/// <summary>
/// Log a new ethernet packet.
/// </summary>
/// <param name="packet">
/// The packet to log.
/// </param>
public void LogPacket(Ethernet802_3 packet)
{
lock (m_logger.XmlWriter)
{
// <EthernetHeader>
m_logger.XmlWriter.WriteStartElement("EthernetHeader");
m_logger.XmlWriter.WriteElementString("SourceMAC", packet.SourceMACAddress.ToString('-'));
m_logger.XmlWriter.WriteElementString("DestinationMAC", packet.DestinationMACAddress.ToString('-'));
m_logger.XmlWriter.WriteElementString("NetworkProtocol", packet.NetworkProtocol.ToString());
m_logger.XmlWriter.WriteEndElement();
// </EthernetHeader>
}
}
/// <summary>
/// Resolve an IP address to a physical address.
/// </summary>
/// <param name="address">
/// The IP address to resolve.
/// </param>
/// <returns>
/// Returns the physical address belonging to the IP address.
/// </returns>
/// <exception cref="ObjectDisposedException">
/// If the object has already been disposed then an ObjectDisposedException
/// will be thrown
/// </exception>
/// <exception cref="Exception">
/// If the driver failed to start or was not bound, an exception will be thrown.
/// </exception>
public MACAddress ResolveIPAddress(IPAddress address)
{
if (m_disposed)
{
throw new ObjectDisposedException(this.ToString());
}
if (!m_driver.DriverStarted)
{
throw new Exception("The driver has not been started.");
}
if (!m_driver.DriverBound)
{
throw new Exception("The driver has not yet been bound to a device.");
}
Ethernet802_3 ethernet = new Ethernet802_3();
// construct the ethernet header
ethernet.SourceMACAddress = m_driver.BoundAdapter.MediaAccessControlAddress;
ethernet.DestinationMACAddress = MACAddress.BroadcastAddress;
ethernet.NetworkProtocol = NetworkLayerProtocol.ARP;
ArpPacket arp = new ArpPacket();
// construct the ARP header
arp.Type = ArpOpcode.Request;
arp.Protocol = NetworkLayerProtocol.IP;
arp.MediaType = MediaType.Ethernet;
arp.SourceMACAddress = ethernet.SourceMACAddress;
arp.SourceIPAddress = m_driver.BoundAdapter.Interfaces[0].Address;
arp.DestinationIPAddress = address;
// serialize and send the packet
ethernet.Data = arp.Serialize();
m_driver.SendPacket(ethernet.Serialize());
m_querying = true;
// wait for the reply
while (m_querying)
{
byte[] packet = m_driver.RecievePacket();
Ethernet802_3 ethReply = new Ethernet802_3(packet);
// if this is an ARP packet
if (ethReply.NetworkProtocol == NetworkLayerProtocol.ARP)
{
ArpPacket arpReply = new ArpPacket(ethReply.Data);
// if this is an ARP reply
if (arpReply.Type == ArpOpcode.Reply)
{
// if the address matches the one we requested
if (arpReply.SourceIPAddress.Equals(address))
{
// return the MAC address
return(arpReply.SourceMACAddress);
}
}
}
}
return(MACAddress.BroadcastAddress);
}
public void packetTvwDecode(byte [] capPacket, TreeView tvwDecode)
{
#region Parse Ethernet Header
Ethernet802_3 ethernet = new Ethernet802_3(capPacket);
strSourceMacAddress = ethernet.SourceMACAddress.ToString();
strDestMacAddress = ethernet.DestinationMACAddress.ToString();
strEthernet = "Ethernet II, Src: " + strSourceMacAddress + ", Dst: " + strDestMacAddress;
strSrcMac = "Source: " + strSourceMacAddress;
strDstMac = "Destination: " + strDestMacAddress;
strEthernetType = "Type: " + ethernet.NetworkProtocol.ToString();
strData = "Data: " + ethernet.Data.ToString();
TreeNode nodeEthernet = tvwDecode.Nodes.Add(strEthernet);
TreeNode nodeEthernetDstMac = nodeEthernet.Nodes.Add(strDstMac);
TreeNode nodeEthernetSrcMac = nodeEthernet.Nodes.Add(strSrcMac);
TreeNode nodeType = nodeEthernet.Nodes.Add(strEthernetType);
TreeNode nodeData = nodeEthernet.Nodes.Add(strData);
#region Parse Network Protocol
switch (ethernet.NetworkProtocol)
{
case NetworkLayerProtocol.IP:
IpV4Packet ip = new IpV4Packet(ethernet.Data);
strIp = "Internet Protocol, Src Addr: " + ip.SourceAddress.ToString() + ", Dest Addr: " + ip.DestinationAddress.ToString();
strIpVersion = "Version: " + ip.Version.ToString();
int intIpHeaderLengthHex = ip.HeaderLength;
int intIpHeaderLengthBytes = intIpHeaderLengthHex * 4;
strIpHeaderLength = "Header Length: " + intIpHeaderLengthBytes.ToString() + " bytes";
strTypeOfService = "Type of Service: " + ip.TypeOfService.ToString();
strIpTotalLength = "Total Length: " + ip.TotalLength.ToString();
strIpIdentification = "Identification: " + ip.Identification.ToString();
strIpFlags = "Flags: " + ip.ControlFlags.ToString();
strIpFragment = "Fragment Offset: " + ip.Fragments.ToString();
strIpTtl = "Time To Live: " + ip.TimeToLive.ToString();
strIpProtocol = "Protocol: " + ip.TransportProtocol.ToString();
strIpChecksum = "Header Checksum: " + ip.Checksum.ToString();
if (ip.Options != null)
{
strIpOptions = "Options: " + ip.Options.ToString();
}
if (ip.Padding != null)
{
strIpPadding = "Padding: " + ip.Padding.ToString();
}
TreeNode nodeIP = tvwDecode.Nodes.Add(strIp);
TreeNode nodeIpVersion = nodeIP.Nodes.Add(strIpVersion);
TreeNode nodeIpHeaderLength = nodeIP.Nodes.Add(strIpHeaderLength);
TreeNode nodeTypeOfService = nodeIP.Nodes.Add(strTypeOfService);
TreeNode nodeIpTotalLength = nodeIP.Nodes.Add(strIpTotalLength);
TreeNode nodeIpIdentification = nodeIP.Nodes.Add(strIpIdentification);
TreeNode nodeIpFlags = nodeIP.Nodes.Add(strIpFlags);
TreeNode nodeIpFragment = nodeIP.Nodes.Add(strIpFragment);
TreeNode nodeIpTtl = nodeIP.Nodes.Add(strIpTtl);
TreeNode nodeIpProtocol = nodeIP.Nodes.Add(strIpProtocol);
TreeNode nodeIpChecksum = nodeIP.Nodes.Add(strIpChecksum);
TreeNode nodeIpOptions = null;
TreeNode nodeIpPadding = null;
if (ip.Options != null)
{
nodeIpOptions = nodeIP.Nodes.Add(strIpOptions);
}
if (ip.Padding != null)
{
nodeIpPadding = nodeIP.Nodes.Add(strIpPadding);
}
//TreeNode nodeData = tvwDecode.Nodes.Add(strData);
#region Parse Transport Protocol
switch (ip.TransportProtocol)
{
case ProtocolType.Tcp:
TcpPacket tcp = new TcpPacket(ip.Data);
strTcp = "Transmission Control Protocol, Src Port: " + tcp.SourcePort.ToString() + ", Dst Port: " + tcp.DestinationPort.ToString() + ", Seq: " + tcp.SequenceNumber.ToString() + ", Ack: " + tcp.AcknowledgmentNumber.ToString();
strTcpSrcPort = "Source port: " + tcp.SourcePort.ToString();
strTcpDstPort = "Destination port: " + tcp.DestinationPort.ToString();
strTcpSeq = "Sequence number: " + tcp.SequenceNumber.ToString();
strTcpAck = "Acknowledgement number: " + tcp.AcknowledgmentNumber.ToString();
strTcpOffset = "Offset: " + tcp.Offset.ToString();
strTcpFlags = "Flags: " + tcp.Flags.ToString();
strTcpWindow = "Window size: " + tcp.Window.ToString();
strTcpChecksum = "Checksum: " + tcp.Checksum.ToString();
strTcpUrgetPointer = "Urgent Pointer: " + tcp.UrgentPointer.ToString();
if (tcp.Options != null)
{
strTcpOptions = "Options: " + tcp.Options.ToString();
}
if (tcp.Padding != null)
{
strTcpPadding = "Padding: " + tcp.Padding.ToString();
}
if (tcp.Data != null)
{
strTcpData = "Data: " + tcp.Data.ToString();
}
TreeNode nodeTcp = tvwDecode.Nodes.Add(strTcp);
TreeNode nodeTcpSrcPort = nodeTcp.Nodes.Add(strTcpSrcPort);
TreeNode nodeTcpDstPort = nodeTcp.Nodes.Add(strTcpDstPort);
TreeNode nodeTcpSeq = nodeTcp.Nodes.Add(strTcpSeq);
TreeNode nodeTcpAck = nodeTcp.Nodes.Add(strTcpAck);
TreeNode nodeTcpOffset = nodeTcp.Nodes.Add(strTcpOffset);
TreeNode nodeTcpFlags = nodeTcp.Nodes.Add(strTcpFlags);
TreeNode nodeTcpWindow = nodeTcp.Nodes.Add(strTcpWindow);
TreeNode nodeTcpChecksum = nodeTcp.Nodes.Add(strTcpChecksum);
TreeNode nodeTcpUrgetPointer = nodeTcp.Nodes.Add(strTcpUrgetPointer);
TreeNode nodeTcpOptions = null;
TreeNode nodeTcpPadding = null;
TreeNode nodeTcpData = null;
if (tcp.Options != null)
{
nodeTcpOptions = nodeTcp.Nodes.Add(strTcpOptions);
}
if (tcp.Padding != null)
{
nodeTcpPadding = nodeTcp.Nodes.Add(strTcpPadding);
}
if (tcp.Data != null)
{
nodeTcpData = nodeTcp.Nodes.Add(strTcpData);
}
break;
case ProtocolType.Udp:
UdpPacket udp = new UdpPacket(ip.Data);
strUdp = "User Datagram Protocol, Src Port: " + udp.SourcePort.ToString() + ", Dst Port: " + udp.DestinationPort.ToString();
strUdpSrcPort = "Source port: " + udp.SourcePort.ToString();
strUdpDstPort = "Destination port: " + udp.DestinationPort.ToString();
strUdpLength = "Length: " + udp.Length.ToString();
strUdpChecksum = "Checksum: " + udp.Checksum.ToString();
if (udp.Data != null)
{
strUdpData = "Data: " + udp.Data.ToString();
}
TreeNode nodeUdp = tvwDecode.Nodes.Add(strUdp);
TreeNode nodeUdpSrcPort = nodeUdp.Nodes.Add(strUdpSrcPort);
TreeNode nodeUdpDstPort = nodeUdp.Nodes.Add(strUdpDstPort);
TreeNode nodeUdpLength = nodeUdp.Nodes.Add(strUdpLength);
TreeNode nodeUdpChecksum = nodeUdp.Nodes.Add(strUdpChecksum);
TreeNode nodeUdpData = null;
if (udp.Data != null)
{
nodeUdpData = nodeUdp.Nodes.Add(strUdpData);
}
break;
case ProtocolType.Icmp:
IcmpPacket icmp = new IcmpPacket(ip.Data);
strIcmp = "Internet Control Message Protocol";
strIcmpMessageType = "Data: " + icmp.MessageType.ToString();
strIcmpCode = "Data: " + icmp.Code.ToString();
strIcmpChecksum = "Data: " + icmp.Checksum.ToString();
strIcmpData = "Data: " + icmp.Data.ToString();
TreeNode nodeIcmp = tvwDecode.Nodes.Add(strIcmp);
TreeNode nodeIcmpMessageType = nodeIcmp.Nodes.Add(strIcmpMessageType);
TreeNode nodeIcmpCode = nodeIcmp.Nodes.Add(strIcmpCode);
TreeNode nodeIcmpChecksum = nodeIcmp.Nodes.Add(strIcmpChecksum);
TreeNode nodenodeIcmpData = nodeIcmp.Nodes.Add(strIcmpData);
break;
}
#endregion
break;
case NetworkLayerProtocol.ARP:
ArpPacket arp = new ArpPacket(ethernet.Data);
strArp = "Address Resolution Protocol";
strArpMediaType = "Hardware Type: " + arp.MediaType.ToString();
strArpProtocolType = "Protocol Type: " + arp.Protocol.ToString();
strArpType = "Opcode: " + arp.Type.ToString();
strArpSrcMac = "Sender MAC Address: " + arp.SourceMACAddress.ToString();
strArpSrcIp = "Sender IP Address: " + arp.SourceIPAddress.ToString();
strArpDstMac = "Target MAC Address: " + arp.DestinationMACAddress.ToString();
strArpDstIp = "Target IP Address: " + arp.DestinationIPAddress.ToString();
TreeNode nodeArp = tvwDecode.Nodes.Add(strArp);
TreeNode nodeMediaType = nodeArp.Nodes.Add(strArpMediaType);
TreeNode nodeArpProtocolType = nodeArp.Nodes.Add(strArpProtocolType);
TreeNode nodeArpType = nodeArp.Nodes.Add(strArpType);
TreeNode nodeArpSrcMac = nodeArp.Nodes.Add(strArpSrcMac);
TreeNode nodeArpSrcIp = nodeArp.Nodes.Add(strArpSrcIp);
TreeNode nodeArpDstMac = nodeArp.Nodes.Add(strArpDstMac);
TreeNode nodeArpDstIp = nodeArp.Nodes.Add(strArpDstIp);
break;
}
#endregion
#endregion
}
private void btnStop_Click(object sender, EventArgs e)
{
if (driver.Disposed == true)
{
return;
}
captureThread.Abort();
driver.CloseDevice();
for (int packetLoop = 0; packetLoop < packetCount; packetLoop++)
{
string sourceIp = "N/A";
string sourceMac = "N/A";
string sourcePort = "N/A";
string destIp = "N/A";
string destMac = "N/A";
string destPort = "N/A";
string protocol = "N/A";
Ethernet802_3 ethernet = new Ethernet802_3(capturedPackets[packetLoop]);
sourceMac = ethernet.SourceMACAddress.ToString();
destMac = ethernet.DestinationMACAddress.ToString();
switch (ethernet.NetworkProtocol)
{
case NetworkLayerProtocol.IP:
IpV4Packet ip = new IpV4Packet(ethernet.Data);
sourceIp = ip.SourceAddress.ToString();
destIp = ip.DestinationAddress.ToString();
protocol = ip.TransportProtocol.ToString().ToUpper();
switch (ip.TransportProtocol)
{
case ProtocolType.Tcp:
TcpPacket tcp = new TcpPacket(ip.Data);
sourcePort = tcp.SourcePort.ToString();
destPort = tcp.DestinationPort.ToString();
break;
case ProtocolType.Udp:
UdpPacket udp = new UdpPacket(ip.Data);
sourcePort = udp.SourcePort.ToString();
destPort = udp.DestinationPort.ToString();
break;
case ProtocolType.Icmp:
IcmpPacket icmp = new IcmpPacket(ip.Data);
break;
}
break;
case NetworkLayerProtocol.ARP:
ArpPacket arp = new ArpPacket(ethernet.Data);
sourceMac = arp.SourceMACAddress.ToString();
destMac = arp.DestinationMACAddress.ToString();
sourceIp = arp.SourceIPAddress.ToString();
destIp = arp.DestinationIPAddress.ToString();
protocol = arp.Protocol.ToString().ToUpper();
break;
}
string[] items = new string[8];
items[0] = packetLoop.ToString();
items[1] = sourceIp;
items[2] = sourceMac;
items[3] = sourcePort;
items[4] = destIp;
items[5] = destMac;
items[6] = destPort;
items[7] = protocol;
lvwPacketCapture.Items.Add(new ListViewItem(items, 0));
}
}
