文件列表:

ports.txt (91807, 2005-07-24)
protocols.txt (6881, 2005-07-24)
sockmon.exe (1003008, 2010-08-09)
sockstat.exe (1144320, 2010-08-09)
Packet.dll (100880, 2010-06-26)
wpcap.dll (281104, 2010-06-26)
npf.sys (35088, 2010-06-26)
monmain.dfm (4712, 2010-08-09)
statmain.dfm (4632, 2010-08-09)
sockmon.dpr (240, 2008-08-08)
sockstat.dpr (246, 2008-08-08)
monsock.groupproj (1546, 2008-08-08)
MagClasses.pas (4844, 2010-08-11)
MagentaBpf.pas (3502, 2010-08-13)
MagentaMonpcap.pas (16633, 2010-08-09)
MagentaMonsock.pas (8502, 2010-08-09)
MagentaNdis_def.pas (8415, 2010-08-13)
MagentaPacket32.pas (34869, 2010-08-09)
MagentaPackhdrs.pas (43389, 2010-08-09)
MagentaPcap.pas (36671, 2010-08-09)
magsubs1.pas (180683, 2010-08-11)
monmain.pas (12694, 2010-08-09)
statmain.pas (12421, 2010-08-09)
sockmon.res (1688, 2008-08-08)
sockstat.res (1688, 2008-08-08)
magmonsock13.upl (2152, 2010-08-13)

Magenta Systems Internet Packet Monitoring Components v1.3 ========================================================== Updated by Angus Robertson, Magenta Systems Ltd, England, 13th August 2010 delphi@magsys.co.uk, http://www.magsys.co.uk/delphi/ Copyright Magenta Systems Ltd Introduction ------------ Magenta Systems Internet Packet Monitoring Components are a set of Delphi components designed to capture and monitor internet packets using either raw sockets or the WinPcap device driver. Hardware permitting, ethernet packets may be captured and interpreted, and statistics maintained about the traffic. Uses of packet monitoring include totalling internet traffic by IP address and service, monitoring external or internal IP addresses and services accessed, network diagnostics, and many other applications. The component includes two demonstration applications, one that displays raw packets, the other that totals internet traffic. The components include various filters to reduce the number of packets that need to be processed, by allowing specific IP addresses to be ignored, LAN mask to ignore local traffic, and ignore non-IP traffic such as ARP. The components capture packets using two different techniques, with differing benefits and features: 1 - Raw sockets which are available with Windows 2000 and later. This uses WSocket version 6 and later from the Franois Piette internet component suite, from http://www.overbyte.be/. Major benefit is that no other software needs to be installed, but raw sockets don't seem to work fully with some network adaptors, and ignore non-IP protocols. Some adaptors may capture received packets, but ignore anything sent. 2 - WinPcap (Windows Packet Library) device driver, needs to be installed (it installs two small DLLs and a driver), but captures all packets including non-IP. WinPcap may be downloaded from http://www.winpcap.org/, and version 4.1.2 is included in this package. Note the Delphi WinPcap MagentaPcap.pas and MagentaPacket32.pas modules were originally written by Lars Peter Christiansen, but have several bug fixes and many new features. In theory WinPcap 3.1 will run on Windows 9x, but it's not been tested. Use of the latest WinPcap version 4.1.2 2nd July 2010 is strongly recommended, but the component also supports older versions 4.1.1 20th October 2009, 4.0.2 9th November 2007, 3.1 5th August 2005 and 3.0 10 February 2003. Version 4.0 and later support Windows NT4/2000/XP/2003/Vista/2008/Win7/2008R2 (x86 and x***). Version 3.1 was the last to support Win9x. Component Overview ------------------ There are two main low level components, TMonitorSocket in MagentaMonsock.pas which supports raw window sockets, and TMonitorPcap in MagentaMonpcap.pas that supports WinPcap. Both have very similar properties and return ethernet packets using identical events, formatted identically, allowing the same application to use either or both low level components. There are subtle differences, raw sockets monitors a specific IP address, whereas WinPcap monitors all traffic on an adaptor. Both may potentially monitor traffic other than the local PC, depending on LAN structure. Common functions and declarations are in MagentaPackhdrs.pas Common Types ------------ TMacAddr = array [0..5] of byte ; // a MAC address // record used to return packet to application for // both raw sockets and winpcap TPacketInfo = record PacketLen: integer ; // total length of packet EtherProto: word ; // ethernet protocol EtherSrc: TMacAddr ; // ethernet MAC addresses EtherDest: TMacAddr ; AddrSrc: TInAddr ; // IP addresses are 32-bit binary AddrDest: TInAddr ; PortSrc: integer ; // transport layer ports PortDest: integer ; ProtoType: byte ; // transport layer protocol TcpFlags: word ; // TCP/IP packet type flags SendFlag: boolean ; // true if packet being sent from local IP IcmpType: byte ; // ICMP packet type DataLen: integer ; // length of data (less headers) DataBuf: AnsiString ; // packet data (may be blank even if datalen<>0) PacketDT: TDateTime ; // when packet was captured end ; TPacketEvent = procedure (Sender: TObject; PacketInfo: TPacketInfo) of object; // record used for maintaining traffic statistics TTrafficInfo = packed record AddrLoc: TInAddr ; // IP addresses are 32-bit binary AddrRem: TInAddr ; ServPort: word ; // service port PackType: word ; // protocol or packet type, TCP, UDP, ARP, ICMP, etc HostLoc: string ; // host domains for IP addresses, if available HostRem: string ; ServName: string ; // looked up BytesSent: int*** ; // traffic BytesRecv: int*** ; PacksSent: integer ; PacksRecv: integer ; LookupAttempts: integer ; // how many host name lookup attempts FirstDT: TDateTime ; // when this traffic started LastDT: TDateTime ; // last traffic update end ; PTrafficInfo = ^TTrafficInfo ; TServiceInfo = packed record ServPort: word ; // service port PackType: word ; // protocol or packet type, TCP, UDP, ARP, ICMP, etc ServName: string ; // looked up TotalHosts: integer;// how many different hosts for this service BytesSent: int*** ; // traffic BytesRecv: int*** ; PacksSent: integer ; PacksRecv: integer ; end ; PServiceInfo = ^TServiceInfo ; THdrEthernet = packed record // Ethernet frame header - Network Interface Layer dmac: TMacAddr; smac: TMacAddr; protocol: WORD; end; PHdrEthernet = ^THdrEthernet ; Class TMonitorSocket -------------------- The component may be installed on palette, but is non-visual so it's usually easier to create it in code. This class is for monitoring raw sockets on Windows 2000 and better. TMonitorSocket is a descendent of TCustomWSocket (in OverbyteIcsWsocket.pas). The following properties should be set before monitoring is started: Addr - IP address on which to listen for packets. AddrMask - IP mask of address to ignore IgnoreData - true/false, true if only doing statistics IgnoreLAN - if AddrMask should be used SetIgnoreIP - a list of IP addresses that should be ignored onPacketEvent - the event in which packets will be returned The LocalIPList public variable lists all IP addresses available for monitoring. The StartMonitor and StopMonitor methods start and stop raw packet monitoring, with the onPacketEvent event being called, often several times a second, as a TPacketInfo record. There are also four cumulative traffic properties, TotRecvBytes, TotSendBytes, TotRecvPackets and TotSendPackets which are reset each time monitoring starts. Class TMonitorPcap ------------------- The component may be installed on palette, but is non-visual so it's usually easier to create it in code. This class uses WinPcap that must have been previously installed. The high level WinPcap functions are in MagentaPcap.pas, MagentaPacket32.pas, MagentaNdis_def.pas and MagentaBpf.pas. The interface to WinPcap is packet.dll, and all functions are loaded dynamically with LoadPacketDll so the application will work even if the DLL is not available. The component uses a thread internally to poll the device driver for new packets. The following properties should be set before monitoring is started: MonAdapter - index of adaptor to monitor, selected from AdapterDescList Addr - local IP address (see below) AddrMask - IP mask for IP address Promiscuous - true/false, true to monitor sent packets, but may not work IgnoreData - true/false, true if only doing statistics IgnoreLAN - if AddrMask should be used to ignore local traffic SetIgnoreIP - a list of IP addresses that should be ignored onPacketEvent - the event in which packets will be returned There are other exposed WinPcap methods: GetAdapters - fills the AdapterNameList and AdapterDescList lists with the names of network adaptors GetIPAddresses - returns three lists of IPs, masks and broadcast IPs for a specific network adaptor. The StartMonitor and StopMonitor methods start and stop WinPcap packet monitoring, with the onPacketEvent event being called, often several times a second, as a TPacketInfo record. There are also four cumulative traffic properties, TotRecvBytes, TotSendBytes, TotRecvPackets and TotSendPackets which are reset each time monitoring starts. Class TTrafficClass ------------------- This component is used to accumulate internet traffic statistics. It is the basis of the Traffic Monitor demo application. Use is very simple, just call the Add method from onPacketEvent. The component checks for unique remote IP addresses and ports (ie services), and totals traffic for them in TTrafficInfo. The UpdateService method may be called to update TServiceInfo records which consolidate traffic for any IP into service. The component automatically reverse looks-up IP address into domain names, where possible. Demonstration Application ------------------------- Two Windows demonstration applications are supplied, with source and compiled programs, SOCKMON.EXE displays raw packets, while SOCKSTAT.EXE totals internet traffic. Files Enclosed -------------- =Demo Applications monmain.dfm monmain.pas sockmon.dpr sockmon.exe sockmon.res statmain.dfm statmain.pas sockstat.dpr sockstat.exe sockstat.res =Component MagentaBpf.pas MagentaMonpcap.pas MagentaMonsock.pas MagentaNdis_def.pas MagentaPacket32.pas MagentaPackhdrs.pas MagentaPcap.pas =Support files MagSubs1.pas MagClasses.pas WinPcap_4_0_1.exe ports.txt protocols.txt Requirements ------------ Compatible with Delphi 6/7/2005/2006/2007/2009/2010/XE, tested with Windows 2000, XP, 2003, Vista, 2008 and 7. The components need Franois PIETTE internet component suite (ICS) V6 or V7 from from http://www.overbyte.be/. Release Notes ------------- 29th October 2005 - 1.1 - baseline 8th August 2008 - 1.2 - updated to support ICS V6 and V7, and Delphi 2009 when stopping capture ignore any buffered data so it stops faster tested with WinPCap 4.0.2 which is included 13th August 2010 - 1.3 - fixed various cast warnings with Delphi 2009 and later tested with WinPCap 4.1.2 which is included Copyright Information --------------------- Magenta Systems Internet Packet Monitoring Components are freeware, but are still copyrighted by Magenta Systems Ltd who may change the status or withdraw it at any time, without notice. Magenta Systems Internet Packet Monitoring Components may be freely distributed via web pages, FTP sites, BBS and conferencing systems or on CD-ROM in unaltered zip format, but no charge may be made other than reasonable media or bandwidth cost. Magenta Systems Ltd 9 Vincent Road Croydon CR0 6ED United Kingdom Phone 020 8656 3636, International Phone +44 20 8656 3636 Fax 020 8656 8127, International Fax +44 20 8656 8127 Email: delphi@magsys.co.uk Web: http://www.magsys.co.uk/delphi/

近期下载者：

相关文件：

评论：[我要评论] [举报此文件]

收藏者：