Beispiel #1
0
        private static void device1_OnPacketArrival(object sender, CaptureEventArgs e)
        {
            try
            {
                Kavprot.Packets.Packet packet = Kavprot.Packets.Packet.ParsePacket(e.Packet);
                if (packet is Kavprot.Packets.EthernetPacket)
                {
                    var ip = Kavprot.Packets.IpPacket.GetEncapsulated(packet);

                    if (ip.Protocol == Kavprot.Packets.IPProtocolType.TCP)
                    {
                        TcpPacket tcp = TcpPacket.GetEncapsulated(packet);
                        if (tcp != null)
                        {
                            if (!tcp.IsValidChecksum(TransportPacket.TransportChecksumOption.None))
                            {
                                Alert.Attack("Intrusion Detected : Invalid TCP Checksum", "an intrusion was detected using TCP from " + ip.SourceAddress.ToString() + " @port " + tcp.SourcePort.ToString(), ToolTipIcon.Warning, true);
                            }
                        }
                    }
                    else if (ip.Protocol == Kavprot.Packets.IPProtocolType.UDP)
                    {
                        UdpPacket udp = UdpPacket.GetEncapsulated(packet);
                        if (udp != null)
                        {
                            if (!udp.IsValidChecksum(TransportPacket.TransportChecksumOption.None))
                            {
                                Alert.Attack("Intrusion Detected : Invalid UDP Checksum", "an intrusion was detected using UDP from " + ip.SourceAddress.ToString() + " @port " + udp.SourcePort.ToString(), ToolTipIcon.Warning, true);
                            }
                        }
                    }
                }
            }
            catch
            {
            }
            finally
            {
            }
        }