主要问题是:当用户开始将文件从本地机器上传到互联网时,c#应用程序可以跟踪吗?它可能是机器上的任何进程。跟踪应用程序不会触发上传文件进程。
有一些代码可以捕获如此多的传出TCP和UDP流量。但我只需要过滤包含文件传输数据的数据包。
public static void Start()
{
//get ip address
IPAddress[] addrList = Dns.GetHostByName(Dns.GetHostName()).AddressList;
string IP = addrList[0].ToString();
//var devices = SharpPcap.WinPcap.WinPcapDeviceList.Instance;
var devices = CaptureDeviceList.Instance;
// differentiate based upon types
int count = devices.Count;
if (count < 1)
{
Console.WriteLine("No device found on this machine");
return;
}
for (int i = 0; i < count; ++i)
{
// CaptureFlowReceive(IP, i);
CaptureFlowSend(IP,i);
}
while (true)
{
//Call refresh function every 1s
RefershInfo();
}
}
private static void CaptureFlowSend(string IP, int deviceID)
{
ICaptureDevice device = CaptureDeviceList.New()[deviceID];
device.OnPacketArrival += new PacketArrivalEventHandler(device_OnPacketArrivalSend);
int readTimeoutMilliseconds = 1000;
device.Open(DeviceMode.Promiscuous, readTimeoutMilliseconds);
string filter = "src host " + IP + " and ip ";
device.Filter = filter;
device.StartCapture();
}
private static void device_OnPacketArrivalSend(object sender, CaptureEventArgs e)
{
var rawCapture = e.Packet;
var packet = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data);
var data = packet.PayloadPacket.PayloadPacket.PayloadData;
}
public static void RefershInfo()
{
Thread.Sleep(1000);
}
好像我找到了解决方案。使用netstat -a -n -o
命令,我们可以接收使用tcp和udp套接字的所有进程。此外,我们可以通过上一步中收到的进程列表中的进程获取DiskUsage信息。当然,这不是完美的解决方案,但它几乎是我所需要的。