Beispiel #1
0
        public static bool Parser(byte [] PacketData,
                                  ref int Index,
                                  ref ListViewItem LItem, ref string TypeInfo,
                                  ref uint PreviousHttpSequence,
                                  ref ushort LastTftpPort)
        {
            PACKET_LLC PLlc;
            bool       IsSnap = false;

            try
            {
                PLlc.DSAP = PacketData[Index++];
                PLlc.SSAP = PacketData[Index++];
                IsSnap    = (PLlc.DSAP == Const.LLC_TYPE_SNAP) && (PLlc.SSAP == Const.LLC_TYPE_SNAP) ? true : false;

                PLlc.ControlField = (ushort)PacketData[Index++];

                if ((PLlc.ControlField & 0xfc) != Const.XDLC_U)
                {
                    PLlc.ControlField *= 256;
                    PLlc.ControlField += (ushort)PacketData[Index++];
                }

                if (IsSnap)
                {
                    PLlc.OrganizationCode = Function.Get3Bytes(PacketData, ref Index, Const.NORMAL);
                    PLlc.ProtocolId       = Function.Get2Bytes(PacketData, ref Index, Const.NORMAL);
                }

                LItem.SubItems[Const.LIST_VIEW_PROTOCOL_INDEX].Text = "LLC";
                LItem.SubItems[Const.LIST_VIEW_INFO_INDEX].Text     = "Logical link control protocol";

                PLlc.OrganizationCode = 0;

                if (IsSnap)
                {
                    switch (PLlc.OrganizationCode)
                    {
                    case Const.OUI_ENCAP_ETHER:
                    case Const.OUI_CISCO_90:
                    case Const.OUI_APPLE_ATALK:
                        //capture_ethertype(etype, pd, offset+8, len, ld);
                        //PacketETHERNET.Parser( PacketData , ref Index , ref LItem , ref PreviousHttpSequence , ref LastTftpPort );
                        break;

                    case Const.OUI_CISCO:
                        PacketCDP.Parser(PacketData, ref Index, ref LItem);
                        break;

                    default: break;
                    }
                }
                else
                {
                    // non-SNAP
                    switch (PLlc.DSAP)
                    {
                    case Const.LLCSAP_IP:
                        PacketINTERNET.Parser(PacketData, ref Index, ref LItem, ref TypeInfo, ref PreviousHttpSequence, ref LastTftpPort);
                        break;

                    case Const.LLC_TYPE_NOVELL_NETWARE:
                        TypeInfo = "IPX";
                        PacketIPX.Parser(PacketData, ref Index, ref LItem);
                        break;

                    case Const.LLC_TYPE_IBM_NETBIOS:
                        TypeInfo = "NetBIOS";
                        PacketNETBIOS.Parser(PacketData, ref Index, ref LItem);
                        break;

                    case Const.LLC_TYPE_STP:
                        PacketSTP.Parser(PacketData, ref Index, ref LItem);
                        break;

                    default:
                        break;
                    }
                }
            }
            catch
            {
                LItem.SubItems[Const.LIST_VIEW_INFO_INDEX].Text = "[ Malformed LLC packet. Remaining bytes don't fit an LLC packet. Possibly due to bad decoding ]";

                return(false);
            }

            return(true);
        }
Beispiel #2
0
        public static bool Parser(ref TreeNodeCollection mNode,
                                  byte [] PacketData,
                                  ref int Index,
                                  ref ListViewItem LItem,
                                  ref uint PreviousHttpSequence,
                                  ref ushort LastTftpPort)

        {
            TreeNode   mNodex;
            string     Tmp = "";
            PACKET_LLC PLlc;
            bool       UNFrame, IsSnap = false;
            int        kk = 0;


            mNodex      = new TreeNode();
            mNodex.Text = "LLC ( Logical Link Control Protocol )";
            kk          = Index;

            try
            {
                PLlc.DSAP = PacketData[Index++];
                Tmp       = "DSAP : " + Function.ReFormatString(PLlc.DSAP, GetLLCTypeString(PLlc.DSAP));
                mNodex.Nodes.Add(Tmp);
                Function.SetPosition(ref mNodex, Index - 1, 1, false);

                PLlc.SSAP = PacketData[Index++];
                Tmp       = "SSAP : " + Function.ReFormatString(PLlc.SSAP, GetLLCTypeString(PLlc.SSAP));
                mNodex.Nodes.Add(Tmp);
                Function.SetPosition(ref mNodex, Index - 1, 1, false);

                IsSnap = (PLlc.DSAP == Const.LLC_TYPE_SNAP) && (PLlc.SSAP == Const.LLC_TYPE_SNAP) ? true : false;

                PLlc.ControlField = (ushort)PacketData[Index++];
                UNFrame           = true;

                if ((PLlc.ControlField & Const.XDLC_U) != Const.XDLC_U)
                {
                    PLlc.ControlField *= 256;
                    PLlc.ControlField += (ushort)PacketData[Index++];
                    UNFrame            = false;
                }

                Tmp = "Control Field : " + Function.ReFormatString(PLlc.ControlField, null);
                mNodex.Nodes.Add(Tmp);
                if (UNFrame)
                {
                    Function.SetPosition(ref mNodex, Index - 1, 1, false);
                }
                else
                {
                    Function.SetPosition(ref mNodex, Index - 2, 2, false);
                }

                PLlc.OrganizationCode = 0;

                if (IsSnap)
                {
                    PLlc.OrganizationCode = Function.Get3Bytes(PacketData, ref Index, Const.NORMAL);
                    Tmp = "Organization Code : " + Function.ReFormatString(PLlc.OrganizationCode, null);
                    mNodex.Nodes.Add(Tmp);
                    Function.SetPosition(ref mNodex, Index - 3, 3, false);

                    PLlc.ProtocolId = Function.Get2Bytes(PacketData, ref Index, Const.NORMAL);
                    Tmp             = "Protocol Id : " + Function.ReFormatString(PLlc.ProtocolId, null);
                    mNodex.Nodes.Add(Tmp);
                    Function.SetPosition(ref mNodex, Index - 2, 2, false);
                }


                LItem.SubItems[Const.LIST_VIEW_PROTOCOL_INDEX].Text = "LLC";
                LItem.SubItems[Const.LIST_VIEW_INFO_INDEX].Text     = "Logical link control protocol";

                Function.SetPosition(ref mNodex, kk, Index - kk, true);
                mNode.Add(mNodex);

                if (IsSnap)
                {
                    switch (PLlc.OrganizationCode)
                    {
                    case Const.OUI_ENCAP_ETHER:
                    case Const.OUI_CISCO_90:
                    case Const.OUI_APPLE_ATALK:
                        //capture_ethertype(etype, pd, offset+8, len, ld);
                        //PacketETHERNET.Parser( ref mNode , PacketData , ref LItem , ref PreviousHttpSequence , ref LastTftpPort );
                        break;

                    case Const.OUI_CISCO:
                        PacketCDP.Parser(ref mNode, PacketData, ref Index, ref LItem);
                        break;

                    default: break;
                    }
                }
                else
                {
                    // non-SNAP
                    switch (PLlc.DSAP)
                    {
                    case Const.LLCSAP_IP:
                        PacketINTERNET.Parser(ref mNode, PacketData, ref Index, ref LItem, ref PreviousHttpSequence, ref LastTftpPort);
                        break;

                    case Const.LLC_TYPE_NOVELL_NETWARE:
                        PacketIPX.Parser(ref mNode, PacketData, ref Index, ref LItem);
                        break;

                    case Const.LLC_TYPE_IBM_NETBIOS:
                        PacketNETBIOS.Parser(ref mNode, PacketData, ref Index, ref LItem);
                        break;

                    case Const.LLC_TYPE_STP:
                        PacketSTP.Parser(ref mNode, PacketData, ref Index, ref LItem);
                        break;

                    default:
                        break;
                    }
                }
            }
            catch (Exception Ex)
            {
                mNode.Add(mNodex);
                Tmp = "[ Malformed LLC packet. Remaining bytes don't fit an LLC packet. Possibly due to bad decoding ]";
                mNode.Add(Tmp);
                Tmp = "[ Exception raised is <" + Ex.GetType().ToString() + "> at packet index <" + Index.ToString() + "> ]";
                mNode.Add(Tmp);
                LItem.SubItems[Const.LIST_VIEW_INFO_INDEX].Text = "[ Malformed LLC packet. Remaining bytes don't fit an LLC packet. Possibly due to bad decoding ]";

                return(false);
            }

            return(true);
        }