public void Test_Constructor ()
{
var dev = new CaptureFileReaderDevice ("../../CaptureFiles/80211_contention_free_end_frame.pcap");
dev.Open ();
var rawCapture = dev.GetNextPacket ();
dev.Close ();
Packet p = Packet.ParsePacket (rawCapture.LinkLayerType, rawCapture.Data);
ContentionFreeEndFrame frame = (ContentionFreeEndFrame)p.PayloadPacket;
Assert.AreEqual (0, frame.FrameControl.ProtocolVersion);
Assert.AreEqual (FrameControlField.FrameSubTypes.ControlCFEnd, frame.FrameControl.SubType);
Assert.IsFalse (frame.FrameControl.ToDS);
Assert.IsFalse (frame.FrameControl.FromDS);
Assert.IsFalse (frame.FrameControl.MoreFragments);
Assert.IsFalse (frame.FrameControl.Retry);
Assert.IsFalse (frame.FrameControl.PowerManagement);
Assert.IsFalse (frame.FrameControl.MoreData);
Assert.IsFalse (frame.FrameControl.Wep);
Assert.IsTrue (frame.FrameControl.Order);
Assert.AreEqual (0, frame.Duration.Field); //this need expanding on in the future
Assert.AreEqual ("FFFFFFFFFFFF", frame.ReceiverAddress.ToString ().ToUpper ());
Assert.AreEqual ("001B2FDCFC12", frame.BssId.ToString ().ToUpper ());
Assert.AreEqual (0x0AE8A403, frame.FrameCheckSequence);
Assert.AreEqual (16, frame.FrameSize);
}
public void Test_Constructor_EncryptedDataFrame()
{
var dev = new CaptureFileReaderDevice("../../CaptureFiles/80211_encrypted_data_frame.pcap");
dev.Open();
var rawCapture = dev.GetNextPacket();
dev.Close();
Packet p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data);
DataDataFrame frame = (DataDataFrame)p.PayloadPacket;
Assert.AreEqual(0, frame.FrameControl.ProtocolVersion);
Assert.AreEqual(FrameControlField.FrameSubTypes.Data, frame.FrameControl.SubType);
Assert.IsFalse(frame.FrameControl.ToDS);
Assert.IsTrue(frame.FrameControl.FromDS);
Assert.IsFalse(frame.FrameControl.MoreFragments);
Assert.IsFalse(frame.FrameControl.Retry);
Assert.IsFalse(frame.FrameControl.PowerManagement);
Assert.IsFalse(frame.FrameControl.MoreData);
Assert.IsTrue(frame.FrameControl.Wep);
Assert.IsFalse(frame.FrameControl.Order);
Assert.AreEqual(0, frame.Duration.Field); //this need expanding on in the future
Assert.AreEqual("33330000000C", frame.DestinationAddress.ToString().ToUpper());
Assert.AreEqual("00173FB72C29", frame.SourceAddress.ToString().ToUpper());
Assert.AreEqual("0024B2F8D706", frame.BssId.ToString().ToUpper());
Assert.AreEqual(0, frame.SequenceControl.FragmentNumber);
Assert.AreEqual(1561, frame.SequenceControl.SequenceNumber);
Assert.AreEqual(0xC77B6323, frame.FrameCheckSequence);
Assert.AreEqual(24, frame.FrameSize);
Assert.AreEqual(218, frame.PayloadData.Length);
}
public void Test_Constuctor_FromBeaconFrame ()
{
var dev = new CaptureFileReaderDevice ("../../CaptureFiles/80211_beacon_frame.pcap");
dev.Open ();
var rawCapture = dev.GetNextPacket ();
dev.Close ();
Packet p = Packet.ParsePacket (rawCapture.LinkLayerType, rawCapture.Data);
BeaconFrame beaconFrame = (BeaconFrame)p.PayloadPacket;
List<InformationElement> infoElements = beaconFrame.InformationElements;
Assert.AreEqual (InformationElement.ElementId.ServiceSetIdentity, infoElements [0].Id);
Assert.AreEqual (InformationElement.ElementId.SupportedRates, infoElements [1].Id);
Assert.AreEqual (InformationElement.ElementId.DsParameterSet, infoElements [2].Id);
Assert.AreEqual (InformationElement.ElementId.TrafficIndicationMap, infoElements [3].Id);
Assert.AreEqual (InformationElement.ElementId.ErpInformation, infoElements [4].Id);
Assert.AreEqual (InformationElement.ElementId.ErpInformation2, infoElements [5].Id);
Assert.AreEqual (InformationElement.ElementId.RobustSecurityNetwork, infoElements [6].Id);
Assert.AreEqual (InformationElement.ElementId.ExtendedSupportedRates, infoElements [7].Id);
Assert.AreEqual (InformationElement.ElementId.HighThroughputCapabilities, infoElements [8].Id);
Assert.AreEqual (InformationElement.ElementId.HighThroughputInformation, infoElements [9].Id);
Assert.AreEqual (InformationElement.ElementId.VendorSpecific, infoElements [10].Id);
Assert.AreEqual (InformationElement.ElementId.VendorSpecific, infoElements [11].Id);
Assert.AreEqual (InformationElement.ElementId.VendorSpecific, infoElements [12].Id);
Assert.AreEqual (InformationElement.ElementId.VendorSpecific, infoElements [13].Id);
Assert.AreEqual (InformationElement.ElementId.VendorSpecific, infoElements [14].Id);
}
public void Test_Constructor ()
{
var dev = new CaptureFileReaderDevice ("../../CaptureFiles/80211_block_acknowledgment_frame.pcap");
dev.Open ();
var rawCapture = dev.GetNextPacket ();
dev.Close ();
Packet p = Packet.ParsePacket (rawCapture.LinkLayerType, rawCapture.Data);
BlockAcknowledgmentFrame frame = (BlockAcknowledgmentFrame)p.PayloadPacket;
Assert.AreEqual (0, frame.FrameControl.ProtocolVersion);
Assert.AreEqual (FrameControlField.FrameSubTypes.ControlBlockAcknowledgment, frame.FrameControl.SubType);
Assert.IsFalse (frame.FrameControl.ToDS);
Assert.IsFalse (frame.FrameControl.FromDS);
Assert.IsFalse (frame.FrameControl.MoreFragments);
Assert.IsFalse (frame.FrameControl.Retry);
Assert.IsFalse (frame.FrameControl.PowerManagement);
Assert.IsFalse (frame.FrameControl.MoreData);
Assert.IsFalse (frame.FrameControl.Wep);
Assert.IsFalse (frame.FrameControl.Order);
Assert.AreEqual (0, frame.Duration.Field); //this need expanding on in the future
Assert.AreEqual ("0024B2F8D706", frame.ReceiverAddress.ToString ().ToUpper ());
Assert.AreEqual ("7CC5376D16E7", frame.TransmitterAddress.ToString ().ToUpper ());
Assert.AreEqual (BlockAcknowledgmentControlField.AcknowledgementPolicy.Delayed, frame.BlockAcknowledgmentControl.Policy);
Assert.IsFalse (frame.BlockAcknowledgmentControl.MultiTid);
Assert.IsTrue (frame.BlockAcknowledgmentControl.CompressedBitmap);
Assert.AreEqual (0, frame.BlockAcknowledgmentControl.Tid);
Assert.AreEqual (0, frame.BlockAckStartingSequenceControl);
Assert.AreEqual (8, frame.BlockAckBitmap.Length);
Assert.AreEqual (0x9BB909C2, frame.FrameCheckSequence);
Assert.AreEqual (28, frame.FrameSize);
}
public void ICMPv4Parsing ()
{
var dev = new CaptureFileReaderDevice("../../CaptureFiles/ICMPv4.pcap");
dev.Open();
var rawCapture = dev.GetNextPacket();
dev.Close();
// Parse an icmp request
Packet p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data);
Assert.IsNotNull(p);
var icmp = ICMPv4Packet.GetEncapsulated(p);
Console.WriteLine(icmp.GetType());
Assert.AreEqual(ICMPv4TypeCodes.EchoRequest, icmp.TypeCode);
Assert.AreEqual(0xe05b, icmp.Checksum);
Assert.AreEqual(0x0200, icmp.ID);
Assert.AreEqual(0x6b00, icmp.Sequence);
// check that the message matches
string expectedString = "abcdefghijklmnopqrstuvwabcdefghi";
byte[] expectedData = System.Text.ASCIIEncoding.ASCII.GetBytes(expectedString);
Assert.AreEqual(expectedData, icmp.Data);
}
public void IPv6PacketTestParsing()
{
var dev = new CaptureFileReaderDevice("../../CaptureFiles/ipv6_icmpv6_packet.pcap");
dev.Open();
RawCapture rawCapture;
int packetIndex = 0;
while((rawCapture = dev.GetNextPacket()) != null)
{
var p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data);
Console.WriteLine("got packet");
switch(packetIndex)
{
case 0:
VerifyPacket0(p, rawCapture);
break;
default:
Assert.Fail("didn't expect to get to packetIndex " + packetIndex);
break;
}
packetIndex++;
}
dev.Close();
}
public void ReadingPacketsFromFile ()
{
var dev = new CaptureFileReaderDevice ("../../CaptureFiles/80211_per_packet_information.pcap");
dev.Open ();
var rawCapture = dev.GetNextPacket ();
dev.Close ();
PpiPacket p = Packet.ParsePacket (rawCapture.LinkLayerType, rawCapture.Data) as PpiPacket;
Assert.IsNotNull (p);
Assert.AreEqual (0, p.Version);
Assert.AreEqual (32, p.Length);
Assert.AreEqual (1, p.Count);
PpiCommon commonField = p.FindFirstByType(PpiFieldType.PpiCommon) as PpiCommon;
Assert.AreEqual (PpiFieldType.PpiCommon, commonField.FieldType);
Assert.AreEqual (0, commonField.TSFTimer);
Assert.IsTrue ((commonField.Flags & PpiCommon.CommonFlags.FcsIncludedInFrame) == PpiCommon.CommonFlags.FcsIncludedInFrame);
Assert.AreEqual (2, commonField.Rate);
Assert.AreEqual (2437, commonField.ChannelFrequency);
Assert.AreEqual (0x00A0, (int) commonField.ChannelFlags);
Assert.AreEqual (0, commonField.FhssHopset);
Assert.AreEqual (0, commonField.FhssPattern);
Assert.AreEqual (-84, commonField.AntennaSignalPower);
Assert.AreEqual (-100, commonField.AntennaSignalNoise);
MacFrame macFrame = p.PayloadPacket as MacFrame;
Assert.AreEqual(FrameControlField.FrameSubTypes.ControlCTS, macFrame.FrameControl.SubType);
Assert.IsTrue(macFrame.AppendFcs);
}
public void Test_Constructor()
{
var dev = new CaptureFileReaderDevice("../../CaptureFiles/80211_qos_null_data_frame.pcap");
dev.Open();
var rawCapture = dev.GetNextPacket();
dev.Close();
Packet p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data);
QosNullDataFrame frame = (QosNullDataFrame)p.PayloadPacket;
Assert.AreEqual(0, frame.FrameControl.ProtocolVersion);
Assert.AreEqual(FrameControlField.FrameSubTypes.QosNullData, frame.FrameControl.SubType);
Assert.IsFalse(frame.FrameControl.ToDS);
Assert.IsTrue(frame.FrameControl.FromDS);
Assert.IsFalse(frame.FrameControl.MoreFragments);
Assert.IsFalse(frame.FrameControl.Retry);
Assert.IsFalse(frame.FrameControl.PowerManagement);
Assert.IsFalse(frame.FrameControl.MoreData);
Assert.IsFalse(frame.FrameControl.Wep);
Assert.IsFalse(frame.FrameControl.Order);
Assert.AreEqual(314, frame.Duration.Field);
Assert.AreEqual("78ACC00A5E0E", frame.DestinationAddress.ToString().ToUpper());
Assert.AreEqual("00223FC1F378", frame.BssId.ToString().ToUpper());
Assert.AreEqual("00223FC1F378", frame.SourceAddress.ToString().ToUpper());
Assert.AreEqual(0, frame.SequenceControl.FragmentNumber);
Assert.AreEqual(2292, frame.SequenceControl.SequenceNumber);
Assert.AreEqual(0x00, frame.QosControl);
Assert.AreEqual(0xDBF2B119, frame.FrameCheckSequence);
Assert.AreEqual(26, frame.FrameSize);
}
public void Test_Constructor_AddBlockAckResponseReport ()
{
var dev = new CaptureFileReaderDevice ("../../CaptureFiles/80211_block_ack_response_action_frame.pcap");
dev.Open ();
var rawCapture = dev.GetNextPacket ();
dev.Close ();
Packet p = Packet.ParsePacket (rawCapture.LinkLayerType, rawCapture.Data);
ActionFrame frame = (ActionFrame)p.PayloadPacket;
Assert.AreEqual (0, frame.FrameControl.ProtocolVersion);
Assert.AreEqual (FrameControlField.FrameSubTypes.ManagementAction, frame.FrameControl.SubType);
Assert.IsFalse (frame.FrameControl.ToDS);
Assert.IsFalse (frame.FrameControl.FromDS);
Assert.IsFalse (frame.FrameControl.MoreFragments);
Assert.IsFalse (frame.FrameControl.Retry);
Assert.IsFalse (frame.FrameControl.PowerManagement);
Assert.IsFalse (frame.FrameControl.MoreData);
Assert.IsFalse (frame.FrameControl.Wep);
Assert.IsFalse (frame.FrameControl.Order);
Assert.AreEqual (314, frame.Duration.Field); //this need expanding on in the future
Assert.AreEqual ("0024B2F8D706", frame.DestinationAddress.ToString ().ToUpper ());
Assert.AreEqual ("7CC5376D16E7", frame.SourceAddress.ToString ().ToUpper ());
Assert.AreEqual ("0024B2F8D706", frame.BssId.ToString ().ToUpper ());
Assert.AreEqual (0, frame.SequenceControl.FragmentNumber);
Assert.AreEqual (3826, frame.SequenceControl.SequenceNumber);
Assert.AreEqual (0x6D3FCFA3, frame.FrameCheckSequence);
Assert.AreEqual (24, frame.FrameSize);
Assert.AreEqual (9, frame.PayloadData.Length);
}
public void Test_Constructor ()
{
var dev = new CaptureFileReaderDevice ("../../CaptureFiles/80211_probe_request_frame.pcap");
dev.Open ();
var rawCapture = dev.GetNextPacket ();
dev.Close ();
Packet p = Packet.ParsePacket (rawCapture.LinkLayerType, rawCapture.Data);
ProbeRequestFrame frame = (ProbeRequestFrame)p.PayloadPacket;
Assert.AreEqual (0, frame.FrameControl.ProtocolVersion);
Assert.AreEqual (FrameControlField.FrameSubTypes.ManagementProbeRequest, frame.FrameControl.SubType);
Assert.IsFalse (frame.FrameControl.ToDS);
Assert.IsFalse (frame.FrameControl.FromDS);
Assert.IsFalse (frame.FrameControl.MoreFragments);
Assert.IsFalse (frame.FrameControl.Retry);
Assert.IsFalse (frame.FrameControl.PowerManagement);
Assert.IsFalse (frame.FrameControl.MoreData);
Assert.IsFalse (frame.FrameControl.Wep);
Assert.IsFalse (frame.FrameControl.Order);
Assert.AreEqual (0, frame.Duration.Field); //this need expanding on in the future
Assert.AreEqual ("FFFFFFFFFFFF", frame.DestinationAddress.ToString ().ToUpper ());
Assert.AreEqual ("0020008AB749", frame.SourceAddress.ToString ().ToUpper ());
Assert.AreEqual ("FFFFFFFFFFFF", frame.BssId.ToString ().ToUpper ());
Assert.AreEqual (0, frame.SequenceControl.FragmentNumber);
Assert.AreEqual (234, frame.SequenceControl.SequenceNumber);
Assert.AreEqual (0xD83CB03D, frame.FrameCheckSequence);
Assert.AreEqual (45, frame.FrameSize);
}
public void WakeOnLanParsing()
{
var dev = new CaptureFileReaderDevice("../../CaptureFiles/wol.pcap");
dev.Open();
RawCapture rawCapture;
int packetIndex = 0;
while((rawCapture = dev.GetNextPacket()) != null)
{
var p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data);
Assert.IsNotNull(p);
var wol = PacketDotNet.WakeOnLanPacket.GetEncapsulated(p);
Assert.IsNotNull(p);
if(packetIndex == 0)
Assert.AreEqual(wol.DestinationMAC, PhysicalAddress.Parse("00-0D-56-DC-9E-35"));
if(packetIndex == 3)
Assert.AreEqual(wol.DestinationMAC, PhysicalAddress.Parse("00-90-27-85-CF-01"));
packetIndex++;
}
dev.Close();
}
public void UDPData()
{
RawCapture rawCapture;
UdpPacket u;
Packet p;
var dev = new CaptureFileReaderDevice("../../CaptureFiles/udp_dns_request_response.pcap");
dev.Open();
// check the first packet
rawCapture = dev.GetNextPacket();
p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data);
Assert.IsNotNull(p);
u = (UdpPacket)p.Extract(typeof(UdpPacket));
Assert.IsNotNull(u, "Expected a non-null UdpPacket");
Assert.AreEqual(41 - u.Header.Length,
u.PayloadData.Length, "UDPData.Length mismatch");
// check the second packet
rawCapture = dev.GetNextPacket();
p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data);
Assert.IsNotNull(p);
u = (UdpPacket)p.Extract(typeof(UdpPacket));
Assert.IsNotNull(u, "Expected u to be a UdpPacket");
Assert.AreEqual(356 - u.Header.Length,
u.PayloadData.Length, "UDPData.Length mismatch");
Console.WriteLine("u is {0}", u.ToString());
dev.Close();
}
public void Test_Constructor ()
{
var dev = new CaptureFileReaderDevice ("../../CaptureFiles/80211_null_data_frame.pcap");
dev.Open ();
var rawCapture = dev.GetNextPacket ();
dev.Close ();
Packet p = Packet.ParsePacket (rawCapture.LinkLayerType, rawCapture.Data);
NullDataFrame frame = (NullDataFrame)p.PayloadPacket;
Assert.AreEqual (0, frame.FrameControl.ProtocolVersion);
Assert.AreEqual (FrameControlField.FrameSubTypes.DataNullFunctionNoData, frame.FrameControl.SubType);
Assert.IsTrue (frame.FrameControl.ToDS);
Assert.IsFalse (frame.FrameControl.FromDS);
Assert.IsFalse (frame.FrameControl.MoreFragments);
Assert.IsFalse (frame.FrameControl.Retry);
Assert.IsFalse (frame.FrameControl.PowerManagement);
Assert.IsFalse (frame.FrameControl.MoreData);
Assert.IsFalse (frame.FrameControl.Wep);
Assert.IsFalse (frame.FrameControl.Order);
Assert.AreEqual (314, frame.Duration.Field); //this need expanding on in the future
Assert.AreEqual ("001B2F02DC6C", frame.DestinationAddress.ToString ().ToUpper ());
Assert.AreEqual ("2477030C721C", frame.SourceAddress.ToString ().ToUpper ());
Assert.AreEqual ("001B2F02DC6C", frame.BssId.ToString ().ToUpper ());
Assert.AreEqual (0, frame.SequenceControl.FragmentNumber);
Assert.AreEqual (1245, frame.SequenceControl.SequenceNumber);
Assert.AreEqual (0x8DAD458C, frame.FrameCheckSequence);
Assert.AreEqual (24, frame.FrameSize);
}
public void Test_Constructor ()
{
var dev = new CaptureFileReaderDevice ("../../CaptureFiles/80211_ack_frame.pcap");
dev.Open ();
var rawCapture = dev.GetNextPacket ();
dev.Close ();
Packet p = Packet.ParsePacket (rawCapture.LinkLayerType, rawCapture.Data);
AckFrame frame = (AckFrame)p.PayloadPacket;
Assert.AreEqual (0, frame.FrameControl.ProtocolVersion);
Assert.AreEqual (FrameControlField.FrameSubTypes.ControlACK, frame.FrameControl.SubType);
Assert.IsFalse (frame.FrameControl.ToDS);
Assert.IsFalse (frame.FrameControl.FromDS);
Assert.IsFalse (frame.FrameControl.MoreFragments);
Assert.IsFalse (frame.FrameControl.Retry);
Assert.IsFalse (frame.FrameControl.PowerManagement);
Assert.IsFalse (frame.FrameControl.MoreData);
Assert.IsFalse (frame.FrameControl.Wep);
Assert.IsFalse (frame.FrameControl.Order);
Assert.AreEqual (0, frame.Duration.Field); //this need expanding on in the future
Assert.AreEqual ("F8DB7F491342", frame.ReceiverAddress.ToString ().ToUpper ());
Assert.AreEqual (0xD2F5BE07, frame.FrameCheckSequence);
Assert.AreEqual (10, frame.FrameSize);
}
public void Test_Constructor()
{
var dev = new CaptureFileReaderDevice("../../CaptureFiles/80211_authentication_frame.pcap");
dev.Open();
var rawCapture = dev.GetNextPacket();
dev.Close();
Packet p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data);
AuthenticationFrame frame = (AuthenticationFrame)p.PayloadPacket;
Assert.AreEqual(0, frame.FrameControl.ProtocolVersion);
Assert.AreEqual(FrameControlField.FrameSubTypes.ManagementAuthentication, frame.FrameControl.SubType);
Assert.IsFalse(frame.FrameControl.ToDS);
Assert.IsFalse(frame.FrameControl.FromDS);
Assert.IsFalse(frame.FrameControl.MoreFragments);
Assert.IsFalse(frame.FrameControl.Retry);
Assert.IsFalse(frame.FrameControl.PowerManagement);
Assert.IsFalse(frame.FrameControl.MoreData);
Assert.IsFalse(frame.FrameControl.Wep);
Assert.IsFalse(frame.FrameControl.Order);
Assert.AreEqual(248, frame.Duration.Field); //this need expanding on in the future
Assert.AreEqual("0024B2F8D706", frame.DestinationAddress.ToString().ToUpper());
Assert.AreEqual("00173FB72C29", frame.SourceAddress.ToString().ToUpper());
Assert.AreEqual("0024B2F8D706", frame.BssId.ToString().ToUpper());
Assert.AreEqual(0, frame.SequenceControl.FragmentNumber);
Assert.AreEqual(1327, frame.SequenceControl.SequenceNumber);
Assert.AreEqual(0, frame.AuthenticationAlgorithmNumber);
Assert.AreEqual(1, frame.AuthenticationAlgorithmTransactionSequenceNumber);
Assert.AreEqual(AuthenticationStatusCode.Success, frame.StatusCode);
Assert.AreEqual(0x4AE3E90F, frame.FrameCheckSequence);
Assert.AreEqual(30, frame.FrameSize);
}
public void Test_Constructor ()
{
var dev = new CaptureFileReaderDevice ("../../CaptureFiles/80211_disassociation_frame.pcap");
dev.Open ();
var rawCapture = dev.GetNextPacket ();
dev.Close ();
Packet p = Packet.ParsePacket (rawCapture.LinkLayerType, rawCapture.Data);
DisassociationFrame frame = (DisassociationFrame)p.PayloadPacket;
Assert.AreEqual (0, frame.FrameControl.ProtocolVersion);
Assert.AreEqual (FrameControlField.FrameSubTypes.ManagementDisassociation, frame.FrameControl.SubType);
Assert.IsFalse (frame.FrameControl.ToDS);
Assert.IsFalse (frame.FrameControl.FromDS);
Assert.IsFalse (frame.FrameControl.MoreFragments);
Assert.IsFalse (frame.FrameControl.Retry);
Assert.IsFalse (frame.FrameControl.PowerManagement);
Assert.IsFalse (frame.FrameControl.MoreData);
Assert.IsFalse (frame.FrameControl.Wep);
Assert.IsFalse (frame.FrameControl.Order);
Assert.AreEqual (248, frame.Duration.Field); //this need expanding on in the future
Assert.AreEqual ("0024B2F8D706", frame.DestinationAddress.ToString ().ToUpper ());
Assert.AreEqual ("00173FB72C29", frame.SourceAddress.ToString ().ToUpper ());
Assert.AreEqual ("0024B2F8D706", frame.BssId.ToString ().ToUpper ());
Assert.AreEqual (0, frame.SequenceControl.FragmentNumber);
Assert.AreEqual (1311, frame.SequenceControl.SequenceNumber);
Assert.AreEqual (ReasonCode.LeavingToRoam, frame.Reason);
Assert.AreEqual (0xB17572A4, frame.FrameCheckSequence);
Assert.AreEqual (26, frame.FrameSize);
}
public static void Main (string[] args)
{
string ver = SharpPcap.Version.VersionString;
/* Print SharpPcap version */
Console.WriteLine("SharpPcap {0}, ReadingCaptureFile", ver);
Console.WriteLine();
Console.WriteLine();
// read the file from stdin or from the command line arguments
string capFile;
if(args.Length == 0)
{
Console.Write("-- Please enter an input capture file name: ");
capFile = Console.ReadLine();
} else
{
// use the first argument as the filename
capFile = args[0];
}
Console.WriteLine("opening '{0}'", capFile);
ICaptureDevice device;
try
{
// Get an offline device
device = new CaptureFileReaderDevice( capFile );
// Open the device
device.Open();
}
catch(Exception e)
{
Console.WriteLine("Caught exception when opening file" + e.ToString());
return;
}
// Register our handler function to the 'packet arrival' event
device.OnPacketArrival +=
new PacketArrivalEventHandler( device_OnPacketArrival );
Console.WriteLine();
Console.WriteLine
("-- Capturing from '{0}', hit 'Ctrl-C' to exit...",
capFile);
// Start capture 'INFINTE' number of packets
// This method will return when EOF reached.
device.Capture();
// Close the pcap device
device.Close();
Console.WriteLine("-- End of file reached.");
Console.Write("Hit 'Enter' to exit...");
Console.ReadLine();
}
public void ReadingRawPacketWithoutFcs ()
{
var dev = new CaptureFileReaderDevice ("../../CaptureFiles/80211_raw_without_fcs.pcap");
dev.Open ();
var rawCapture = dev.GetNextPacket ();
dev.Close ();
Packet p = Packet.ParsePacket (rawCapture.LinkLayerType, rawCapture.Data);
Assert.IsNotNull (p);
}
public void ReadPacketWithInvalidFcs ()
{
var dev = new CaptureFileReaderDevice ("../../CaptureFiles/80211_ppi_fcs_present_and_invalid.pcap");
dev.Open ();
var rawCapture = dev.GetNextPacket ();
dev.Close ();
PpiPacket p = Packet.ParsePacket (rawCapture.LinkLayerType, rawCapture.Data) as PpiPacket;
//The packet is corrupted in such a way that the type field has been changed
//to a reserved/unused type. Therefore we don't expect there to be a packet
Assert.IsNull (p.PayloadPacket);
Assert.IsNotNull(p.PayloadData);
}
public void ReadPacketWithNoFcs()
{
var dev = new CaptureFileReaderDevice ("../../CaptureFiles/80211_radio_without_fcs.pcap");
dev.Open ();
var rawCapture = dev.GetNextPacket ();
dev.Close ();
RadioPacket p = Packet.ParsePacket (rawCapture.LinkLayerType, rawCapture.Data) as RadioPacket;
Assert.IsNotNull (p.PayloadPacket);
TsftRadioTapField tsftField = p[RadioTapType.Tsft] as TsftRadioTapField;
Assert.IsNotNull(tsftField);
Assert.AreEqual(38724775, tsftField.TimestampUsec);
FlagsRadioTapField flagsField = p[RadioTapType.Flags] as FlagsRadioTapField;
Assert.IsNotNull(flagsField);
Assert.AreEqual(0, (int)flagsField.Flags);
RateRadioTapField rateField = p[RadioTapType.Rate] as RateRadioTapField;
Assert.IsNotNull(rateField);
Assert.AreEqual(1, rateField.RateMbps);
ChannelRadioTapField channelField = p[RadioTapType.Channel] as ChannelRadioTapField;
Assert.IsNotNull(channelField);
Assert.AreEqual(2462, channelField.FrequencyMHz);
Assert.AreEqual(11, channelField.Channel);
Assert.AreEqual(RadioTapChannelFlags.Channel2Ghz | RadioTapChannelFlags.Cck, channelField.Flags);
DbmAntennaSignalRadioTapField dbmSignalField = p[RadioTapType.DbmAntennaSignal] as DbmAntennaSignalRadioTapField;
Assert.IsNotNull(dbmSignalField);
Assert.AreEqual(-61, dbmSignalField.AntennaSignalDbm);
DbmAntennaNoiseRadioTapField dbmNoiseField = p[RadioTapType.DbmAntennaNoise] as DbmAntennaNoiseRadioTapField;
Assert.IsNotNull(dbmNoiseField);
Assert.AreEqual(-84, dbmNoiseField.AntennaNoisedBm);
AntennaRadioTapField antennaField = p[RadioTapType.Antenna] as AntennaRadioTapField;
Assert.IsNotNull(antennaField);
Assert.AreEqual(0, antennaField.Antenna);
DbAntennaSignalRadioTapField dbSignalField = p[RadioTapType.DbAntennaSignal] as DbAntennaSignalRadioTapField;
Assert.IsNotNull(dbSignalField);
Assert.AreEqual(23, dbSignalField.SignalStrengthdB);
MacFrame macFrame = p.PayloadPacket as MacFrame;
Assert.IsFalse(macFrame.AppendFcs);
Assert.IsFalse(macFrame.FCSValid);
}
public void PrintVerboseString()
{
Console.WriteLine("Loading the sample capture file");
var dev = new CaptureFileReaderDevice("../../CaptureFiles/PPPoEPPP.pcap");
dev.Open();
Console.WriteLine("Reading packet data");
dev.GetNextPacket();
var rawCapture = dev.GetNextPacket();
dev.Close();
var p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data);
Console.WriteLine("Parsing");
var ppp = PPPPacket.GetEncapsulated(p);
Console.WriteLine("Printing human readable string");
Console.WriteLine(ppp.ToString(StringOutputType.Verbose));
}
public void FCSTest ()
{
var dev = new CaptureFileReaderDevice ("../../CaptureFiles/80211_association_request_frame.pcap");
dev.Open ();
var rawCapture = dev.GetNextPacket ();
dev.Close ();
// check that the fcs can be calculated correctly
Packet p = Packet.ParsePacket (rawCapture.LinkLayerType, rawCapture.Data);
AssociationRequestFrame frame = (AssociationRequestFrame)p.PayloadPacket;
Assert.AreEqual (0xde82c216, frame.FrameCheckSequence, "FCS mismatch");
Assert.IsTrue (frame.FCSValid);
// adjust the fcs of the packet and check that the FCSValid property returns false
frame.FrameCheckSequence = 0x1;
Assert.IsFalse (frame.FCSValid);
}
public void Test_NoFCS ()
{
var dev = new CaptureFileReaderDevice ("../../CaptureFiles/80211_beacon_no_fcs.pcap");
dev.Open ();
RawCapture rawCapture;
while ((rawCapture = dev.GetNextPacket ()) != null)
{
Packet p = Packet.ParsePacket (rawCapture.LinkLayerType, rawCapture.Data);
Assert.IsNotNull (p.PayloadPacket);
}
// check that the fcs can be calculated correctly
dev.Close ();
}
public void IpPacketFields()
{
var dev = new CaptureFileReaderDevice("../../CaptureFiles/tcp.pcap");
dev.Open();
var rawCapture = dev.GetNextPacket();
dev.Close();
Packet p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data);
Assert.IsNotNull(p);
var ip = (IpPacket)p.Extract(typeof(IpPacket));
Console.WriteLine(ip.GetType());
Assert.AreEqual(20, ip.Header.Length, "Header.Length doesn't match expected length");
Console.WriteLine(ip.ToString());
}
public void PrintString()
{
Console.WriteLine("Loading the sample capture file");
var dev = new CaptureFileReaderDevice("../../CaptureFiles/PPPoEPPP.pcap");
dev.Open();
Console.WriteLine("Reading packet data");
dev.GetNextPacket();
var rawCapture = dev.GetNextPacket();
dev.Close();
var p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data);
Console.WriteLine("Parsing");
var ppp = (PPPPacket)p.Extract (typeof(PPPPacket));
Console.WriteLine("Printing human readable string");
Console.WriteLine(ppp.ToString());
}
public void Test_Constructor ()
{
var dev = new CaptureFileReaderDevice ("../../CaptureFiles/80211_probe_response_frame.pcap");
dev.Open ();
var rawCapture = dev.GetNextPacket ();
dev.Close ();
Packet p = Packet.ParsePacket (rawCapture.LinkLayerType, rawCapture.Data);
ProbeResponseFrame frame = (ProbeResponseFrame)p.PayloadPacket;
Assert.AreEqual (0, frame.FrameControl.ProtocolVersion);
Assert.AreEqual (FrameControlField.FrameSubTypes.ManagementProbeResponse, frame.FrameControl.SubType);
Assert.IsFalse (frame.FrameControl.ToDS);
Assert.IsFalse (frame.FrameControl.FromDS);
Assert.IsFalse (frame.FrameControl.MoreFragments);
Assert.IsTrue (frame.FrameControl.Retry);
Assert.IsFalse (frame.FrameControl.PowerManagement);
Assert.IsFalse (frame.FrameControl.MoreData);
Assert.IsFalse (frame.FrameControl.Wep);
Assert.IsFalse (frame.FrameControl.Order);
Assert.AreEqual (314, frame.Duration.Field); //this need expanding on in the future
Assert.AreEqual ("0020008AB749", frame.DestinationAddress.ToString ().ToUpper ());
Assert.AreEqual ("00223FCD9C26", frame.SourceAddress.ToString ().ToUpper ());
Assert.AreEqual ("00223FCD9C26", frame.BssId.ToString ().ToUpper ());
Assert.AreEqual (0, frame.SequenceControl.FragmentNumber);
Assert.AreEqual (1468, frame.SequenceControl.SequenceNumber);
Assert.AreEqual (0x0000047A44EF1DE0, frame.Timestamp);
Assert.AreEqual (100, frame.BeaconInterval);
Assert.IsTrue (frame.CapabilityInformation.IsEss);
Assert.IsFalse (frame.CapabilityInformation.IsIbss);
Assert.IsFalse (frame.CapabilityInformation.CfPollable);
Assert.IsFalse (frame.CapabilityInformation.CfPollRequest);
Assert.IsTrue (frame.CapabilityInformation.Privacy);
Assert.IsFalse (frame.CapabilityInformation.ShortPreamble);
Assert.IsFalse (frame.CapabilityInformation.Pbcc);
Assert.IsFalse (frame.CapabilityInformation.ChannelAgility);
Assert.IsTrue (frame.CapabilityInformation.ShortTimeSlot);
Assert.IsFalse (frame.CapabilityInformation.DssOfdm);
Assert.AreEqual (0x257202BE, frame.FrameCheckSequence);
Assert.AreEqual (164, frame.FrameSize);
}
public virtual void Checksum()
{
var dev = new CaptureFileReaderDevice("../../CaptureFiles/tcp.pcap");
dev.Open();
var rawCapture = dev.GetNextPacket();
var p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data);
Assert.IsNotNull(p);
Console.WriteLine(p.GetType());
var t = TcpPacket.GetEncapsulated(p);
Assert.IsNotNull(t, "Expected t to not be null");
Console.WriteLine("Checksum: " + t.Checksum.ToString("X"));
Assert.IsTrue(t.ValidChecksum, "ValidChecksum indicates invalid checksum");
dev.Close();
}
public void Test_Constructor ()
{
var dev = new CaptureFileReaderDevice ("../../CaptureFiles/80211_association_response_frame.pcap");
dev.Open ();
var rawCapture = dev.GetNextPacket ();
dev.Close ();
Packet p = Packet.ParsePacket (rawCapture.LinkLayerType, rawCapture.Data);
AssociationResponseFrame frame = (AssociationResponseFrame)p.PayloadPacket;
Assert.AreEqual (0, frame.FrameControl.ProtocolVersion);
Assert.AreEqual (FrameControlField.FrameSubTypes.ManagementAssociationResponse, frame.FrameControl.SubType);
Assert.IsFalse (frame.FrameControl.ToDS);
Assert.IsFalse (frame.FrameControl.FromDS);
Assert.IsFalse (frame.FrameControl.MoreFragments);
Assert.IsFalse (frame.FrameControl.Retry);
Assert.IsFalse (frame.FrameControl.PowerManagement);
Assert.IsFalse (frame.FrameControl.MoreData);
Assert.IsFalse (frame.FrameControl.Wep);
Assert.IsFalse (frame.FrameControl.Order);
Assert.AreEqual (314, frame.Duration.Field); //this need expanding on in the future
Assert.AreEqual ("00173FB72C29", frame.DestinationAddress.ToString ().ToUpper ());
Assert.AreEqual ("0024B2F8D706", frame.SourceAddress.ToString ().ToUpper ());
Assert.AreEqual ("0024B2F8D706", frame.BssId.ToString ().ToUpper ());
Assert.AreEqual (0, frame.SequenceControl.FragmentNumber);
Assert.AreEqual (958, frame.SequenceControl.SequenceNumber);
Assert.IsTrue (frame.CapabilityInformation.IsEss);
Assert.IsFalse (frame.CapabilityInformation.IsIbss);
Assert.IsFalse (frame.CapabilityInformation.CfPollable);
Assert.IsFalse (frame.CapabilityInformation.CfPollRequest);
Assert.IsTrue (frame.CapabilityInformation.Privacy);
Assert.IsFalse (frame.CapabilityInformation.ShortPreamble);
Assert.IsFalse (frame.CapabilityInformation.Pbcc);
Assert.IsFalse (frame.CapabilityInformation.ChannelAgility);
Assert.IsTrue (frame.CapabilityInformation.ShortTimeSlot);
Assert.IsFalse (frame.CapabilityInformation.DssOfdm);
Assert.AreEqual (AuthenticationStatusCode.Success, frame.StatusCode);
Assert.AreEqual (2, frame.AssociationId);
Assert.AreEqual (0xC61ACCD6, frame.FrameCheckSequence);
Assert.AreEqual (3, frame.InformationElements.Count);
Assert.AreEqual (57, frame.FrameSize);
}
public void ICMPv6Parsing ()
{
var dev = new CaptureFileReaderDevice("../../CaptureFiles/ipv6_icmpv6_packet.pcap");
dev.Open();
var rawCapture = dev.GetNextPacket();
dev.Close();
Packet p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data);
Assert.IsNotNull(p);
var icmp = (ICMPv6Packet)p.Extract(typeof(ICMPv6Packet));
Console.WriteLine(icmp.GetType());
Assert.AreEqual(ICMPv6Types.RouterSolicitation, icmp.Type);
Assert.AreEqual(0, icmp.Code);
Assert.AreEqual(0x5d50, icmp.Checksum);
// Payload differs based on the icmp.Type field
}
public void IpPacket_WhenGettingPacketFragment_LeavesPacketAsPayload()
{
// Arrange
var dev = new CaptureFileReaderDevice("../../CaptureFiles/udp-ip-fragmented.pcap");
dev.Open();
var firstRawPacket = dev.GetNextPacket();
var secondRawPacket = dev.GetNextPacket();
dev.Close();
// Act
Packet.ParsePacket(firstRawPacket.LinkLayerType, firstRawPacket.Data); // read and discard first packet
var secondPacket = Packet.ParsePacket(secondRawPacket.LinkLayerType, secondRawPacket.Data);
var ipFragmentPacket = secondPacket.Extract(typeof(IpPacket)) as IpPacket;
// Assert
Assert.IsNotNull(ipFragmentPacket, "The second packet should contain an IP packet within");
Assert.IsNull(ipFragmentPacket.PayloadPacket, "Since packet is IP fragment, we should not have extracted a child packet");
Assert.AreEqual(497, ipFragmentPacket.PayloadLength, "The correct payload length for this particular packet should be 497");
Assert.AreEqual(497, ipFragmentPacket.PayloadData.Length, "The correct payload length for this particular packet should be 497");
}
//打开文件
private void btnOpen_Click(object sender, EventArgs e)
{
OpenFileDialog od = new OpenFileDialog();
od.Filter = "pcap文件|*.pcap";
if (od.ShowDialog() == DialogResult.OK)
{
Clear();
ICaptureDevice offDev = new SharpPcap.LibPcap.CaptureFileReaderDevice(od.FileName);
RawCapture tempPacket;
offDev.Open();
while ((tempPacket = offDev.GetNextPacket()) != null)
{
packetList.Add(tempPacket);
ShowDataRows(tempPacket);
}
offDev.Close();
}
}
public void ProcessPcap()
{
sharpPcapDict = new Dictionary <Connection, TcpRecon>();
PcapDevice device;
totalPackets = 0;
totalTCPPackets = 0;
try
{
device = new SharpPcap.LibPcap.CaptureFileReaderDevice(capFile);
device.Open();
}
catch (Exception ex)
{
ErrorMessage = "Error Loading pcap with SharpPcap: " + ex.Message;
owner.Invoke(Complete, ips);
return;
}
device.OnPacketArrival += new SharpPcap.PacketArrivalEventHandler(device_PcapOnPacketArrival);
device.Capture(); //parse entire pcap until EOF
device.Close();
foreach (TcpRecon tr in sharpPcapDict.Values)
{
tr.isComplete = true;
if (tr.LastSavedOffset != tr.CurrentOffset)
{
AddNewNode(tr);
}
tr.Close();
}
sharpPcapDict.Clear();
owner.Invoke(Complete, ips);
return;
}
