void ReadHeader() { var headerStart = _reader.ReadBytes(3); // PKT if (Encoding.ASCII.GetString(headerStart) != "PKT") { // pkt does not have a header _reader.BaseStream.Position = 0; return; } pktVersion = (PktVersion)_reader.ReadUInt16(); // sniff version int additionalLength; switch (pktVersion) { case PktVersion.V2_1: SetBuild(_reader.ReadUInt16()); // client build _reader.ReadBytes(40); // session key break; case PktVersion.V2_2: _reader.ReadByte(); // sniffer id SetBuild(_reader.ReadUInt16()); // client build _reader.ReadBytes(4); // client locale _reader.ReadBytes(20); // packet key _reader.ReadBytes(64); // realm name break; case PktVersion.V3_0: _reader.ReadByte(); // sniffer id SetBuild(_reader.ReadUInt32()); // client build _reader.ReadBytes(4); // client locale _reader.ReadBytes(40); // session key additionalLength = _reader.ReadInt32(); _reader.ReadBytes(additionalLength); break; case PktVersion.V3_1: _reader.ReadByte(); // sniffer id SetBuild(_reader.ReadUInt32()); // client build _reader.ReadBytes(4); // client locale _reader.ReadBytes(40); // session key _startTime = Utilities.GetDateTimeFromUnixTime(_reader.ReadUInt32()); // start time _startTickCount = _reader.ReadUInt32(); // start tick count additionalLength = _reader.ReadInt32(); _reader.ReadBytes(additionalLength); break; default: // not supported version - let's assume the PKT bytes were a coincidence _reader.BaseStream.Position = 0; break; } }
void ReadHeader() { var headerStart = _reader.ReadBytes(3); // PKT if (Encoding.ASCII.GetString(headerStart) != "PKT") { // file does not have a header _reader.BaseStream.Position = 0; return; } _pktVersion = (PktVersion)_reader.ReadUInt16(); // sniff version int additionalLength; switch (_pktVersion) { case PktVersion.V2_1: { SetBuild(_reader.ReadUInt16()); // client build _reader.ReadBytes(40); // session key break; } case PktVersion.V2_2: { _snifferId = _reader.ReadByte(); // sniffer id SetBuild(_reader.ReadUInt16()); // client build _reader.ReadBytes(4); // client locale _reader.ReadBytes(20); // packet key _reader.ReadBytes(64); // realm name break; } case PktVersion.V3_0: { _snifferId = _reader.ReadByte(); // sniffer id SetBuild(_reader.ReadUInt32()); // client build _reader.ReadBytes(4); // client locale _reader.ReadBytes(40); // session key additionalLength = _reader.ReadInt32(); var preAdditionalPos = _reader.BaseStream.Position; _reader.ReadBytes(additionalLength); var postAdditionalPos = _reader.BaseStream.Position; if (_snifferId == 10) // xyla { _reader.BaseStream.Position = preAdditionalPos; _startTime = Utilities.GetDateTimeFromUnixTime(_reader.ReadUInt32()); // start time _startTickCount = _reader.ReadUInt32(); // start tick count _reader.BaseStream.Position = postAdditionalPos; } break; } case PktVersion.V3_1: { _snifferId = _reader.ReadByte(); // sniffer id SetBuild(_reader.ReadUInt32()); // client build _reader.ReadBytes(4); // client locale _reader.ReadBytes(40); // session key _startTime = Utilities.GetDateTimeFromUnixTime(_reader.ReadUInt32()); // start time _startTickCount = _reader.ReadUInt32(); // start tick count additionalLength = _reader.ReadInt32(); var optionalData = _reader.ReadBytes(additionalLength); if (_snifferId == 'S') // WSTC { // versions 1.5 and older store human readable sniffer description string in header // version 1.6 adds 3 bytes before that data, 0xFF separator, one byte for major version and one byte for minor version, expecting 0x0106 for 1.6 if (additionalLength >= 3 && optionalData[0] == 0xFF) _snifferVersion = BitConverter.ToInt16(optionalData, 1); else _snifferVersion = 0x0105; } break; } default: { // not supported version - let's assume the PKT bytes were a coincidence _reader.BaseStream.Position = 0; break; } } }
void ReadHeader() { var headerStart = _reader.ReadBytes(3); // PKT if (Encoding.ASCII.GetString(headerStart) != "PKT") { // pkt does not have a header _reader.BaseStream.Position = 0; return; } _pktVersion = (PktVersion)_reader.ReadUInt16(); // sniff version int additionalLength; switch (_pktVersion) { case PktVersion.V2_1: SetBuild(_reader.ReadUInt16()); // client build _reader.ReadBytes(40); // session key break; case PktVersion.V2_2: _reader.ReadByte(); // sniffer id SetBuild(_reader.ReadUInt16()); // client build _reader.ReadBytes(4); // client locale _reader.ReadBytes(20); // packet key _reader.ReadBytes(64); // realm name break; case PktVersion.V3_0: { var snifferId = _reader.ReadByte(); // sniffer id SetBuild(_reader.ReadUInt32()); // client build _reader.ReadBytes(4); // client locale _reader.ReadBytes(40); // session key additionalLength = _reader.ReadInt32(); var preAdditionalPos = _reader.BaseStream.Position; _reader.ReadBytes(additionalLength); var postAdditionalPos = _reader.BaseStream.Position; if (snifferId == 10) // xyla { _reader.BaseStream.Position = preAdditionalPos; _startTime = Utilities.GetDateTimeFromUnixTime(_reader.ReadUInt32()); // start time _startTickCount = _reader.ReadUInt32(); // start tick count _reader.BaseStream.Position = postAdditionalPos; } break; } case PktVersion.V3_1: _reader.ReadByte(); // sniffer id SetBuild(_reader.ReadUInt32()); // client build _reader.ReadBytes(4); // client locale _reader.ReadBytes(40); // session key _startTime = Utilities.GetDateTimeFromUnixTime(_reader.ReadUInt32()); // start time _startTickCount = _reader.ReadUInt32(); // start tick count additionalLength = _reader.ReadInt32(); _reader.ReadBytes(additionalLength); break; default: // not supported version - let's assume the PKT bytes were a coincidence _reader.BaseStream.Position = 0; break; } }
void ReadHeader() { var headerStart = _reader.ReadBytes(3); // PKT if (Encoding.ASCII.GetString(headerStart) != "PKT") { // file does not have a header _reader.BaseStream.Position = 0; return; } _pktVersion = (PktVersion)_reader.ReadUInt16(); // sniff version int additionalLength; switch (_pktVersion) { case PktVersion.V2_1: { SetBuild(_reader.ReadUInt16()); // client build _reader.ReadBytes(40); // session key break; } case PktVersion.V2_2: { _snifferId = _reader.ReadByte(); // sniffer id SetBuild(_reader.ReadUInt16()); // client build _reader.ReadBytes(4); // client locale _reader.ReadBytes(20); // packet key _reader.ReadBytes(64); // realm name break; } case PktVersion.V3_0: { _snifferId = _reader.ReadByte(); // sniffer id SetBuild(_reader.ReadUInt32()); // client build _reader.ReadBytes(4); // client locale _reader.ReadBytes(40); // session key additionalLength = _reader.ReadInt32(); var preAdditionalPos = _reader.BaseStream.Position; _reader.ReadBytes(additionalLength); var postAdditionalPos = _reader.BaseStream.Position; if (_snifferId == 10) // xyla { _reader.BaseStream.Position = preAdditionalPos; _startTime = Utilities.GetDateTimeFromUnixTime(_reader.ReadUInt32()); // start time _startTickCount = _reader.ReadUInt32(); // start tick count _reader.BaseStream.Position = postAdditionalPos; } break; } case PktVersion.V3_1: { _snifferId = _reader.ReadByte(); // sniffer id SetBuild(_reader.ReadUInt32()); // client build _reader.ReadBytes(4); // client locale _reader.ReadBytes(40); // session key _startTime = Utilities.GetDateTimeFromUnixTime(_reader.ReadUInt32()); // start time _startTickCount = _reader.ReadUInt32(); // start tick count additionalLength = _reader.ReadInt32(); var optionalData = _reader.ReadBytes(additionalLength); if (_snifferId == 'S') // WSTC { // versions 1.5 and older store human readable sniffer description string in header // version 1.6 adds 3 bytes before that data, 0xFF separator, one byte for major version and one byte for minor version, expecting 0x0106 for 1.6 if (additionalLength >= 3 && optionalData[0] == 0xFF) { _snifferVersion = BitConverter.ToInt16(optionalData, 1); } else { _snifferVersion = 0x0105; } } break; } default: { // not supported version - let's assume the PKT bytes were a coincidence _reader.BaseStream.Position = 0; break; } } }