public void UDPData()
{
Packet p;
UDPPacket u;
PcapOfflineDevice dev = Pcap.GetPcapOfflineDevice("../../capture_files/udp_dns_request_response.pcap");
dev.Open();
// check the first packet
p = dev.GetNextPacket();
Assert.IsNotNull(p);
Assert.IsTrue(p is UDPPacket);
u = (UDPPacket)p;
Assert.AreEqual(41 - u.UDPHeader.Length, u.UDPData.Length, "UDPData.Length mismatch");
// check the second packet
p = dev.GetNextPacket();
Assert.IsNotNull(p);
Assert.IsTrue(p is UDPPacket);
u = (UDPPacket)p;
Assert.AreEqual(356 - u.UDPHeader.Length, u.UDPData.Length, "UDPData.Length mismatch");
Console.WriteLine("u is {0}", u.ToString());
dev.Close();
}
private void mFileImportMenu_Click(object pSender, EventArgs pArgs)
{
if (mImportDialog.ShowDialog(this) != DialogResult.OK)
{
return;
}
PcapOfflineDevice device = new PcapOfflineDevice(mImportDialog.FileName);
device.Open();
Packet packet = null;
SessionForm session = null;
while ((packet = device.GetNextPacket()) != null)
{
TCPPacket tcpPacket = packet as TCPPacket;
if (tcpPacket == null)
{
continue;
}
if ((tcpPacket.SourcePort < Config.Instance.LowPort || tcpPacket.SourcePort > Config.Instance.HighPort) &&
(tcpPacket.DestinationPort < Config.Instance.LowPort || tcpPacket.DestinationPort > Config.Instance.HighPort))
{
continue;
}
if (tcpPacket.Syn && !tcpPacket.Ack)
{
session = NewSession(); session.BufferTCPPacket(tcpPacket);
}
else if (session.MatchTCPPacket(tcpPacket))
{
session.BufferTCPPacket(tcpPacket);
}
}
}
public void ParsingArpPacketRequestResponse()
{
PcapOfflineDevice dev = Pcap.GetPcapOfflineDevice("../../capture_files/arp_request_response.pcap");
dev.Open();
Packet p;
int packetIndex = 0;
while ((p = dev.GetNextPacket()) != null)
{
Console.WriteLine("got packet");
Console.WriteLine("{0}", p.ToString());
switch (packetIndex)
{
case 0:
VerifyPacket0(p);
break;
case 1:
VerifyPacket1(p);
break;
default:
Assert.Fail("didn't expect to get to packetIndex " + packetIndex);
break;
}
packetIndex++;
}
dev.Close();
}
public virtual void TCPData()
{
PcapOfflineDevice dev = Pcap.GetPcapOfflineDevice("../../capture_files/tcp_with_extra_bytes.pcap");
dev.Open();
Packet p;
p = dev.GetNextPacket();
Assert.IsNotNull(p);
Console.WriteLine(p.GetType());
Assert.IsTrue(p is TCPPacket);
TCPPacket t = (TCPPacket)p;
// even though the packet has 6 bytes of extra data, the ip packet shows a size of
// 40 and the ip header has a length of 20. The TCP header is also 20 bytes so
// there should be zero bytes in the TCPData value
int expectedTcpDataLength = 0;
Assert.AreEqual(expectedTcpDataLength, t.TCPData.Length);
dev.Close();
}
public void IPv6PacketTestParsing()
{
PcapOfflineDevice dev = Pcap.GetPcapOfflineDevice("../../capture_files/ipv6_icmpv6_packet.pcap");
dev.Open();
Packet p;
int packetIndex = 0;
while ((p = dev.GetNextPacket()) != null)
{
Console.WriteLine("got packet");
switch (packetIndex)
{
case 0:
VerifyPacket0(p);
break;
default:
Assert.Fail("didn't expect to get to packetIndex " + packetIndex);
break;
}
packetIndex++;
}
dev.Close();
}
private void OpenCaptureFile()
{
if (!capturedPacketsHaveBeenSaved)
{
DialogResult userWish = ShowDialogAskingUserToSaveCaptureData(ActionType.OpeningCaptureFile);
if (userWish == DialogResult.OK)
{
SaveCapturedPacketsToFile();
}
else if (userWish == DialogResult.Cancel)
{
return;
}
}
// Nullify the packets counter and clear the structures that keep
// the captured packets info
ClearDataStructures();
capturedPacketsHaveBeenSaved = true;
// Get an offline file pcap device
PcapDevice offlineDevice = new PcapOfflineDevice(openCaptureFileDialog.FileName);
try
{
Cursor = Cursors.WaitCursor;
// Open the device for capturing
offlineDevice.Open();
// Register our handler function to the "packet arrival" event
offlineDevice.OnPacketArrival += new Pcap.PacketArrivalEvent(device_OnPacketArrival);
// Start capture "INFINTE" number of packets
// This method will return when EOF reached.
offlineDevice.Capture(Pcap.INFINITE);
// Set the MainForm text
SetMainFormText(String.Format("{0} - Wi-Fi Sniffer", Path.GetFileName(openCaptureFileDialog.FileName)));
// Set the status labels texts
SetStatusLabelsTexts(String.Format("File: \"{0}\"", openCaptureFileDialog.FileName), packetsCount == 0 ? "| No packets" : String.Format("| Displayed packets: {0}", packetsCount));
}
catch (Exception ex)
{
MessageBox.Show(ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
finally
{
// Close the pcap device
offlineDevice.Close();
Cursor = Cursors.Default;
}
}
public void TestParsingKnownPackets()
{
PcapOfflineDevice dev = Pcap.GetPcapOfflineDevice("../../capture_files/test_stream.pcap");
dev.Open();
Packet p;
int packetIndex = 0;
while ((p = dev.GetNextPacket()) != null)
{
Console.WriteLine("got packet");
switch (packetIndex)
{
case 0:
VerifyPacket0(p);
break;
case 1:
VerifyPacket1(p);
break;
case 2:
VerifyPacket2(p);
break;
case 3:
VerifyPacket3(p);
break;
case 4:
VerifyPacket4(p);
break;
case 5:
VerifyPacket5(p);
break;
default:
Assert.Fail("didn't expect to get to packetIndex " + packetIndex);
break;
}
packetIndex++;
}
dev.Close();
}
public virtual void Checksum()
{
PcapOfflineDevice dev = Pcap.GetPcapOfflineDevice("../../capture_files/tcp.pcap");
dev.Open();
Packet p;
p = dev.GetNextPacket();
Assert.IsNotNull(p);
Console.WriteLine(p.GetType());
Assert.IsTrue(p is TCPPacket);
TCPPacket t = (TCPPacket)p;
Console.WriteLine("Checksum: " + t.Checksum.ToString("X"));
Assert.IsTrue(t.ValidChecksum);
dev.Close();
}
public void TCPChecksumIPv6()
{
PcapOfflineDevice dev = Pcap.GetPcapOfflineDevice("../../capture_files/ipv6_http.pcap");
dev.Open();
Packet p;
// checksums from wireshark of the capture file
int[] expectedChecksum = { 0x41a2,
0x4201,
0x5728,
0xf448,
0xee07,
0x939c,
0x63e4,
0x4590,
0x3725,
0x3723 };
int packetIndex = 0;
while ((p = dev.GetNextPacket()) != null)
{
Assert.IsTrue(p is TCPPacket);
TCPPacket t = (TCPPacket)p;
Assert.IsTrue(t.ValidChecksum);
// compare the computed checksum to the expected one
Assert.AreEqual(expectedChecksum[packetIndex],
t.ComputeTCPChecksum());
packetIndex++;
}
dev.Close();
}
private void SendCaptureFile()
{
if (!ValidateUserInput())
{
return;
}
// Get the network device through which the packets will be sent.
PcapDevice device = chooseDeviceUserControl.Device;
// Get an offline file pcap device
PcapDevice offlineDevice = new PcapOfflineDevice(textBoxCaptureFile.Text);
PcapSendQueue sendQueue = null;
bool isDeviceOpenedInThisForm = false;
try
{
Cursor = Cursors.WaitCursor;
if (!device.Opened)
{
device.Open();
isDeviceOpenedInThisForm = true;
}
// Open the device for capturing
offlineDevice.Open();
// Allocate a new send queue
sendQueue = new PcapSendQueue
((int)((PcapOfflineDevice)offlineDevice).FileSize);
Packet packet;
// Go through all packets in the file and add to the queue
while ((packet = offlineDevice.GetNextPacket()) != null)
{
if (!sendQueue.Add(packet))
{
MessageBox.Show(
"Packet buffer too small, not all the packets will be sent.",
"Warning",
MessageBoxButtons.OK,
MessageBoxIcon.Warning);
break;
}
}
if (device.PcapDataLink != offlineDevice.PcapDataLink)
{
DialogResult answer = MessageBox.Show(
"The datalink of the capture differs from the one of the" +
"\nselected interface. Do you want to continue?",
"Question",
MessageBoxButtons.YesNo,
MessageBoxIcon.Question);
if (answer == DialogResult.No)
{
return;
}
}
int bytesSent = device.SendQueue(sendQueue, false);
if (bytesSent < sendQueue.CurrentLength)
{
MessageBox.Show(
String.Format("An error occurred sending the packets: {0}.\nOnly {1} bytes were sent.", device.LastError, bytesSent),
"Error",
MessageBoxButtons.OK,
MessageBoxIcon.Error);
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
finally
{
// Close the pcap device
offlineDevice.Close();
// Free the queue
if (sendQueue != null)
{
sendQueue.Dispose();
}
if (isDeviceOpenedInThisForm)
{
device.Close();
}
Cursor = Cursors.Default;
}
}
private void mFileImportMenu_Click(object pSender, EventArgs pArgs)
{
if (mImportKEYSDialog.ShowDialog(this) != DialogResult.OK)
{
return;
}
byte[] characterKey = null;
byte[] worldKey = null;
using (BinaryReader reader = new BinaryReader(new FileStream(mImportKEYSDialog.FileName, FileMode.Open)))
{
while (reader.BaseStream.Position < reader.BaseStream.Length)
{
bool unknown = false;
switch (reader.ReadByte())
{
case 0x00:
characterKey = reader.ReadBytes(128);
break;
case 0x01:
worldKey = reader.ReadBytes(128);
break;
default: unknown = true; break;
}
if (unknown)
{
break;
}
}
}
if (characterKey == null && worldKey == null)
{
MessageBox.Show(this, "You have selected an invalid keys file.", "Invalid Keys", MessageBoxButtons.OK, MessageBoxIcon.Error);
return;
}
if (characterKey != null)
{
Array.Reverse(characterKey);
}
if (worldKey != null)
{
Array.Reverse(worldKey);
}
Dictionary <bool, byte[]> keys = new Dictionary <bool, byte[]>();
keys[true] = characterKey;
keys[false] = worldKey;
if (mImportPCAPDialog.ShowDialog(this) != DialogResult.OK)
{
return;
}
string pcapFileName = mImportPCAPDialog.FileName;
PcapOfflineDevice device = new PcapOfflineDevice(pcapFileName);
device.Open();
Packet packet = null;
SessionForm session = null;
Dictionary <SessionForm, int> totalSessionTCPPackets = new Dictionary <SessionForm, int>();
HashSet <SessionForm> terminatedSessions = new HashSet <SessionForm>();
while ((packet = device.GetNextPacket()) != null)
{
TCPPacket tcpPacket = packet as TCPPacket;
if (tcpPacket == null)
{
continue;
}
session = Array.Find(MdiChildren, f => (f as SessionForm).MatchTCPPacket(tcpPacket)) as SessionForm;
if (session == null && tcpPacket.Syn && !tcpPacket.Ack)
{
session = NewSession();
session.ImportClientPrivateKeys(keys);
session.BufferTCPPacket(tcpPacket);
totalSessionTCPPackets[session] = 0;
Application.DoEvents();
}
if (session != null && !terminatedSessions.Contains(session))
{
totalSessionTCPPackets[session] += 1;
}
if (session != null && (tcpPacket.Fin || tcpPacket.Rst))
{
terminatedSessions.Add(session);
}
}
device.Close();
device = new PcapOfflineDevice(pcapFileName);
device.Open();
Dictionary <SessionForm, int> processedSessionTCPPackets = new Dictionary <SessionForm, int>();
Dictionary <SessionForm, int> processedSessionPercents = new Dictionary <SessionForm, int>();
while ((packet = device.GetNextPacket()) != null)
{
if (mClosing)
{
break;
}
TCPPacket tcpPacket = packet as TCPPacket;
if (tcpPacket == null)
{
continue;
}
session = Array.Find(MdiChildren, f => (f as SessionForm).MatchTCPPacket(tcpPacket)) as SessionForm;
if (session != null)
{
if (mDockPanel.ActiveDocument != session)
{
session.Activate();
}
if (!processedSessionTCPPackets.ContainsKey(session))
{
processedSessionTCPPackets[session] = 0;
}
if (!processedSessionPercents.ContainsKey(session))
{
processedSessionPercents[session] = 0;
}
processedSessionTCPPackets[session] += 1;
session.BufferTCPPacket(tcpPacket);
int newPercent = (processedSessionTCPPackets[session] * 100) / totalSessionTCPPackets[session];
while (newPercent > processedSessionPercents[session])
{
processedSessionPercents[session] += 1;
session.ProgressUpdate();
}
}
}
}
