-
Notifications
You must be signed in to change notification settings - Fork 0
NetworkMonitor Class
File: Petersilie.ManagementTools.NetworkMonitor.NetworkMonitor.cs
Namespace: Petersilie.ManagementTools.NetworkMonitor
Implements the IDisposable interface.
This class is the main component of the project and implements the IP based packet monitoring.
Overview:
public NetworkMonitor(IPAddress target)Description: Initializes the NetworkMonitor class and binds a socket to the specified IP address.
public NetworkMonitor(IPAddress target, int port)Description: Initializes the NetworkMonitor class and binds a socket to the specified IP address and port.
public NetworkMonitor(IPEndPoint target)Description: Initializes the NetworkMonitor class and binds a socket the IP Address and port specified in the IPEndPoint object.
private bool _continue = true;Description: Stops receiving packets if set to FALSE.
private Socket _socket = null;Description: Socket object which is used to get raw streams of packet data.
static readonly byte[] RCVALL_ON = new byte[4] { 1, 0, 0, 0 };Description: Used for Socket.IOControl params optionInValue and optionOutValue. These values are documented in SIO_RCVALL Control Code for WSAIoctl. In WSAIoctl these are refered to as lpvInBuffer and lpvOutBuffer. They refere to the enum RCVALL_VALUE/*PRCVALL_VALUE in mstcpip.h.
The exact definition looks like this:
typdef enum {
RCVALL_OFF = 0,
RCVALL_ON = 1,
RCVALL_SOCKETLEVELONLY = 2,
RCVALL_IPLEVEL = 3,
} RCVALL_VALUE, *PRCVALL_VALUE; This byte array is really important. SIO_RCVALL is what enables the NIC to be sniffed, and what level of sniffing is allowed (to some extend).
public const int DEFAULT_BUFFERSIZE = 0x1000; // 4096Description: The default buffer size, in bytes, that the NetworkMonitor uses for storing the data it receives. Smaller buffers force more I/O operations and might overload the NetworkMonitor. I recommend buffer sizes of at least 0x200 (1024) bytes. If the bound socket is known for receiving large packets I recommend using a buffer of at least 0x14c08 (85.000) bytes because it will then be allocated from the large-object heap causing less to non fragmentation issues (you will need to split the large allocated buffer into smaller buffers yourself and use these individual smaller buffers for the Socket.BeginReceive method within the OnReceive() async callback).
public int BufferSize { get; set; } = DEFAULT_BUFFERSIZE;Description: Sets or gets the buffer size used in Socket.BeginReceive calls.
public System.Net.IPAddress IPAddress { get; }Description: IP address that is bound to the socket.
public int Port { get; }Description: Port that is bound to the socket.
private event EventHandler<PacketErrorEventArgs> onError;
public event EventHandler<PacketErrorEventArgs> OnError { add; remove; }
protected virtual void OnErrorInternal(PacketErrorEventArgs e)Description: Occurs whenever the NetworkMonitor runs into an exception while trying to receive data from a client.
private event EventHandler<PacketEventArgs> onPacketReceived;
public event EventHandler<PacketEventArgs> PacketReceived { add; remove; }
protected virtual void OnPacketReceived(PacketEventArgs ipArgs)Description: Occurs whenever the NetworkMonitor received a packet.
private void TryRelease(Socket s)Description: Tries to release the specified socket object and all its references.
private void OnReceive(IAsyncResult ar)Description: Async callback for Socket.BeginReceive. Stops when _continue is set to FALSE. The IAsyncResult.AsyncState object contains a SocketStateObject. This callback raises the OnError event and the PacketReceived event.
Example: Socket.BeginReceive(byte[], int, int, SocketFlags, new AsyncCallback(OnReceive), object);
public void Begin()Description: Begins receiving packets on the Socket thus beginning to start monitoring.
Example: networkMonitor.Begin();
public void Stop()Description: Stops the NetworkMonitor from receiving any more data.
Example: myMonitor.Stop();
private static NetworkInterface[] GetInterfaces()Description: Returns an array of valid NICs (network interfaces). Used to create a NetworkMonitor object for all up and running NICs. Valid interfaces are those that are not a loopback or tunnel NIC and are running and not a virtual Ethernet NIC.
Example: NetworkInterface[] validNICs = GetInterfaces();
public static NetworkMonitor[] BindInterfaces()Description: Creates a NetworkMonitor instance for each valid NIC (network interface).
Example: NetworkMonitor[] netMonitors = NetworkMonitor.BindInterfaces();