Lab 1: Packet Capture - Network Interfaces

Rich Macfarlane, Prof. Bill Buchanan

Details
Aim: To provide a foundation for using the WinPcap packet capture library, for reading
data packets from a network interface card (NIC). The lab will use the C# high level
programming language, from the MS Visual Studio IDE, to access the WinPcap
library.

Outline
In this lab Visual Studio will be used to create a basic C# .NET application, to harness the
WinPcap packet capture library, to interrogate the NICs on the local machine.

WinPcap is an open source code library which can be used for packet capture and network
analysis. It can give direct access to the raw network traffic, without having to use high level
OS methods. WinPcap is used by network and network security tools such as packet
sniffers, IDS, network scanners, and network monitors.

WinPcap Documentation can be found at:

http://www.winpcap.org/docs/docs_40_2/html/main.html

Activities
Microsoft Visual Studio is required to complete the practical elements of the lab. It can be
downloaded from the Napier Software Portal.
If Visual Studio is installed on your machine, download the following solution to your
desktop:

WinPcap Demo Application:

http://www.dcs.napier.ac.uk/~cs342/CSN11102/WinPCap1.zip

Open the zip file, and extract the WinPcap1 folder to the Desktop using the Extract All
button and extract to the Windows Desktop, as shown below.

CSN09105 Packet Capture with C#.NET – Rich Macfarlane/Bill Buchanan 1

 Open the C#.NET solution by double clicking the .sln file, as shown below.

As Visual Studio starts, you may need to select the default environment. Select C#
environment if requested, as shown below.

Depending on the version of Visual Studio, you may be required to convert the code to
the latest version of C#.NET.

CSN09105 Packet Capture with C#.NET – Rich Macfarlane/Bill Buchanan 2

 Once Visual Studio starts, it should show the C# Application, as shown below. The
Visual Studio Solution contains C# Application(s), and other general modules, which
are displayed in the Solution Explorer Panel on the right (View>Solution Explorer).
The Code panel on the left shows Windows Forms, Code, or other modules, and they
can be opened from the Solution Explorer panel.

The C# application for this lab is a Windows Console Application, with input and
output from the user via a Console Window.
The code can be viewed by opening the C# code file (.cs file). The code panel should
contain the following code. The code uses the SharpPcap wrapper code (Gal, 2010),
which provides access to the WinPcap packet capture library.
using System;
using Tamir.IPLib;

namespace NapierCapture
{
public class ListNICs
{
public static void Main(string[] args)
{
int count=0;

// Display version of WinPcap being used

string verWinPCap = Tamir.IPLib.Version.GetVersionString();
Console.WriteLine("WinPCap Version: {0}", verWinPCap);
Console.WriteLine("Connected devices:\r\n");

// Get the list of NICs

PcapDeviceList NICList = SharpPcap.GetAllDevices();

// Display list of NICs information

foreach(PcapDevice nic in NICList)
{
Console.WriteLine("{0}) {1}",count,nic.PcapDescription);
Console.WriteLine("\tName:\t{0}",nic.PcapName);
Console.WriteLine("\tMode:\t\t\t{0}",nic.PcapMode);
Console.WriteLine("\tIP Address: \t\t{0}",nic.PcapIpAddress);
Console.WriteLine("\tLoopback: \t\t{0}",nic.PcapLoopback);

CSN09105 Packet Capture with C#.NET – Rich Macfarlane/Bill Buchanan 3

 Console.WriteLine();
count++;
}

// Wait for keypress to exit

Console.Write("Press <RETURN> to exit");
Console.Read();
}
}
}

The project is a Windows Console application, which when run, should create a
console window and display a list of the Network Interfaces on the local machine.

Run the application (F5 or the green run button), and verify that it produces a list of
the available network interfaces, such as the following:

Questions

Q: List the network interfaces in your machine, including index no. and Name:

Q: Which of these are physical network cards?

Q: Which of these are Ethernet network cards?

Q: Which of these are Wireless network cards?

Q: Look at the back of your PC, and identify the physical network cards.

CSN09105 Packet Capture with C#.NET – Rich Macfarlane/Bill Buchanan 4

 Next update the code so that it displays more detailed information about the network
connections. (the code can be CUT&PASTEd)

// Display list of DETAILED NIC information

foreach(PcapDevice nic in NICList)
{
Console.WriteLine("{0}) {1}", count, nic.PcapDescription);

NetworkDevice netConn = (NetworkDevice)nic;

Console.WriteLine("\tIP Address:\t\t{0}", netConn.IpAddress);
Console.WriteLine("\tSubnet Mask:\t\t{0}", netConn.SubnetMask);
Console.WriteLine("\tMAC Address:\t\t{0}", netConn.MacAddress);
Console.WriteLine("\tDefault Gateway:\t{0}", netConn.DefaultGateway);
Console.WriteLine("\tPrimary WINS:\t\t{0}", netConn.WinsServerPrimary);
Console.WriteLine("\tSecondary WINS:\t\t{0}", netConn.WinsServerSecondary);
Console.WriteLine("\tDHCP Enabled:\t\t{0}", netConn.DhcpEnabled);
Console.WriteLine("\tDHCP Server:\t\t{0}", netConn.DhcpServer);
Console.WriteLine("\tDHCP Lease Obtained:\t{0}", netConn.DhcpLeaseObtained);
Console.WriteLine("\tDHCP Lease Expires:\t{0}", netConn.DhcpLeaseExpires);
Console.WriteLine();
count++;
}

The output should show the details of the network connections, as shown below:

Questions

Q: List some of the details of some of the network interfaces on your machine

CSN09105 Packet Capture with C#.NET – Rich Macfarlane/Bill Buchanan 5

References
Gal, T. (2010, Jan). SharpPcap - A Packet Capture Framework for .NET. Retrieved Jan 2011, from
The Code Project: http://www.codeproject.com/KB/IP/sharppcap.aspx

CSN09105 Packet Capture with C#.NET – Rich Macfarlane/Bill Buchanan 6