public static void Trace(Packet packet)
{
IpPacket ipPacket = null;
TcpPacket tcpPacket = null;
try
{
ipPacket = PacketDotNet.IPv4Packet.GetEncapsulated(packet);
if (ipPacket == null)
{
return;
}
tcpPacket = PacketDotNet.TcpPacket.GetEncapsulated(packet);
if (tcpPacket == null)
{
return;
}
}
catch
{
Console.WriteLine();
return;
}
bool _isSend;
if (isMailPort(tcpPacket, out _isSend))
{
// analyze whether the mail session is exist.
if (!MailList.ContainsKey(tcpPacket.SourcePort + tcpPacket.DestinationPort))
{
MailTrace _MailTrace = new MailTrace(ipPacket.SourceAddress, ipPacket.DestinationAddress, tcpPacket.SourcePort, tcpPacket.DestinationPort, _isSend);
_MailTrace.PcapFileWriter.Write(packet.Bytes);
MailList.Add(tcpPacket.SourcePort + tcpPacket.DestinationPort, _MailTrace);
return;
}
// the mail session has exist and write it into pcap file.
MailList[tcpPacket.SourcePort + tcpPacket.DestinationPort].PcapFileWriter.Write(packet.Bytes);
if (MailList[tcpPacket.SourcePort + tcpPacket.DestinationPort].MailEnd == true)
{
MailList.Remove(tcpPacket.SourcePort + tcpPacket.DestinationPort);
}
if (tcpPacket.Fin == true) // the fin flag means the session will be disconnected. First is from Server and Second is from client.
{
MailList[tcpPacket.SourcePort + tcpPacket.DestinationPort].PacketFlagFinCount++;
if (MailList[tcpPacket.SourcePort + tcpPacket.DestinationPort].PacketFlagFinCount == 2)
{
MailList[tcpPacket.SourcePort + tcpPacket.DestinationPort].MailEnd = true;
}
}
}
}
// Analyze the Packet whether need reassemble.
private static bool isReassembledPacketOfPostRequest(IpPacket ipPacket, TcpPacket tcpPacket)
{
return(MailList.ContainsKey(ipPacket.SourceAddress.Address + tcpPacket.SourcePort + tcpPacket.AcknowledgmentNumber));
}
