Capture ethernet frames

Erik Tamminga · Jul 2, 2005

Hi,

Is there any way of captureing ethernet frames (not only IP, I know how to
do that) using the .NET framework?

Especially, I'm trying to listen to Cisco CDP traffic present on the wire.
The traffic is non-ip using a special destination mac-address and
ethernet-type.

Regards,

Erik Tamminga

Lloyd Dupont · Jul 2, 2005

I'm sure that in the owrst case scenario you could interop the required
native function

Anyway, I haven't tryed myself but one of the socket constructor has plenty
of argument, including a SocketProtocol...
with a long list:
Ggp, Icmp, Idp, Igmp, IP, IPv4, IPv6, ND, etc....
even Unknow.. (what could this be?)

Erik Tamminga · Jul 3, 2005

Hi Lloyd,

Tried them all. All but the IP based give an error creating the socket. So
no hopes on getting this working.

I've found several packet capture drivers that could work from within .net
but I'm hasitating using a packet capture driver which needs to be installed
separately. Besides this, some need administrative permissions to access,
which I cannot use either.

So ....

Erik

Lloyd Dupont · Jul 4, 2005

well, it seems to me that the best solution in your case, provided you know
how to write what you want in C, is to use Interop technology.

Interop is the technology which let you declare you C function prototype in
a C# class and then just uses them!
exemple:
//------------ example.cs -----------------
using System.Runtime.InteropServices;
using System.Security;

[SuppressUnmanagedCodeSecurity] // better perf, less security
public class SysFunctions
{
const string KERNEL32 = "Kernel32";

[DllImport(KERNEL32, SetLastError = true, CallingConvention =
CallingConvention.Winapi)]
private static extern IntPtr LoadLibrary(string libname);

public static void Init()
{
if(LoadLibrary("mylib.dll") == IntPtr.Zero)
throw new InvalidOperationException("can't find mylib");
}
}
// -------------------

Look for interop in the documentation. (just type 'interop' in the
documentation index, or try google

Alternatively you could write a managed C++ wrapper, if there are heaps of
function / structure to defined.
That would gives you the more power with less work to do (but comes with a
lot of C++ fussyness).
Here is a link about managed C++ 2.0 syntax:
http://msdn2.microsoft.com/library/xey702bw(en-us,vs.80).aspx

// ------ exemple.h ---------
#pragma once

#include <windows.h>

using namespace System;

public ref class SysFunctions
{
public:
static void Init()
{
HMODULE h = LoadLibrary("mylib.dll");
if( !h )
throw gcnew InvalidOperationException("Can't find mylib");
}
};
// -------------------------

Lloyd Dupont · Jul 4, 2005

on purely personal interest level, what is your website about? (I don't
speak dutch, but I do french & australian)
I have some personal interest in cooking + software...
try ld at galador dot net or , dl at ten dot rodalag dot reverse dot this,
hehe...

Erik Tamminga · Jul 6, 2005

My website?

Lloyd Dupont said:
on purely personal interest level, what is your website about? (I don't
speak dutch, but I do french & australian)
I have some personal interest in cooking + software...
try ld at galador dot net or , dl at ten dot rodalag dot reverse dot this,
hehe...

Lloyd Dupont · Jul 6, 2005

Erik Tamminga said:
My website?

euh.. yeah: www.tamminga.nl , no?

Erik Tamminga · Jul 9, 2005

Nop, Sorry, that's a backery somewhere in the netherlands. I'm not related
to them.

my website is www.etamminga.nl, but doens't have any content.

Erik