如何使用sharPcap来理解数据包是TCP关闭包

Question

我正在尝试读取从客户端发送到服务器的数据包。我在C#中使用C#。在这种情况下，如何理解数据包是TCP关闭数据包：

    private static void device_OnPacketArrival(object sender, CaptureEventArgs e)
    {           
        var time = e.Packet.Timeval.Date;
        var len = e.Packet.Data.Length;

        var packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);

        var tcpPacket = PacketDotNet.TcpPacket.GetEncapsulated(packet);
        if(tcpPacket != null)
        {
            var ipPacket = (PacketDotNet.IpPacket)tcpPacket.ParentPacket;
            System.Net.IPAddress srcIp = ipPacket.SourceAddress;
            System.Net.IPAddress dstIp = ipPacket.DestinationAddress;
            int srcPort = tcpPacket.SourcePort;
            int dstPort = tcpPacket.DestinationPort;

            Console.WriteLine("{0}:{1}:{2},{3} Len={4} {5}:{6} -> {7}:{8}", 
                time.Hour, time.Minute, time.Second, time.Millisecond, len,
                srcIp, srcPort, dstIp, dstPort);
        }
    }

Answer 1

TCP关闭在TCP协议中由FIN表示。将有一个4路握手来关闭TCP连接的两端。两端各送一根鳍，而同伴则会将其插入。您应该能够在捕获框架中看到这一点。

也许您可以在这里找到一些提示，说明如何通过api :http://www.codeproject.com/Articles/12458/SharpPcap-A-Packet-Capture-Framework-for-NET实现这一点。