/// <summary>
/// Generate a multicast MAC address based on the IP address.
/// </summary>
/// <returns>If this instance contains a valid multicast IP address, then it returns a <c>MACAddr</c> containing a multicast MAC address based on this instance, otherwise it returns a <c>MACAddr</c> containing all zeros.</returns>
public EthernetMACAddr MulticastMAC()
{
EthernetMACAddr output = new EthernetMACAddr();
if (_is_valid == true)
{
byte addr0 = _byte_list[0];
if (addr0 >= 224 && addr0 < 240)
{
output.ByteList[0] = 0x01;
output.ByteList[1] = 0x00;
output.ByteList[2] = 0x5E;
byte temp = ByteList[1];
if (temp >= 0x80)
temp -= 0x80;
output.ByteList[3] = temp;
output.ByteList[4] = ByteList[2];
output.ByteList[5] = ByteList[3];
}
}
return output;
}
/// <summary>
/// Process the Wireshark packets and determine the number of datasets
/// </summary>
/// <returns>An <c>AnalysisStatus</c> enumeration indicating whether the analysis process completed successfuly.</returns>
private Enums.AnalysisStatus ProcessWiresharkOutput()
{
Enums.AnalysisStatus status = Enums.AnalysisStatus.Success;
DateTime start_step = new DateTime();
DateTime end_step = new DateTime();
TimeSpan time_step = new TimeSpan();
WiresharkPSMLStructure psml_structure = new WiresharkPSMLStructure();
WiresharkPSMLPacket psml_packet = new WiresharkPSMLPacket();
string[] delimiters = {" ",",",":"};
int num;
double time;
EthernetMACAddr mac_src = new EthernetMACAddr();
EthernetMACAddr mac_dst = new EthernetMACAddr();
IPv4Addr ip_src = new IPv4Addr();
IPv4Addr ip_dst = new IPv4Addr();
int enip_cid = 0;
int enip_seq = 0;
string index_name;
List<string> indices_names = new List<string>();
int index;
NetworkPair pair = new NetworkPair();
JitterDatum datum = new JitterDatum();
_process_log.Add(DateTime.Now.ToString() + ": Process Wireshark Output: Started.");
start_step = DateTime.Now;
_progress.Current = _progress.Minimum;
_background_worker.ReportProgress(_progress.Current);
_tshark.Progress = _progress;
XmlReader reader = XmlReader.Create(_tshark.TemporaryFile.FullName);
XmlDocument doc = new XmlDocument();
doc.Load(reader);
XmlNodeList structure;
XmlNode root = doc.DocumentElement;
structure = root.SelectNodes("//structure");
if (structure.Count == 1)
{
XmlNode structure_node = structure.Item(0);
List<string> sections = new List<string>();
for (int i = 0; i < structure_node.ChildNodes.Count; i++)
{
sections.Add(structure_node.ChildNodes[i].InnerText);
}
int temp = sections.FindIndex(delegate(string title) { return title == psml_structure.NumberTitle; });
if (temp == -1)
status = Enums.AnalysisStatus.Error;
else
psml_structure.NumberIndex = temp;
temp = sections.FindIndex(delegate(string title) { return title == psml_structure.TimeTitle; });
if (temp == -1)
status = Enums.AnalysisStatus.Error;
else
psml_structure.TimeIndex = temp;
temp = sections.FindIndex(delegate(string title) { return title == psml_structure.SourceTitle; });
if (temp == -1)
status = Enums.AnalysisStatus.Error;
else
psml_structure.SourceIndex = temp;
temp = sections.FindIndex(delegate(string title) { return title == psml_structure.DestinationTitle; });
if (temp == -1)
status = Enums.AnalysisStatus.Error;
else
psml_structure.DestinationIndex = temp;
temp = sections.FindIndex(delegate(string title) { return title == psml_structure.ProtocolTitle; });
if (temp == -1)
status = Enums.AnalysisStatus.Error;
else
psml_structure.ProtocolIndex = temp;
temp = sections.FindIndex(delegate(string title) { return title == psml_structure.EnipCidTitle; });
if (temp == -1)
status = Enums.AnalysisStatus.Error;
else
psml_structure.EnipCidIndex = temp;
temp = sections.FindIndex(delegate(string title) { return title == psml_structure.EnipSeqTitle; });
if (temp == -1)
status = Enums.AnalysisStatus.Error;
else
psml_structure.EnipSeqIndex = temp;
temp = sections.FindIndex(delegate(string title) { return title == psml_structure.InfoTitle; });
if (temp == -1)
status = Enums.AnalysisStatus.Error;
else
psml_structure.InfoIndex = temp;
}
else
{
status = Enums.AnalysisStatus.Error;
}
if (status == Enums.AnalysisStatus.Error)
{
_process_log.Add(DateTime.Now.ToString() + ": Process Wireshark Output: Error reading structure of Wireshark PSML output.");
}
else
{
XmlNodeList packets = root.SelectNodes("//packet");
XmlNode packet;
if (packets.Count > 0)
{
_process_log.Add(DateTime.Now.ToString() + ": Process Wireshark Output: " + packets.Count + " filtered packets");
for (int i = 0; i < packets.Count; i++)
{
packet = packets[i];
psml_packet = new WiresharkPSMLPacket();
psml_packet.Number = packet.ChildNodes[psml_structure.NumberIndex].InnerText;
psml_packet.Time = packet.ChildNodes[psml_structure.TimeIndex].InnerText;
psml_packet.Source = packet.ChildNodes[psml_structure.SourceIndex].InnerText;
psml_packet.Destination = packet.ChildNodes[psml_structure.DestinationIndex].InnerText;
psml_packet.Protocol = packet.ChildNodes[psml_structure.ProtocolIndex].InnerText;
psml_packet.EnipCid = packet.ChildNodes[psml_structure.EnipCidIndex].InnerText;
psml_packet.EnipSeq = packet.ChildNodes[psml_structure.EnipSeqIndex].InnerText;
psml_packet.Info = packet.ChildNodes[psml_structure.InfoIndex].InnerText;
pair = new NetworkPair();
int.TryParse(psml_packet.Number, out num);
double.TryParse(psml_packet.Time, out time);
mac_src = new EthernetMACAddr(psml_packet.Source);
pair.MacSource = mac_src;
ip_src = new IPv4Addr(psml_packet.Source);
pair.IpSource = ip_src;
mac_dst = new EthernetMACAddr(psml_packet.Destination);
pair.MacDestination = mac_dst;
ip_dst = new IPv4Addr(psml_packet.Destination);
pair.IpDestination = ip_dst;
if (psml_packet.Protocol == "ENIP")
{
if (!string.IsNullOrEmpty(psml_packet.EnipCid))
{
// remove the extra "0x" that appears on the EtherNet/IP Connection ID
int.TryParse(psml_packet.EnipCid.Remove(0, 2), NumberStyles.HexNumber, null, out enip_cid);
pair.UseEtherNetIP = true;
pair.EtherNetIPConnID = enip_cid;
}
if (!string.IsNullOrEmpty(psml_packet.EnipSeq))
{
int.TryParse(psml_packet.EnipSeq, out enip_seq);
}
}
// Determine index for this packet
index_name = pair.ToString();
if (indices_names.Contains(index_name))
{
index = indices_names.IndexOf(index_name);
}
else
{
index = indices_names.Count;
indices_names.Add(index_name);
string comment = "IP Source == " + ip_src.ToString() + "\nIP Destination == " + ip_dst.ToString();
if (pair.UseEtherNetIP)
comment += "\nEtherNet/IP Connection ID == 0x" + enip_cid.ToString("X");
Identification new_index = new Identification(indices_names.Count, index_name, "Network Address Pair", comment);
_indices.Add(new_index);
}
datum = new JitterDatum(index, time);
_full_data.Add(datum);
_progress.Current = (int)(i / packets.Count * 100);
_background_worker.ReportProgress(_progress.Current);
}
if (_indices.Count == 1)
_process_log.Add(DateTime.Now.ToString() + ": Process Wireshark Output: " + _indices.Count + " dataset");
else
_process_log.Add(DateTime.Now.ToString() + ": Process Wireshark Output: " + _indices.Count + " datasets");
}
else
{
status = Enums.AnalysisStatus.NoPacketsCaptured;
_process_log.Add(DateTime.Now.ToString() + ": Process Wireshark Output: No packets captured that match the desired filter.");
}
}
_progress.Current = _progress.Maximum;
_background_worker.ReportProgress(_progress.Current);
end_step = DateTime.Now;
time_step = TimeSpan.FromTicks(end_step.Ticks - start_step.Ticks);
_process_log.Add(DateTime.Now.ToString() + ": Process Wireshark Output: Completed in " + time_step.TotalSeconds.ToString() + " s");
return status;
}
