Network sniffing for .NET
This summer, I've been using SSLDump and WinDump to do traffic analysis on some production web services. These tools work pretty well; essentially we capture data on a server using WinDump and then do post processing using a modified version of SSLDump and a Python script to do the actualy analysis on the data. What we're trying to find out is where time is being spent in a transaction; for instance, if the network pipe to the customer is slow, or if the mainframe behind the web service is slow. We can tell if the SSL handshake is taking a long time. Often, it's useful just to see the raw data if we're not sure where something's gone awry. Anyway, we've been looking at a way to access the WinPCap libraries from .NET and came across a few options on CodeProject.com:
- PktCap - I haven't looked too much at this one. There's no source for the PCap interop library, and the author seems to have abandoned work on it.
- DotNetWinPCap - Seems to work, but with a big minus: no source code. He appears to have written a wrapper around wpcap.dll.
- Pacanal - This seems like the best option. This is a lone author who aims to write a .NET version of ethereal. Maybe I'm just in awe of what Fýrat Koçak has done: he's essentially rewritten wpcap.dll and packetx.dll, reusing the kernel driver from WinPCap and writing to the low level I/O routines. It's a pretty impressive app, a sniffer that can do TCP, UDP and HTTP decoding, along with a few other protocols, save to WinPCap format, etc.
None of these fully replace WinPCap, which isn't the point. Pacanal seems like a great option if you need to get access to network sniffing functionality from .NET.