private static Action <(KeyValuePair <FlowKey, FlowRecordWithPackets> flow, int)> WriteFlow(string folder)
{
return((flowIndex) =>
{
var flow = flowIndex.flow;
var index = flowIndex.Item2;
var path = Path.Combine(folder, index.ToString()) + ".pcap";
var jsonPath = Path.ChangeExtension(path, ".json");
var pcapfile = new CaptureFileWriterDevice(path);
foreach (var(packet, time) in flow.Value.PacketList)
{
pcapfile.Write(new RawCapture(linkLayers, time, packet.Bytes));
}
pcapfile.Close();
var process = ExecuteTshark(path, jsonPath);
using (var compressedFileStream = File.Create(jsonPath + ".gz"))
using (var compressionStream = new GZipStream(compressedFileStream, CompressionMode.Compress))
{
process.StandardOutput.BaseStream.CopyTo(compressionStream);
}
process.WaitForExit();
});
}
public void TestFileCreationAndDeletion()
{
var wd = new CaptureFileWriterDevice(@"abc.pcap");
wd.Write(new byte[] { 1, 2, 3, 4 });
wd.Close();
System.IO.File.Delete(@"abc.pcap");
}
/// <summary>
/// 将缓存队列中的数据包写入cap文件
/// </summary>
/// <param name="capFileName"></param>
public static void CreatecapFile(string capFileName)
{
deviceWriteFile = new CaptureFileWriterDevice(capFileName);
for (int i = 0; i < queue.Count; i++)
{
deviceWriteFile.Write(queue[i]);
}
deviceWriteFile.Close();
}
public override bool IterationFinished()
{
lock (_lock)
{
if (_writer != null)
{
_writer.Close();
}
}
return(false);
}
private void ToolStripButton2_Click(object sender, EventArgs e)// Stop sniffing
{
sniffing.Abort();
wifi_device.StopCapture();
wifi_device.Close();
captureFileWriter.Close();
toolStripButton1.Enabled = true;
textBox1.Enabled = true;
toolStripButton2.Enabled = false;
}
private void 导出为cap文件ToolStripMenuItem_Click(object sender, EventArgs e)
{
SaveFileDialog saveFileDialog = new SaveFileDialog();
saveFileDialog.RestoreDirectory = true;
if (saveFileDialog.ShowDialog() == DialogResult.OK)
{
CaptureFileWriterDevice device = new CaptureFileWriterDevice(saveFileDialog.FileName);
device.Write(rawCapture);
device.Close();
}
}
private static void WritePacketWrappers(string path, List <PacketWrapper> parsedPackets)
{
var writer = new CaptureFileWriterDevice(path, FileMode.CreateNew);
writer.Open();
foreach (var p in parsedPackets.SelectMany(pw => pw.GetWriteableCaptures()))
{
writer.Write(p);
}
writer.Close();
}
public void CloseCall()
{
// Close capture file
captureFileWriter.Close();
// Create details file
using (StreamWriter sr = new StreamWriter(File.OpenWrite(SIPPacketFilePath + "\\" + CallID + ".txt")))
{
sr.WriteLine(string.Format("{0,-20}: {1}", "Call Started", CallStarted.ToString()));
sr.WriteLine(string.Format("{0,-20}: {1}", "Callee", this.CalleeIP.ToString()));
// sr.WriteLine(string.Format("{0,-20}: {1}", "Callee ID", this.CalleeID.ToString()));
sr.WriteLine(string.Format("{0,-20}: {1}", "Caller", this.CallerIP.ToString()));
// sr.WriteLine(string.Format("{0,-20}: {1}", "Caller ID", this.CallerID.ToString()));
sr.WriteLine(string.Format("{0,-20}: {1}", "Hungup", this.WhoHungUp.ToString()));
}
}
private void toolStripButton5_Click(object sender, EventArgs e)
{
SaveFileDialog dia = new SaveFileDialog();
dia.Filter = "数据包文件 (*.pcap)|*.pcap";
if (dia.ShowDialog() == System.Windows.Forms.DialogResult.OK)
{
CaptureFileWriterDevice fileWriter = new CaptureFileWriterDevice(dia.FileName);
foreach (Packet packet in softRoute.packets)
{
fileWriter.Write(packet.Bytes);
}
fileWriter.Close();
}
}
void do分析_Click(object sender, EventArgs e)
{
var __配置 = new M抓包配置
{
项目 = _当前项目,
录像 = this.in来源_文件.Checked
};
_B项目.保存项目映射(_当前项目.称, _当前项目.当前通信设备);
H程序配置.设置("当前项目索引", this.in项目.SelectedIndex.ToString());
if (__配置.录像)
{
var __录像名 = this.in文件.Text.Trim();
if (!File.Exists(__录像名))
{
XtraMessageBox.Show("请选择文件!");
return;
}
var __放映机 = new CaptureFileReaderDevice(__录像名);
__配置.网卡 = __放映机;
显示抓包列表窗口(__配置);
__放映机.Close();
}
else
{
__配置.网卡 = (ICaptureDevice)this.in网卡.SelectedItem;
if (__配置.网卡 == null)
{
XtraMessageBox.Show("请选择网卡!");
return;
}
H程序配置.设置("当前网卡索引", this.in网卡.SelectedIndex.ToString());
var __录像目录 = H路径.获取绝对路径("录像\\");
if (!Directory.Exists(__录像目录))
{
Directory.CreateDirectory(__录像目录);
}
var __录像机 = new CaptureFileWriterDevice(Path.Combine(__录像目录, _当前项目.称 + " " + DateTime.Now.ToString("yyyy-MM-dd hh-mm-ss")));
PacketArrivalEventHandler __处理抓包 = (object sender1, CaptureEventArgs e1) => __录像机.Write(e1.Packet);
__配置.网卡.OnPacketArrival += __处理抓包;
显示抓包列表窗口(__配置);
__配置.网卡.OnPacketArrival -= __处理抓包;
__录像机.Close();
}
}
private void savefileCaptureToobar_Click(object sender, RoutedEventArgs e)
{
new Thread(() =>
{
System.DateTime startTime = TimeZone.CurrentTimeZone.ToLocalTime(new System.DateTime(1970, 1, 1)); // 当地时区
long timeStamp = (long)(DateTime.Now - startTime).TotalMilliseconds; // 相差毫秒数
string filename = @"E:\CapFile\capfile-" + timeStamp.ToString();
//File.Create(filename);
captureFileWriterDevice = new CaptureFileWriterDevice(filename);
foreach (var p in packets)
{
captureFileWriterDevice.Write(p);
}
packets.Clear();
captureFileWriterDevice.Close();
}).Start();
}
private void Save_Click(object sender, EventArgs e)
{
var sfd = new SaveFileDialog
{
Filter = "Pcap Files (*.pcap)|*.pcap",
FilterIndex = 2,
RestoreDirectory = true
};
if (sfd.ShowDialog() == DialogResult.OK)
{
var writer = new CaptureFileWriterDevice(sfd.FileName);
writer.Open();
foreach (var packet in _reader.RawCapturedPacked)
{
writer.Write(packet);
}
writer.Close();
}
}
private void do仅录像_Click(object sender, EventArgs e)
{
var _网卡 = (ICaptureDevice)this.in网卡.SelectedItem;
var __录像目录 = H路径.获取绝对路径("录像\\");
if (!Directory.Exists(__录像目录))
{
Directory.CreateDirectory(__录像目录);
}
var __录像机 = new CaptureFileWriterDevice(Path.Combine(__录像目录, _当前项目.称 + " " + DateTime.Now.ToString("yyyy-MM-dd hh-mm-ss")));
PacketArrivalEventHandler __处理抓包 = (object sender1, CaptureEventArgs e1) => __录像机.Write(e1.Packet);
_网卡.OnPacketArrival += __处理抓包;
_网卡.Open();
_网卡.Filter = H公共.获取过滤表达式(_当前项目.当前通信设备);
_网卡.StartCapture();
XtraMessageBox.Show(string.Format("开始时间: {0}, 按OK键终止录像!", DateTime.Now), "录像中", MessageBoxButtons.OK, MessageBoxIcon.Information);
_网卡.OnPacketArrival -= __处理抓包;
_网卡.Close();
__录像机.Close();
}
public void StoreL7Conversation(L7Conversation l7Conversation)
{
var pcapFilename = $"{l7Conversation.Id}.pcapng";
var pcapPath = Path.Combine(this._configuration.BaseDirectory, pcapFilename);
CaptureFileWriterDevice pcapWriterDevice = null;
try
{
pcapWriterDevice = new CaptureFileWriterDevice(pcapPath);
var rawCaptures = l7Conversation.ReconstructRawCaptures();
foreach (var rawCapture in rawCaptures)
{
pcapWriterDevice.Write(rawCapture);
}
}
finally
{
pcapWriterDevice?.Close();
}
}
public void device_OnCaptureStopped(object sender, CaptureStoppedEventStatus status)
{
captureFileWriter.Close();
signal.Release();
}
public void Close()
{
_device.Close();
}
public void SniffConnection()
{
//var packets = new List<RawCapture>();
LibPcapLiveDevice device = null;
CaptureFileWriterDevice FileWriter = null;
var devices = CaptureDeviceList.Instance;
foreach (var dev in devices)
{
if (((LibPcapLiveDevice)dev).Interface.FriendlyName.Equals("Wi-Fi 3")) // check for the interface to capture from "Wireless Network Connection"))//
{
device = (LibPcapLiveDevice)dev;
break;
}
}
try
{
//Open the device for capturing
device.Open(DeviceMode.Promiscuous);
}
catch (Exception e)
{
Console.WriteLine(e.Message);
return;
}
//Register our handler function to the 'packet arrival' event
//device.OnPacketArrival += (sender, packets_storage) => PacketArrivalHandler(sender, ref packets);
//set filter for device
//device.Filter = "(ip src " + ((IPEndPoint)client.Client.LocalEndPoint).Address + " and ip dst " + ((IPEndPoint)client.Client.RemoteEndPoint).Address
// + ") or (ip src " + ((IPEndPoint)client.Client.RemoteEndPoint).Address + " and ip dst " + ((IPEndPoint)client.Client.LocalEndPoint).Address + ")";
Console.WriteLine("sniffing...");
int packets_count;
try
{
//device.Capture();
RawCapture raw;
while (true)
{
FileWriter = new CaptureFileWriterDevice(DateTime.Now.ToString("yyyy-dd-M--HH-mm-ss") + ".pcap", System.IO.FileMode.Create);
packets_count = 0;
while (packets_count < 20)
{
raw = device.GetNextPacket();
if (raw != null)
{
var packet = Packet.ParsePacket(raw.LinkLayerType, raw.Data);
var tcpPacket = (TcpPacket)packet.Extract(typeof(TcpPacket));
var ipPacket = (IpPacket)packet.Extract(typeof(IpPacket));
if (ipPacket != null && tcpPacket != null)
{
if (!ipPacket.SourceAddress.Equals(Analyzer.GetCurrentIPAddress())) // if packet wasn't sent by the honeypot itself
{
FileWriter.Write(raw);
packets_count++;
Console.WriteLine(packets_count);
}
}
}
}
if (FileWriter != null)
{
lock (Analyzer.AnalyzeQueue)
{
Analyzer.AnalyzeQueue.Enqueue(FileWriter.Name);
}
FileWriter.Close();
}
}
}
catch (System.AccessViolationException e)
{
Console.WriteLine(e);
}
catch (Exception e)
{
Console.WriteLine(e);
}
Console.WriteLine("finished sniffing");
//Console.ReadLine();
//System.Diagnostics.Process.GetCurrentProcess().Kill();
}