8}",
                            time.Hour, time.Minute, time.Second, time.Millisecond, len,
                            srcIp, srcPort, dstIp, dstPort)
            );
}

GWLlosa · Answer 2 · 2011-01-04T16:09:17.593

2

Looking at the first part of the code...

private static void device_OnPacketArrival(object sender, CaptureEventArgs packet)
   {
        if(packet is TCPPacket)
        {

packet seems to be of type CaptureEventArgs, not TCPPacket. Probably there's some property of the event args which is your actual packet. If that is correct, then the

"'SharpPcap.CaptureEventArgs' does not contain a definition for 'Timeval' and no extension method 'Timeval' accepting a first argument of type 'SharpPcap.CaptureEventArgs' could be found"

Is probably true for that reason; the CaptureEventArgs and the Packet are not the same thing.

EDIT:

I would try something like:

private static void device_OnPacketArrival(object sender, CaptureEventArgs packet)
   {
        if(packet.packet is TCPPacket)
        {               
            TCPPacket tcpPack = (TCPPacket)(packet.packet);
            DateTime time = tcpPack.Timeval.Date;
            int len = tcpPack.PcapHeader.len;           
            string srcIp = tcpPack.SourceAddress;
            string dstIp = tcpPack.DestinationAddress;
            int srcPort = tcpPack.SourcePort;
            int dstPort = tcpPack.DestinationPort;

            Console.WriteLine("{0}:{1}:{2},
                {3} Len={4} {5}:{6} -> {7}:{8}", 
                time.Hour, time.Minute, time.Second, 
                time.Millisecond, len, srcIp, srcPort, 
                dstIp, dstPort);
        }
    }

edited Jan 04 '11 at 16:09

answered Jan 04 '11 at 16:01

GWLlosa

23,995
17
79
116

Ooh right, I forgot to mention that I tried packet.Packet, which seems to be the actual packet. But that didn't change anything. – Nick Jan 04 '11 at 16:04
as in, everywhere where you have the word packet (except the function header) you have the words "packet.packet"? – GWLlosa Jan 04 '11 at 16:07
Yes: if(packet.Packet == TcpPacket) { DateTime time = packet.Packet.Timeval.Date; int len = packet.Packet.PcapHeader.len; TcpPacket tcp = (TcpPacket)packet.Packet; – Nick Jan 04 '11 at 16:09
See my edit; I would be surprised if you still encountered the "Does not contain a definition" error, at least. If you still have errors, it'd be helpful if you would indicate which line the error is originating from. – GWLlosa Jan 04 '11 at 16:11
Sorry, it's really still the same. I'll update my first post. – Nick Jan 04 '11 at 16:12
Do you have the "using PacketDotNet;" statement in your headers? If so, the casing of TCPPacket could be off; C# being case-sensitive, it could easily be TcpPacket. – GWLlosa Jan 04 '11 at 16:14
Isn't that what I have now? -that's the first thing I tried. Ooh, by the way, thank you for the help so far! – Nick Jan 04 '11 at 16:16
Try using the object browser in visual studio to look inside the PacketDotNet library; what's happening here is that you are using "TcpPacket", and the compiler doesn't know where to find it. So we are either missing a "Reference" to the PacketDotNet library, a "using" statement for the PacketDotNet library, or we're using the wrong class IN the PacketDotNet library. – GWLlosa Jan 04 '11 at 16:17
I figured it out. *sigh* I'll edit my first post, thanks a bunch for your help! – Nick Jan 05 '11 at 12:19
No problem, that's what these sites are for. If you have the exact problem figured out, you ought to post it as an answer and mark it as 'accepted'; that will make it easier for future users with the same problem to rapidly identify the solution. – GWLlosa Jan 06 '11 at 04:18

C# SharpPcap issues

2 Answers2