private void GetIpProtocol(Packet packet, PacketInfo info)
{
switch (packet.Ethernet.IpV4.Protocol)
{
case IpV4Protocol.InternetControlMessageProtocol:
IcmpDatagram icmp = packet.Ethernet.IpV4.Icmp;
if (icmp != null)
{
info.Protocol = "ICMP";
info.Info = "Echo (ping)";
info.Layers.ICMPInfo = $"Checksum: {icmp.Checksum}";
}
break;
case IpV4Protocol.Tcp:
var tcp = packet.Ethernet.IpV4.Tcp;
info.Protocol = "TCP";
info.Info = $"{tcp.SourcePort} → {tcp.DestinationPort} [{GetFlags(tcp)}] " +
$"Seq={tcp.SequenceNumber} Win={tcp.Window} Len={tcp.Length}";
/////////////// HTTP Request//////////////////
var header = tcp.Http.Header;
if (header != null)
{
info.Protocol = "HTTP";
info.Layers.HTTPInfo = "Header: " + header;
}
/////////////// TCP Layer//////////////////
info.Layers.TCPInfo = $"Source Port: {tcp.SourcePort}\nDestination Port: {tcp.DestinationPort}" +
$"\nSequence number: {tcp.SequenceNumber}\nNext sequence number: {tcp.NextSequenceNumber}" +
$"\nAcknowledgement number: {tcp.AcknowledgmentNumber}\nHeader Length: {tcp.HeaderLength}" +
$"\nWindow size value: {tcp.Window}\nChecksum: {tcp.Checksum}";
break;
case IpV4Protocol.Udp:
UdpDatagram udp = packet.Ethernet.IpV4.Udp;
info.Protocol = "UDP";
info.Info = $"{udp.SourcePort} → {udp.DestinationPort} Len={udp.Length}";
info.Layers.UDPInfo = $"Source Port: {udp.SourcePort}\nDestination Port: {udp.DestinationPort}" +
$"\nLength: {udp.TotalLength}\nChecksum: {udp.Checksum}";
break;
case IpV4Protocol.InternetControlMessageProtocolForIpV6:
info.Protocol = "ICMPv6";
break;
default:
break;
}
}
private void GetEthernetType(Packet packet, PacketInfo info)
{
switch (packet.Ethernet.EtherType)
{
case PcapDotNet.Packets.Ethernet.EthernetType.None:
break;
case PcapDotNet.Packets.Ethernet.EthernetType.IpV4:
var ip = packet.Ethernet.IpV4;
info.Layers.IPInfo = $"Internet Protocol Version 4\nSource: {ip.Source}\nDestination: {ip.Destination}" +
$"\nHeader Length: {ip.HeaderLength}" +
$"\nTotal Length: {ip.TotalLength}" +
$"\nTime to live: {ip.Ttl}";
GetIpProtocol(packet, info);
break;
case PcapDotNet.Packets.Ethernet.EthernetType.Arp:
info.Protocol = "ARP";
var arp = packet.Ethernet.Arp;
var senderIP = arp.SenderProtocolIpV4Address;
var targetIP = arp.TargetProtocolIpV4Address;
info.Source = packet.Ethernet.Source.ToString();
info.Destination = packet.Ethernet.Destination.ToString();
if (info.Destination == "FF:FF:FF:FF:FF:FF")
{
info.Info = $"Who has {targetIP}? Tell {senderIP}";
info.Destination = "Broadcast";
}
else
{
info.Info = $"{senderIP} is at {info.Source}";
}
break;
case PcapDotNet.Packets.Ethernet.EthernetType.IpV6:
info.Layers.IPInfo = "Internet Protocol Version 6";
GetIpProtocol(packet, info);
break;
default:
break;
}
info.Layers.EthernetInfo = $"Source: {packet.Ethernet.Source}\nDestination: {packet.Ethernet.Destination}";
}
/// <summary>
/// Phân tích gói tin và cho vào danh sách gói tin đã bắt được
/// </summary>
/// <param name="packet">Gói tin đang được xử lý</param>
private void PacketHandler(Packet packet)
{
///////////////////Lấy thông tin cơ bản///////////////////////
PacketInfo info = new PacketInfo();
info.ID = ListCapturedPackets.Count + 1; // ban đầu là 0 id =1
info.Time = stopwatch.Elapsed.TotalSeconds;
IpV4Datagram ip = packet.Ethernet.IpV4;
info.Source = ip.Source.ToString();
info.Destination = ip.Destination.ToString();
info.Protocol = packet.Ethernet.IpV4.Protocol.ToString();
info.Length = packet.Length;
string hex = packet.BytesSequenceToHexadecimalString();
info.Buffer = new PacketBuff(ProcessString(hex), HextoString(hex));
///////////////////Lấy thông tin ở các tầng trong TCP/IP///////////////////////
info.Layers = new PacketLayer();
GetEthernetType(packet, info);
///////////////////Thêm vào danh sách///////////////////////
ListCapturedPackets.Add(info);
}