public PcapParser(IPcapStreamReader pcapStreamReader, byte[] firstFourBytes)
{
this.pcapStreamReader = pcapStreamReader;
this.metadata = new List <KeyValuePair <string, string> >();
//read pcap file header!
byte[] buffer4 = new byte[4]; //32 bits is suitable
byte[] buffer2 = new byte[2]; //16 bits is sometimes needed
//uint wiresharkMagicNumber = 0xa1b2c3d4;
//Section Header Block (mandatory)
if (firstFourBytes == null || firstFourBytes.Length != 4)
{
buffer4 = this.pcapStreamReader.BlockingRead(4);
}
else
{
buffer4 = firstFourBytes;
}
if (this.ToUInt32(buffer4, false) == LIBPCAP_MAGIC_NUMBER)
{
this.littleEndian = false;
this.metadata.Add(new KeyValuePair <string, string>("Endianness", "Big Endian"));
}
else if (this.ToUInt32(buffer4, true) == LIBPCAP_MAGIC_NUMBER)
{
this.littleEndian = true;
this.metadata.Add(new KeyValuePair <string, string>("Endianness", "Little Endian"));
}
else
{
throw new System.IO.InvalidDataException("The stream is not a PCAP file. Magic number is " + this.ToUInt32(buffer4, false).ToString("X2") + " or " + this.ToUInt32(buffer4, true).ToString("X2") + " but should be " + LIBPCAP_MAGIC_NUMBER.ToString("X2") + ".");
}
/* major version number */
this.pcapStreamReader.BlockingRead(buffer2, 0, 2);
ushort majorVersionNumber = ToUInt16(buffer2, this.littleEndian);
/* minor version number */
this.pcapStreamReader.BlockingRead(buffer2, 0, 2);
ushort minorVersionNumber = ToUInt16(buffer2, this.littleEndian);
/* GMT to local correction */
this.pcapStreamReader.BlockingRead(buffer4, 0, 4);
int timezoneOffsetSeconds = (int)ToUInt32(buffer4, this.littleEndian);
/* accuracy of timestamps */
this.pcapStreamReader.BlockingRead(buffer4, 0, 4);
/* max length of captured packets, in octets */
this.pcapStreamReader.BlockingRead(buffer4, 0, 4);
uint maximumPacketSize = ToUInt32(buffer4, this.littleEndian);
/* data link type */
this.pcapStreamReader.BlockingRead(buffer4, 0, 4); //offset = 20 = 0x14
this.dataLinkType = (PcapFrame.DataLinkTypeEnum)ToUInt32(buffer4, this.littleEndian);
this.metadata.Add(new KeyValuePair <string, string>("Data Link Type", dataLinkType.ToString()));
}
public PcapParser(IPcapStreamReader pcapStreamReader)
: this(pcapStreamReader, null)
{
}
public IPcapParser CreatePcapParser(IPcapStreamReader pcapStreamReader)
{
return(new PcapParser(pcapStreamReader));
}
