public static void Trace(Packet packet, PacketMonitorForm PacketMonitor)
{
IpPacket ipPacket = null;
TcpPacket tcpPacket = null;
try
{
ipPacket = PacketDotNet.IpPacket.GetEncapsulated(packet);
if (ipPacket == null || ipPacket.Version == IpVersion.IPv6)
{
return;
}
tcpPacket = PacketDotNet.TcpPacket.GetEncapsulated(packet);
if (tcpPacket == null)
{
return;
}
long Key = ipPacket.SourceAddress.Address + tcpPacket.SourcePort + ipPacket.DestinationAddress.Address + tcpPacket.AcknowledgmentNumber;
if (isReassembledPacketOfPostRequest(ipPacket, tcpPacket))
{
PacketReassemble(Key, tcpPacket);
MailList[Key].TimeToLive = 0;
// Var_PushFlag == true 表示資料都已經擷取完全
if (MailList[Key].Var_PushFlag == true)
{
var Mail = MailList[Key];
foreach (var Data in Mail.PostRequestDataList)
{
Mail.PostRequestData += new string(Data);
}
foreach (var Data in Mail.VarDataList)
{
Mail.VarData += new string(Data);
}
DoSomething(Mail, PacketMonitor);
MailList.Remove(Key);
}
}
else if (isPostRequest(tcpPacket))
{
MailList.Add(Key, new HttpMail(ipPacket, tcpPacket));
}
else
{
return;
}
AddMailLiveTime();
}
catch
{
Console.WriteLine();
return;
}
}
public static void Trace(Packet packet)
{
IpPacket ipPacket = null;
TcpPacket tcpPacket = null;
try
{
ipPacket = PacketDotNet.IPv4Packet.GetEncapsulated(packet);
if (ipPacket == null)
{
return;
}
tcpPacket = PacketDotNet.TcpPacket.GetEncapsulated(packet);
if (tcpPacket == null)
{
return;
}
}
catch
{
Console.WriteLine();
return;
}
bool _isSend;
if (isMailPort(tcpPacket, out _isSend))
{
// analyze whether the mail session is exist.
if (!MailList.ContainsKey(tcpPacket.SourcePort + tcpPacket.DestinationPort))
{
MailTrace _MailTrace = new MailTrace(ipPacket.SourceAddress, ipPacket.DestinationAddress, tcpPacket.SourcePort, tcpPacket.DestinationPort, _isSend);
_MailTrace.PcapFileWriter.Write(packet.Bytes);
MailList.Add(tcpPacket.SourcePort + tcpPacket.DestinationPort, _MailTrace);
return;
}
// the mail session has exist and write it into pcap file.
MailList[tcpPacket.SourcePort + tcpPacket.DestinationPort].PcapFileWriter.Write(packet.Bytes);
if (MailList[tcpPacket.SourcePort + tcpPacket.DestinationPort].MailEnd == true)
{
MailList.Remove(tcpPacket.SourcePort + tcpPacket.DestinationPort);
}
if (tcpPacket.Fin == true) // the fin flag means the session will be disconnected. First is from Server and Second is from client.
{
MailList[tcpPacket.SourcePort + tcpPacket.DestinationPort].PacketFlagFinCount++;
if (MailList[tcpPacket.SourcePort + tcpPacket.DestinationPort].PacketFlagFinCount == 2)
{
MailList[tcpPacket.SourcePort + tcpPacket.DestinationPort].MailEnd = true;
}
}
}
}
