Cannot convert from SharpPcap.RawCapture to PacketDotNet.Packet

c# .net sharppcap
Clorith picture Clorith · Sep 11, 2011 · Viewed 10k times · Source

I've been following the guide over at http://www.codeproject.com/KB/IP/sharppcap.aspx for implementing a simple packet sniffer to automate authentications for me, I've managed to get to the Filtering section, and have had to make some adjustments to the tutorial code so far for it to work, but I am now stumped.

The error I am receiving is;

The best overloaded method match for 'PacketDotNet.TcpPacket.GetEncapsulated(PacketDotNet.Packet)' has some invalid arguments

Argument 1: cannot convert from 'SharpPcap.RawCapture' to 'PacketDotNet.Packet'

But I've yet to make any references to PacketDotNet my self (everything so far has been SharpPcap).

Entire code I have so far is included, the problem is in the device_OnPacketArrival() function.

 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Text;
 using PacketDotNet;
 using SharpPcap;

 namespace ConsoleApplication1
 {
     class Program
     {
         static void Main(string[] args)
         {
             string ver = SharpPcap.Version.VersionString;
             Console.WriteLine("SharpPcap {0}, Example1.IfList.cs", ver);

             // Retrieve the device list
             CaptureDeviceList devices = CaptureDeviceList.Instance;

             // If no devices were found print an error
             if (devices.Count < 1)
             {
                 Console.WriteLine("No devices were found on this machine");
                 return;
             }

             // Extract a device from the list
             ICaptureDevice device = devices[0];

             // Register our handler function to the
             // 'packet arrival' event
             device.OnPacketArrival +=
                 new SharpPcap.PacketArrivalEventHandler(device_OnPacketArrival);

             // Open the device for capturing
             int readTimeoutMilliseconds = 1000;
             device.Open(DeviceMode.Promiscuous, readTimeoutMilliseconds);

             // tcpdump filter to capture only TCP/IP packets
             string filter = "ip and tcp";
             device.Filter = filter;

             Console.WriteLine();
             Console.WriteLine("-- The following tcpdump filter will be applied: \"{0}\"",
                 filter);
             Console.WriteLine("-- Listening on {0}, hit 'Enter' to stop...",
                 device.Description);

             // Start capturing packets indefinitely
             device.Capture();

             // Close the pcap device
             // (Note: this line will never be called since
             // we're capturing indefinitely
             device.Close();
         }
         private static void device_OnPacketArrival(object sender, CaptureEventArgs e)
         {
             var tcp = TcpPacket.GetEncapsulated(e.Packet);
         }
     }
 }

Answer

Chris Morgan picture Chris Morgan · Sep 11, 2011

A SharpPcap.RawPacket is used to hold the raw data captured over the network adapter but PacketDotNet needs the packet parsed before the GetEncapsulated() methods will work. The step you need will look like:

var packet = PacketDotNet.Packet.ParsePacket(rawPacket.LinkLayerType, rawPacket.Data);

Then you can extract the encapsulated TcpPacket via the GetEncapsulated() method by passing it packet.

Example 12 in the SharpPcap source download at https://sourceforge.net/projects/sharppcap/ shows the syntax and how packets can be modified.

Keep in mind that PacketType.GetEncapsulated() is returning a reference to that portion of the packet so modifying it will alter the original packet.

Related questions

c# - how to sniff packets in an app without relying on WinPCap?

BACKGROUND: I now understand how to write a C# application that can monitor packets going in/out of the network card on the PC the application is running on. The approach I know relies on http://www.winpcap.org/ being …

Read More
Pcap.net vs Sharppcap

I just want to listen a network device, capture packets and write the packets to a dummy file. Also i need to filter packets while listening so ill only write packets which passes the filter. I need to do these …

Read More
How to make an HTTP POST web request

Canonical How can I make an HTTP request and send some data using the POST method? I can do a GET request, but I have no idea of how to make a POST request.

Read More