Beispiel #1
0
        public virtual bool TryParse(CapturedPacket capturedPacket, out IList<T> packages)
        {
            var packetsSet = GetPacketsSet(capturedPacket);

            var packets = ExtractPackets(capturedPacket, packetsSet);

            packages = new List<T>();

            foreach (var packet in packets)
            {
                var subPacket = !IsStartingPacket(packet.Bytes) ?
                    packetsSet.AddSubPacket(packet) :
                    packetsSet.AddStartingPacket(packet, ReadPacketLength(packet.Bytes));

                if (subPacket == null || !subPacket.TryParse(PacketHeaderLength, out T package))
                {
                    packetsSet.RemoveExpiredPackets();
                    continue;
                }

                packages.Add(package);
            }

            return packages.Count > 0;
        }
Beispiel #2
0
        /// <summary>
        /// Parses captured data into the packet
        /// </summary>
        /// <param name="rawCapture">Captured data</param>
        protected void ParsePacket(RawCapture rawCapture)
        {
            try
            {
                var packet = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data);

                var tcpPacket = packet.Extract <TcpPacket>();
                var ipPacket  = packet.Extract <IPPacket>();

                if (tcpPacket == null || ipPacket == null)
                {
                    return;
                }

                var matchedImporter = importers.FirstOrDefault(x => x.IsRunning && !x.IsDisabled() && x.Match(tcpPacket, ipPacket));

                if (matchedImporter == null)
                {
                    return;
                }

                var payloadData = tcpPacket.PayloadData;

                if (payloadData == null || payloadData.Length == 0)
                {
                    return;
                }

                var capturedPacket = new CapturedPacket
                {
                    Bytes            = tcpPacket.PayloadData,
                    Source           = new IPEndPoint(ipPacket.SourceAddress, tcpPacket.SourcePort),
                    Destination      = new IPEndPoint(ipPacket.DestinationAddress, tcpPacket.DestinationPort),
                    CreatedTimeStamp = rawCapture.Timeval.Date,
                    SequenceNumber   = tcpPacket.SequenceNumber
                };

                matchedImporter.AddPacket(capturedPacket);
            }
            catch (Exception e)
            {
                if (parsePacketLogErrorCounter < 5)
                {
                    LogProvider.Log.Error(this, "Failed to parse captured packet.", e);
                    parsePacketLogErrorCounter++;
                }
            }
        }
        private SubPacket <T> AddPacket(CapturedPacket capturedPacket, int expectedLength, bool isStarting)
        {
            if (processedPackets.Contains(capturedPacket.SequenceNumber))
            {
                return(null);
            }

            var subPacket = new SubPacket <T>(capturedPacket.Bytes, expectedLength, capturedPacket.CreatedTimeStamp, capturedPacket.SequenceNumber, isStarting);

            packets.Add(capturedPacket.SequenceNumber, subPacket);

            processedPackets.Add(capturedPacket.SequenceNumber);

            if (TryAssemblyPacket(out SubPacket <T> reassembliedPacket))
            {
                return(reassembliedPacket);
            }

            return(subPacket);
        }
Beispiel #4
0
        protected virtual PacketsSet<T> GetPacketsSet(CapturedPacket packet)
        {
            var sourceDestination = new SourceDestination
            {
                IPSource = packet.IPSource,
                PortSource = packet.Source.Port,
                IPDestination = packet.IPDestination,
                PortDestination = packet.Destination.Port
            };

            if (packetsBytes.TryGetValue(sourceDestination, out PacketsSet<T> packetsSet))
            {
                return packetsSet;
            }

            packetsSet = new PacketsSet<T>();

            packetsBytes.Add(sourceDestination, packetsSet);

            return packetsSet;
        }
Beispiel #5
0
        protected virtual IList<CapturedPacket> ExtractPackets(CapturedPacket packet, PacketsSet<T> packetsSet)
        {
            var packets = new List<CapturedPacket>();
            var packetLength = 0;
            var offset = 0;

            if (!IsStartingPacket(packet.Bytes))
            {
                var lengthToComplete = packetsSet.GetLengthToCompletePacket();

                if (lengthToComplete == 0 ||
                    lengthToComplete >= packet.Bytes.Length)
                {
                    packets.Add(packet);
                    return packets;
                }

                var additionalPacket = packet.Bytes.Skip(lengthToComplete).ToArray();

                if (IsStartingPacket(additionalPacket))
                {
                    packetLength = lengthToComplete;
                }
            }
            else if ((packetLength = ReadPacketLength(packet.Bytes)) >= packet.Bytes.Length || packetLength == 0)
            {
                packets.Add(packet);
                return packets;
            }

            var sequenceNumber = packet.SequenceNumber;

            while (offset < packet.Bytes.Length)
            {
                var bytes = packet.Bytes.Skip(offset).ToArray();

                if (offset != 0)
                {
                    if (!IsStartingPacket(bytes))
                    {
                        break;
                    }

                    packetLength = ReadPacketLength(bytes);
                }

                var subPacket = new CapturedPacket
                {
                    Bytes = bytes.Take(packetLength).ToArray(),
                    CreatedTimeStamp = packet.CreatedTimeStamp,
                    Destination = packet.Destination,
                    SequenceNumber = sequenceNumber++,
                    Source = packet.Source
                };

                packets.Add(subPacket);

                offset += packetLength;

                if (packetLength == 0)
                {
                    break;
                }
            }

            return packets;
        }
 public SubPacket <T> AddStartingPacket(CapturedPacket capturedPacket, int expectedLength)
 {
     return(AddPacket(capturedPacket, expectedLength, true));
 }
 public SubPacket <T> AddSubPacket(CapturedPacket capturedPacket)
 {
     return(AddPacket(capturedPacket, 0, false));
 }
 public abstract void AddPacket(CapturedPacket capturedPacket);
        public Process GetProcess(CapturedPacket capturedPacket)
        {
            var connectionProcess = connectionProcesses.FirstOrDefault(x => x.Source.Equals(capturedPacket.Source) && x.Destination.Equals(capturedPacket.Destination));

            if (connectionProcess != null && !connectionProcess.Validate())
            {
                connectionProcesses.Remove(connectionProcess);
                connectionProcess = null;
            }

            if (connectionProcess == null)
            {
                bool filterConnection(LocalConnection connection)
                {
                    return(connection.LocalAddress.Equals(capturedPacket.Source) && connection.Destination.Equals(capturedPacket.Destination) ||
                           connection.LocalAddress.Equals(capturedPacket.Destination) && connection.Destination.Equals(capturedPacket.Source));
                }

                var localConnection = localConnections.FirstOrDefault(x => filterConnection(x));

                if (localConnection == null || localConnection.ProcessId == 0)
                {
                    localConnections = NetworkUtils.GetAllTcpConnections().ToList();

                    var foundLocalConnections = localConnections.Where(x => filterConnection(x)).ToArray();

                    var processes = new HashSet <int>(Process.GetProcesses().Select(x => x.Id).Distinct());
                    localConnection = foundLocalConnections.FirstOrDefault(x => processes.Contains((int)x.ProcessId));
                }

                if (localConnection == null)
                {
                    LogProvider.Log.Info(loggerName, $"Could not find associated process for packet {capturedPacket}. Probably, the emulator was closed.");
                    return(null);
                }

                if (localConnection.ProcessId == 0)
                {
                    LogProvider.Log.Info(loggerName, $"Associated process isn't defined for packet {capturedPacket}");
                    return(null);
                }

                try
                {
                    connectionProcess = new ConnectionProcessInfo
                    {
                        Source      = capturedPacket.Source,
                        Destination = capturedPacket.Destination,
                        Process     = Process.GetProcessById((int)localConnection.ProcessId),
                        LoggerName  = loggerName
                    };

                    connectionProcesses.Add(connectionProcess);
                }
                catch (ArgumentException)
                {
                    LogProvider.Log.Error(loggerName, $"Process {localConnection.ProcessId} isn't running. Probably, the emulator was closed.");
                    return(null);
                }
                catch (Exception e)
                {
                    LogProvider.Log.Error(loggerName, "Failed to create connection process info", e);
                    return(null);
                }
            }

            return(connectionProcess.Process);
        }