public ConversationsForm(IPSession[] sessions)
{
InitializeComponent();
multiStreamView.Visible = false;
this.sessions = sessions;
multiStreamView.TransactionDoubleClick += new TransactionDoubleClickHandler(multiStreamView_TransactionDoubleClick);
exportToXMLToolStripMenuItem.Enabled = false;
submitToRepositoryToolStripMenuItem.Enabled = false;
}
public override bool HandleSession(IPSession session)
{
if (session.RemoteEndpoint.Port != XMPP_PORT)
return false;
PacketStream stream = session.GetNextStreamDirection();
if (stream.PeekStringUTF8(8) != "<stream")
return false;
// FIXME
return false;
}
public void AddSession(IPSession session)
{
sessions.Add(session);
session.NewTransactionNode += session_NewTransactionNode;
foreach (IPPacket p in session.StreamIn.Packets)
{
packets[p.Index] = p;
}
foreach (IPPacket p in session.StreamOut.Packets)
{
packets[p.Index] = p;
}
foreach (TransactionFactory fac in factories)
{
#if PRODUCTION
try
{
#endif
if (fac.HandleSession(session))
{
break;
}
#if PRODUCTION
}
catch (Exception e)
{
string msg = String.Format("An unhandled exception occured while the parser {0} was parsing session {1}: {2}\n\nBacktrace:\n{3}\n\nPlease submit your trace to [email protected]",
fac.GetType().Name, session, e.Message, e.StackTrace);
MessageBox.Show(msg, "Parsing error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
#endif
session.ResetState();
}
session.AllNodesAdded();
}
public override bool HandleSession(IPSession session)
{
//List<Configuration.Setting> settings = Configuration.ParserConfiguration.Settings[Name()];
//foreach(Configuration.Setting setting in settings)
// logger.AddMessage("Using property {0} with value {1}", setting.Property, setting.Value);
PacketStream stream = session.GetNextStreamDirection();
if ((session.RemoteEndpoint.Port == 1521) || (session.RemoteEndpoint.Port == redirPort)) {
//we're either connected to the standard Oracle port or the redirected port
}else
return false;
while (true) {
try {
TransactionNode transaction = new TransactionNode("OracleTransaction");
transaction.Description = transaction.Name;
TransactionNode tnsNode = ExtractTNSData(stream, StreamDirection.OUT);
if(tnsNode != null)
transaction.AddChild(tnsNode);
//response stream
stream = session.GetNextStreamDirection();
if (stream.GetBytesAvailable() != 0) {
tnsNode = ExtractTNSData(stream, StreamDirection.IN);
if(tnsNode != null)
transaction.AddChild(tnsNode);
}
if(transaction.Children.Count > 0)
session.AddNode(transaction);
//request stream (if exists)
stream = session.GetNextStreamDirection();
if(stream.GetBytesAvailable() == 0)
break;
} catch (EndOfStreamException) {
break;
}
}
return true;
}
public override VisualTransaction[] GetTransactions(IPSession session)
{
List<VisualTransaction> transactions = new List<VisualTransaction>(session.Events.Count);
foreach (TCPEvent ev in session.Events)
{
VisualTransaction transaction = new VisualTransaction(0, ev.Timestamp);
transaction.HeadlineText = ev.ToString();
transactions.Add(transaction);
}
return transactions.ToArray();
}
public override bool HandleSession(IPSession session)
{
if (session.LocalEndpoint.Port != 990)
return false;
this.session = session;
stream = session.GetNextStreamDirection();
// The device should send the first DWORD of the handshake
if (stream.CurPacket.Direction == PacketDirection.PACKET_DIRECTION_INCOMING)
{
HandleRapiHandshake();
}
if (stream.GetBytesAvailable() >= 4)
HandleRapiSession();
return true;
}
public void AddSession(IPSession session)
{
sessions.Add(session);
session.NewTransactionNode += session_NewTransactionNode;
foreach (IPPacket p in session.StreamIn.Packets)
{
packets[p.Index] = p;
}
foreach (IPPacket p in session.StreamOut.Packets)
{
packets[p.Index] = p;
}
foreach (TransactionFactory fac in factories)
{
#if PRODUCTION
try
{
#endif
if (fac.HandleSession(session))
break;
#if PRODUCTION
}
catch (Exception e)
{
string msg = String.Format("An unhandled exception occured while the parser {0} was parsing session {1}: {2}\n\nBacktrace:\n{3}\n\nPlease submit your trace to [email protected]",
fac.GetType().Name, session, e.Message, e.StackTrace);
MessageBox.Show(msg, "Parsing error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
#endif
session.ResetState();
}
session.AllNodesAdded();
}
private void ReadAllP2PDirectMessages(IPSession session, PacketStream stream)
{
while (stream.GetBytesAvailable() > 0)
{
try
{
TransactionNode node = ReadNextP2PDirectMessage(stream, "MSNP2PDirectMessage");
session.AddNode(node);
}
catch (EndOfStreamException e)
{
logger.AddMessage(String.Format("MSNP2PDirect: EOS at {0} ({1})", stream.Position, e));
break;
}
}
}
private bool HandleSwitchboardSession(IPSession session)
{
List<PacketSlice> slices = new List<PacketSlice>(1);
logger.AddMessage(String.Format("\r\n\r\nparsing session with remote endpoint: {0}\r\n", session.RemoteEndpoint));
while (true)
{
PacketStream stream = session.GetNextStreamDirection();
if (stream.GetBytesAvailable() == 0)
{
stream = session.GetNextStreamDirection();
if (stream.GetBytesAvailable() == 0)
{
break;
}
}
IPPacket pkt = stream.CurPacket;
PacketDirection direction = pkt.Direction;
try
{
string line = stream.PeekLineUTF8();
// Split the line up into CMD and the rest (being arguments, if any)
string[] tokens = line.Split(new char[] { ' ' }, 2);
logger.AddMessage(String.Format("{0} parsing command '{1}' (line: {2})",
(direction == PacketDirection.PACKET_DIRECTION_INCOMING) ? "<<" : ">>",
tokens[0], line));
// Set cmd and create an array of arguments if present
string cmd = tokens[0];
string[] arguments = new string[0];
if (tokens.Length > 1)
{
arguments = tokens[1].Split(new char[] { ' ' });
}
// Create command node
TransactionNode node = new TransactionNode("MSNSBCommand");
node.Description = cmd;
// Command field
stream.ReadBytes(StaticUtils.GetUTF8ByteCount(tokens[0]), slices);
node.AddField("Command", tokens[0], "Switchboard command.", slices);
if (arguments.Length > 0)
{
// Skip space between command and arguments
stream.ReadByte();
stream.ReadBytes(StaticUtils.GetUTF8ByteCount(tokens[1]), slices);
// Arguments fields
node.AddField("Arguments", tokens[1], "Arguments to command.", slices);
}
// Skip CRLF
stream.ReadBytes(2);
// Is there a payload?
bool hasPayload = false;
if (arguments.Length > 0)
{
List<string> payloadCommands =
(direction == PacketDirection.PACKET_DIRECTION_OUTGOING) ? payloadCommandsFromClient : payloadCommandsFromServer;
hasPayload = payloadCommands.Contains(cmd);
}
if (hasPayload)
{
int payloadLength = -1;
try
{
payloadLength = (int)Convert.ToUInt32(arguments[arguments.Length - 1]);
}
catch (FormatException)
{
}
if (payloadLength > 0)
{
TransactionNode payloadNode = new TransactionNode(node, "Payload");
logger.AddMessage(String.Format("Parsing {0} bytes of payload", payloadLength));
PayloadFormat format = PayloadFormat.TEXT;
string cmdUpper = cmd.ToUpper();
if (payloadCommandFormats.ContainsKey(cmdUpper))
format = payloadCommandFormats[cmdUpper];
if (format == PayloadFormat.MESSAGE)
{
SBParseMSG(stream, payloadNode, payloadLength);
}
else
{
string body = stream.ReadStringUTF8(payloadLength, slices);
switch (format)
{
case PayloadFormat.SLP:
payloadNode.AddTextField("MSNSLP", body, "MSNSLP data.", slices);
break;
case PayloadFormat.XML:
payloadNode.AddXMLField("XML", body, "XML data.", slices);
break;
default:
payloadNode.AddTextField("Text", body, "Text.", slices);
break;
}
}
}
}
session.AddNode(node);
}
catch (EndOfStreamException e)
{
logger.AddMessage(String.Format("MSNSwitchboard: EOS at {0} ({1})", stream.Position, e));
break;
}
}
logger.AddMessage("done with session\r\n\r\n");
return true;
}
public abstract VisualTransaction[] GetTransactions(IPSession session);
public override VisualTransaction[] GetTransactions(IPSession session)
{
List<MSNSessionMessage> messages = new List<MSNSessionMessage>();
Dictionary<UInt32, MSNP2PMessage> messageFromId = new Dictionary<UInt32, MSNP2PMessage>();
foreach (TransactionNode node in session.Nodes)
{
if (node.Name.StartsWith("MSN"))
{
TransactionNode chunk = node.FindChild("MSNP2PMessageChunk");
if (chunk != null)
{
MSNP2PMessage msg;
TransactionNode headers = chunk.FindChild("Headers");
UInt32 msgID = (UInt32)headers.Fields["MessageID"];
UInt32 chunkSize = (UInt32)headers.Fields["ChunkSize"];
if (messageFromId.ContainsKey(msgID))
{
msg = messageFromId[msgID];
}
else
{
PacketDirection direction =
headers.GetSlicesForFieldPath("SessionID")[0].Packet.Direction;
UInt32 sessionID = (UInt32)headers.Fields["SessionID"];
UInt32 flags = (UInt32)headers.Fields["Flags"];
UInt64 dataOffset = (UInt64)headers.Fields["DataOffset"];
UInt64 dataSize = (UInt64)headers.Fields["DataSize"];
UInt32 ackedMsgID = (UInt32)headers.Fields["AckedMsgID"];
UInt32 prevAckedMsgID = (UInt32)headers.Fields["PrevAckedMsgID"];
UInt64 ackedDataSize = (UInt64)headers.Fields["AckedDataSize"];
msg = new MSNP2PMessage(chunk.Index, direction, chunk.StartTime,
msgID, sessionID, flags, dataOffset, dataSize, ackedMsgID,
prevAckedMsgID, ackedDataSize);
messages.Add(msg);
messageFromId[msgID] = msg;
}
int maxPreview = 4096;
if (msg.Flags == 0x20)
{
maxPreview = 131072;
}
if (chunkSize > 0 && msg.Transferred < (ulong)maxPreview)
{
TransactionNode content = chunk.FindChild("Content");
//string fieldName = (msg.SessionID != 0) ? "Raw" : "MSNSLP";
byte[] bytes = (byte[])content.Fields[content.FieldNames[0]];
int n = bytes.Length;
int max = maxPreview - (int)msg.Transferred;
if (n > max)
n = max;
msg.PreviewData.Write(bytes, 0, bytes.Length);
}
msg.EndTime = chunk.EndTime;
msg.Transferred += chunkSize;
}
else
{
TransactionNode bodyNode = node.FindChild("Payload");
if (bodyNode != null && bodyNode.Fields.ContainsKey("MSNSLP"))
{
MSNSLPMessage msg = new MSNSLPMessage(bodyNode.Index,
bodyNode.GetSlicesForFieldPath("MSNSLP")[0].Packet.Direction,
bodyNode.StartTime, (string) bodyNode["MSNSLP"]);
messages.Add(msg);
}
}
}
}
return messages.ToArray();
}
public abstract bool HandleSession(IPSession session);
public override bool HandleSession(IPSession session)
{
PacketStream stream = session.GetNextStreamDirection();
string line;
try
{
line = stream.PeekLineUTF8();
}
catch (EndOfStreamException)
{
return false;
}
string[] tokens = line.Split(new char[] { ' ' });
if (!tokens[tokens.Length - 1].StartsWith("HTTP/1."))
{
return false;
}
// At this point it should be safe enough to assume we're
// dealing with an HTTP session.
while (true)
{
try
{
TransactionNode transaction = new TransactionNode("HTTPTransaction");
TransactionNode request = ExtractHttpData(stream, HTTPTransactionType.REQUEST);
transaction.AddChild(request);
string desc = request.Description;
stream = session.GetNextStreamDirection();
if (stream.GetBytesAvailable() != 0)
{
TransactionNode response = ExtractHttpData(stream, HTTPTransactionType.RESPONSE);
transaction.AddChild(response);
if (response.Fields.ContainsKey("Result") &&
((string)response.Fields["Result"]).StartsWith("100 "))
{
response = ExtractHttpData(stream, HTTPTransactionType.RESPONSE, "Response2");
transaction.AddChild(response);
}
desc += " => " + response.Description;
}
transaction.Description = desc;
session.AddNode(transaction);
stream = session.GetNextStreamDirection();
if (stream.GetBytesAvailable() == 0)
break;
}
catch (EndOfStreamException)
{
logger.AddMessage("HTTP premature EOF");
break;
}
catch (ProtocolError)
{
logger.AddMessage("HTTP protocol error");
break;
}
}
return true;
}
public override VisualTransaction[] GetTransactions(IPSession session)
{
List<HTTPMessage> messages = new List<HTTPMessage>();
foreach (TransactionNode node in session.Nodes)
{
if (node.Name == "HTTPTransaction")
{
TransactionNode subNode;
subNode = node.FindChild("Request", false);
if (subNode != null)
messages.Add(ParseNode(subNode, true));
subNode = node.FindChild("Response", false);
if (subNode != null)
messages.Add(ParseNode(subNode, false));
subNode = node.FindChild("Response2", false);
if (subNode != null)
messages.Add(ParseNode(subNode, false));
}
}
return messages.ToArray();
}
public override VisualTransaction[] GetTransactions(IPSession session)
{
List<VisualTransaction> transactions = new List<VisualTransaction>();
session.ResetState();
PacketStream stream1 = session.GetNextStreamDirection();
PacketStream stream2 = session.GetNextStreamDirection();
List<IPPacket> packets = new List<IPPacket>(stream1.Packets.Count + stream2.Packets.Count);
packets.AddRange(stream1.Packets);
packets.AddRange(stream2.Packets);
packets.Sort();
VisualTransaction transaction = null;
MemoryStream previewData = new MemoryStream();
int transferred = 0;
foreach (IPPacket packet in packets)
{
if (transaction == null || (transaction != null && packet.Direction != transaction.Direction))
{
if (transaction != null)
{
transaction.AddHeaderField("Size", transferred);
byte[] bytes = previewData.ToArray();
transaction.SetBodyFromPreviewData(bytes, bytes.Length);
}
transaction = new VisualTransaction(packet.Index, packet.Direction, packet.Timestamp);
transaction.AddHeaderField("Direction", packet.Direction);
transaction.HeaderRowsPerCol = 1;
transactions.Add(transaction);
previewData.SetLength(0);
transferred = 0;
}
transaction.EndTime = packet.Timestamp;
previewData.Write(packet.Bytes, 0, packet.Bytes.Length);
transferred += packet.Bytes.Length;
}
if (transaction != null)
{
transaction.AddHeaderField("Size", transferred);
byte[] bytes = previewData.ToArray();
transaction.SetBodyFromTruncatedPreviewData(bytes, transferred - bytes.Length);
}
return transactions.ToArray();
}
public VisualSession(IPSession session)
{
localEndpoint = session.LocalEndpoint;
remoteEndpoint = session.RemoteEndpoint;
transactions = new List<VisualTransaction>();
}
public override VisualTransaction[] GetTransactions(IPSession session)
{
List<VisualTransaction> messages = new List<VisualTransaction>();
char[] bodyTrimChars = new char[] { '\r', '\n' };
foreach (TransactionNode node in session.Nodes)
{
if (node.Name == "MSNSBCommand")
{
IPPacket pkt = node.Slices[0].Packet;
VisualTransaction vt = new VisualTransaction(node.Index, pkt.Direction, pkt.Timestamp);
string headline = (string) node["Command"];
if (node.Fields.ContainsKey("Arguments"))
headline += " " + (string) node["Arguments"];
vt.HeadlineText = headline;
XmlHighlighter highlighter = null;
TransactionNode payloadNode = node.FindChild("Payload", false);
if (payloadNode != null)
{
string body = "";
if (payloadNode.Fields.ContainsKey("XML"))
{
highlighter = new XmlHighlighter(XmlHighlightColorScheme.VisualizationScheme);
XmlUtils.PrettyPrint((string)payloadNode["XML"], out body, highlighter);
}
else if (payloadNode.Fields.ContainsKey("Text"))
{
body = (string)payloadNode["Text"];
}
else if (payloadNode.Fields.ContainsKey("MSNSLP"))
{
body = (string)payloadNode["MSNSLP"];
}
else if (payloadNode.FindChild("Headers") != null)
{
TransactionNode headersNode = payloadNode.FindChild("Headers");
vt.HeaderRowsPerCol = Int32.MaxValue;
foreach (string name in headersNode.Fields.Keys)
{
vt.AddHeaderField(name, headersNode.Fields[name].ToString());
}
TransactionNode bodyNode = payloadNode.FindChild("Body");
if (bodyNode != null)
{
body = bodyNode.Fields[bodyNode.FieldNames[0]].ToString();
body = body.TrimEnd(bodyTrimChars);
}
}
else
{
body = String.Format("Unhandled payload format: {0}",
(payloadNode.FieldNames.Count > 0) ? payloadNode.FieldNames[0] : payloadNode.Children[0].Name);
}
vt.BodyText = body;
if (highlighter != null)
highlighter.HighlightRichTextBox(vt.BodyBox);
}
messages.Add(vt);
}
}
return messages.ToArray();
}
private void AnalyzePackets(object param)
{
IProgressFeedback progress = param as IProgressFeedback;
//
// Find all the sessions and create a PacketStream for each
//
Dictionary<UInt32, IPSession> sessions = new Dictionary<UInt32, IPSession>();
List<UInt32> sessionList = new List<UInt32>();
IPSession session;
progress.ProgressUpdate("Identifying sessions", 0);
int i = 0;
foreach (IPPacket p in tmpPacketList)
{
UInt32 id = (UInt32) (p.ResourceId + p.RemoteEndpoint.Port);
if (sessions.ContainsKey(id))
session = sessions[id];
else
{
session = new IPSession();
sessions[id] = session;
sessionList.Add(id);
}
session.AddPacket(p);
i++;
progress.ProgressUpdate("Identifying sessions",
(int) ((i / (float) tmpPacketList.Count) * 100.0f));
}
//
// Add the events to the appropriate sessions
//
// First off, sort them by timestamp
tmpEventList.Sort();
// Then match them with the sessions
foreach (TCPEvent ev in tmpEventList)
{
if (sessions.ContainsKey(ev.ResourceId))
sessions[ev.ResourceId].AddEvent(ev);
}
// Don't need these any more now
tmpEventList.Clear();
tmpPacketList.Clear();
//
// Iterate over them, in sequence, and hand each over to the parser.
//
i = 0;
foreach (UInt32 id in sessionList)
{
session = sessions[id];
packetParser.AddSession(session);
i++;
progress.ProgressUpdate("Parsing sessions",
(int)((i / (float)sessionList.Count) * 100.0f));
}
}
public override bool HandleSession(IPSession session)
{
logger.AddMessage(String.Format("session.LocalEndpoint.Port={0}, session.RemoteEndpoint.Port={1}",
session.LocalEndpoint.Port, session.RemoteEndpoint.Port));
if (session.RemoteEndpoint.Port == MSN_SB_PORT)
return HandleSwitchboardSession(session);
PacketStream stream = session.GetNextStreamDirection();
if (stream.GetBytesAvailable() < 8)
return false;
List<PacketSlice> lenSlices = new List<PacketSlice>(1);
UInt32 len = stream.ReadU32LE(lenSlices);
if (len != 4)
return false;
List<PacketSlice> contentSlices = new List<PacketSlice>(1);
string str = stream.ReadCStringASCII((int) len, contentSlices);
if (str != "foo")
return false;
TransactionNode magicNode = new TransactionNode("MSNP2PDirectMagic");
magicNode.Description = magicNode.Name;
magicNode.AddField("Length", len, "Magic length.", lenSlices);
magicNode.AddField("Magic", str, "Magic string.", contentSlices);
TransactionNode requestNode = ReadNextP2PDirectMessage(stream, "Request");
stream = session.GetNextStreamDirection();
TransactionNode responseNode = ReadNextP2PDirectMessage(stream, "Response");
TransactionNode handshakeNode = new TransactionNode("MSNP2PDirectHandshake");
handshakeNode.Description = handshakeNode.Name;
handshakeNode.AddChild(requestNode);
handshakeNode.AddChild(responseNode);
session.AddNode(magicNode);
session.AddNode(handshakeNode);
ReadAllP2PDirectMessages(session, session.GetNextStreamDirection());
ReadAllP2PDirectMessages(session, session.GetNextStreamDirection());
return true;
}
