public MainForm()
{
InitializeComponent();
WriteProgramLog("打开软件");
Catch = new CatchSocket(this);
Catch.CreatPcapFile();
FilterOptionForm = new FilterForm();
DateTime dt1 = DateTime.Parse(DateTime.Now.ToShortDateString() + " 23:59:59");
DateTime dt2 = DateTime.Now;
TimeSpan ts = new TimeSpan();
ts = dt1 - dt2;
Int64 IntervalToTomorrow0 = Convert.ToInt64(ts.TotalMilliseconds + 1800000);
CreatPcapPerDay = new System.Threading.Timer(new TimerCallback(Catch.CreatPcapFilePerDay), null, IntervalToTomorrow0, IntervalToTomorrow0);
OutputDataTimer = new System.Threading.Timer(new TimerCallback(Catch.OutToPcap), null, -1, 0);
ShowTimer = new System.Threading.Timer(new TimerCallback(ShowThread.Show), null, -1, 0);
//守护进程使用,实例化Communication类
comm = new Communication();
}
public void Unpack(byte[] buf, int len, CatchSocket Pcap, bool bStatus_Signal, bool bStatus_Signaling)
{
showSignal = false;
showSignaling = false;
if (bStatus_Signal)//解析信号数据包
{
this.Pcap = Pcap;
CBTCPacketProperties = new PacketProperties(len);
CBTCPacketProperties.CaptureTime = DateTime.Now;
Unpack(buf, len);
}
if (bStatus_Signaling)//解析信令数据包
{
this.Pcap = Pcap;
byte protocol = 0;
uint version = 0;
int sourcePort = 0;
int destinationPort = 0;
protocol = buf[9];
version = (uint)((buf[0] & 0xf0) >> 4);
sourcePort = buf[20] * 256 + buf[21];
destinationPort = buf[22] * 256 + buf[23];
if ((protocol == 6) && (sourcePort == 3868 || destinationPort == 3868))//TCP-diameter (黄罡)
{
PacketProperties = new PacketProperties(len);
Array.Copy(buf, PacketProperties.Buf, len);
PacketProperties.BufLength = len;
PacketProperties.IPHeaderLength = (uint)((buf[0] & 0x0f) << 2);
PacketProperties.Version = version.ToString();
PacketProperties.OriginationPort = sourcePort.ToString();
PacketProperties.DestinationPort = destinationPort.ToString();
PacketProperties.DestinationAddress = buf[16].ToString() + "." + buf[17].ToString() + "." + buf[18].ToString() + "." + buf[19].ToString();
PacketProperties.OriginationAddress = buf[12].ToString() + "." + buf[13].ToString() + "." + buf[14].ToString() + "." + buf[15].ToString();
PacketProperties.PacketLength = (uint)len;
PacketProperties.MessageLength = PacketProperties.PacketLength - PacketProperties.IPHeaderLength;
PacketProperties.MessagePacketHex = readData.RRead(buf);//用于展示抓获报文的名称(readData.RRead(PacketBuffer))//yao
PacketProperties.PacketBuffer = readData.SourceData;
PacketProperties.protocolid = readData.protocolid;
showSignaling = true;
if (!Pause)
{
UpdateForm(PacketProperties, showSignal, showSignaling);
}
SaveToPcap_Signaling(PacketProperties);
}
else if ((protocol == 17) && (sourcePort == 2123 || destinationPort == 2123))//UDP-GTPv2 (黄罡)
{
PacketProperties = new PacketProperties(len);
Array.Copy(buf, PacketProperties.Buf, len);
PacketProperties.BufLength = len;
PacketProperties.IPHeaderLength = (uint)((buf[0] & 0x0f) << 2);
PacketProperties.Version = version.ToString();
PacketProperties.OriginationPort = sourcePort.ToString();
PacketProperties.DestinationPort = destinationPort.ToString();
PacketProperties.DestinationAddress = buf[16].ToString() + "." + buf[17].ToString() + "." + buf[18].ToString() + "." + buf[19].ToString();
PacketProperties.OriginationAddress = buf[12].ToString() + "." + buf[13].ToString() + "." + buf[14].ToString() + "." + buf[15].ToString();
PacketProperties.PacketLength = (uint)len;
PacketProperties.MessageLength = PacketProperties.PacketLength - PacketProperties.IPHeaderLength;
PacketProperties.MessagePacketHex = readData.RRead(buf); //用于展示抓获报文的名称(readData.RRead(PacketBuffer))//yao
PacketProperties.protocolid = readData.protocolid;
PacketProperties.PacketBuffer = readData.SourceData; //SourceData是去掉头部之后的数据(gtpv2去掉ip和udp头部,其他两个只去掉ip头)
showSignaling = true;
if (!Pause)
{
UpdateForm(PacketProperties, showSignal, showSignaling);
}
SaveToPcap_Signaling(PacketProperties);
}
else if (protocol == 132)
{
byte[] sctp = new byte[len - 20];
Array.Copy(buf, 20, sctp, 0, len - 20);//去除IP头部20字节
C.DeScChunk(sctp);
int PPID = C.paylaodProtocolIdentifier;
if (PPID == 18)//sctp-s1ap
{
PacketProperties = new PacketProperties(len);
Array.Copy(buf, PacketProperties.Buf, len);
if (buf[3] == PacketProperties.Buf[3])
{
byte a = 1;
}
PacketProperties.BufLength = len;
PacketProperties.IPHeaderLength = (uint)((buf[0] & 0x0f) << 2);
PacketProperties.Version = version.ToString();
PacketProperties.OriginationPort = sourcePort.ToString();
PacketProperties.DestinationPort = destinationPort.ToString();
PacketProperties.DestinationAddress = buf[16].ToString() + "." + buf[17].ToString() + "." + buf[18].ToString() + "." + buf[19].ToString();
PacketProperties.OriginationAddress = buf[12].ToString() + "." + buf[13].ToString() + "." + buf[14].ToString() + "." + buf[15].ToString();
PacketProperties.PacketLength = (uint)len;
PacketProperties.MessagePacketHex = readData.RRead(buf); //用于展示抓获报文的名称(readData.RRead(PacketBuffer))//yao
PacketProperties.protocolid = readData.protocolid;
PacketProperties.MessageLength = readData.s1apLength; //消息长度使用纯s1ap信令长度
PacketProperties.PacketBuffer = readData.SourceData;
showSignaling = true;
if (!Pause)
{
UpdateForm(PacketProperties, showSignal, showSignaling);
}
SaveToPcap_Signaling(PacketProperties);
}
else if ((PPID == 0 || PPID == 46 || PPID == 47 || PPID == 132) && ((sourcePort == 3868) || (destinationPort == 3868) || (sourcePort == 60000) || (destinationPort == 60000)))//sctp-diameter(黄罡)
{
B.DecodeSctpChunk(sctp);
if (B.IsDiameter == 1)
{
PacketProperties = new PacketProperties(len);
Array.Copy(buf, PacketProperties.Buf, len);
PacketProperties.BufLength = len;
PacketProperties.IPHeaderLength = (uint)((buf[0] & 0x0f) << 2);
PacketProperties.Version = version.ToString();
PacketProperties.OriginationPort = sourcePort.ToString();
PacketProperties.DestinationPort = destinationPort.ToString();
PacketProperties.DestinationAddress = buf[16].ToString() + "." + buf[17].ToString() + "." + buf[18].ToString() + "." + buf[19].ToString();
PacketProperties.OriginationAddress = buf[12].ToString() + "." + buf[13].ToString() + "." + buf[14].ToString() + "." + buf[15].ToString();
PacketProperties.PacketLength = (uint)len;
PacketProperties.MessageLength = PacketProperties.PacketLength - PacketProperties.IPHeaderLength;
PacketProperties.MessagePacketHex = readData.RRead(buf);//用于展示抓获报文的名称(readData.RRead(PacketBuffer))//ya
PacketProperties.protocolid = readData.protocolid;
PacketProperties.PacketBuffer = readData.SourceData;
showSignaling = true;
if (Pause)
{
UpdateForm(PacketProperties, showSignal, showSignaling);
}
SaveToPcap_Signaling(PacketProperties);
}
}
}
}//黄罡2017.4.29
}
