SharpPcap - 从标准输出捕获

SharpPcap - capture from standard output

I'm interesting in making a C# program that could be able to capture network traffic from Android device. Using ADB, I'm able to forward traffic from device to windows standard output. Then, the output will be forwarded to Wireshark which is pre-configured to listen to standard output.

Below is commands I'm using, just in case someone else needs

In the first CMD window

adb shell "tcpdump -n -s 0 -w - | nc -l 11233"

In the second CMD window

adb forward tcp:11233 tcp:11233 && nc 127.0.0.1 11233 | wireshark -k -S -i -

Here is my question.

I'm using SharpPcap to capture network traffic in my program. Currently, I'm able to get packet from my network adapter, i.e. Ethernet or WiFi. But as you can see, network traffic is forwarded from Android device to standard output after this command

adb forward tcp:11233 tcp:11233 && nc 127.0.0.1 11233

And output of this command will be input of the following one as Wireshark is configured to listen to standard output by "-i -"

Each time 2 above commands are executed, one instance of Wireshark window will be opened to capture packets. This could not be applied to my program.

The idea is to open a form using SharpPcap to capture packets from standard output

Does anyone know how to do this? Any other idea is also welcome.

Thanks a lot!!!

Can you create a fifo using mkfifo and have nc write to the fifo instead of to stdout? Then just have wireshark read from the fifo instead of from stdin? Something like:

mkfifo sharkfin
wireshark -k -S -i sharkfin &
adb forward tcp:11233 tcp:11233 && nc 127.0.0.1 11233 > sharkfin

In case wireshark stops capturing and you don't want it to, you can also issue the following command just after launching wireshark to ensure that wireshark never receives EOF.

cat > sharkfin &
@Viet-AnhDinh you could potentially implement the SIP parser for PacketDotNet. I'd be open to contracting to implement the parser.
@ChrisMorgan: I found another way in which tshark fits all my needs. I might come back with SIP parser for PacketDotNet after finishing my project. Will contact you at that time. Thanks for inviting.
Hi Christopher. Of course, Wireshark will always help, even in case of stdout. But the thing is to forward packets to my program. I found my way to capture packets from stdout but seems that it's not enough for my purpose since SharpPcap is not supposed to parse SIP packets. Do you have any idea of how to integrate Wireshark into C# program?