public override IEnumerable <AbstractPacket> GetSubPackets(bool includeSelfReference)
{
if (includeSelfReference)
{
yield return(this);
}
//List<Packet> subPackets=new List<Packet>();
if (PacketStartIndex + 8 < PacketEndIndex)
{
AbstractPacket packet;
/*
* if(destinationPort==53 || sourcePort==53 || destinationPort==5353 || sourcePort==5353) {//DNS or Multicast DNS http://www.multicastdns.org/
* try {
* packet=new DnsPacket(ParentFrame, PacketStartIndex+8, PacketEndIndex);
* }
* catch(Exception e) {
* if (!this.ParentFrame.QuickParse)
* ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex+8, PacketEndIndex, "Cannot parse DNS packet ("+e.Message+")"));
* packet=new RawPacket(ParentFrame, PacketStartIndex+8, PacketEndIndex);
* }
* }
* else if(destinationPort==67 || destinationPort==68 || sourcePort==67 || sourcePort==68) {
* try {
* packet=new DhcpPacket(ParentFrame, PacketStartIndex+8, PacketEndIndex);
* }
* catch(Exception e) {
* if (!this.ParentFrame.QuickParse)
* ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex+8, PacketEndIndex, "Cannot parse DHCP (or BOOTP) protocol: "+e.Message));
* packet=new RawPacket(ParentFrame, PacketStartIndex+8, PacketEndIndex);
* }
*
* }
* else if(destinationPort==69 || sourcePort==69) {
* try {
* packet=new TftpPacket(ParentFrame, PacketStartIndex+8, PacketEndIndex);
* }
* catch(Exception e) {
* if (!this.ParentFrame.QuickParse)
* ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex+8, PacketEndIndex, "Cannot parse NetBiosNameServicePacket packet ("+e.Message+")"));
* packet=new RawPacket(ParentFrame, PacketStartIndex+8, PacketEndIndex);
* }
* }
* else if(destinationPort==137 || sourcePort==137) {
* try {
* packet=new NetBiosNameServicePacket(ParentFrame, PacketStartIndex+8, PacketEndIndex);
* }
* catch(Exception e) {
* if (!this.ParentFrame.QuickParse)
* ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex+8, PacketEndIndex, "Cannot parse NetBiosNameServicePacket packet ("+e.Message+")"));
* packet=new RawPacket(ParentFrame, PacketStartIndex+8, PacketEndIndex);
* }
* }
* else if(destinationPort==138 || sourcePort==138) {
* try {
* packet=new NetBiosDatagramServicePacket(ParentFrame, PacketStartIndex+8, PacketEndIndex);
* }
* catch(Exception e) {
* if (!this.ParentFrame.QuickParse)
* ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex+8, PacketEndIndex, "Cannot parse NetBiosDatagramServicePacket packet ("+e.Message+")"));
* packet=new RawPacket(ParentFrame, PacketStartIndex+8, PacketEndIndex);
* }
* }
* else if (destinationPort == 514 || sourcePort == 514) {
* try {
* packet = new SyslogPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
* }
* catch (Exception e) {
* if (!this.ParentFrame.QuickParse)
* ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse Syslog packet (" + e.Message + ")"));
* packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
* }
* }
* else if(destinationPort==1900 || sourcePort==1900) {
* try {
* packet=new UpnpPacket(ParentFrame, PacketStartIndex+8, PacketEndIndex);
* }
* catch(Exception e) {
* if (!this.ParentFrame.QuickParse)
* ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex+8, PacketEndIndex, "Cannot parse UPnP packet ("+e.Message+")"));
* packet=new RawPacket(ParentFrame, PacketStartIndex+8, PacketEndIndex);
* }
* }
* else if(destinationPort==5060 || sourcePort==5060) {
* try {
* packet=new SipPacket(ParentFrame, PacketStartIndex+8, PacketEndIndex);
* }
* catch(Exception e) {
* if (!this.ParentFrame.QuickParse)
* ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex+8, PacketEndIndex, "Cannot parse SIP packet ("+e.Message+")"));
* packet=new RawPacket(ParentFrame, PacketStartIndex+8, PacketEndIndex);
* }
* }
* else {
* packet=new RawPacket(ParentFrame, PacketStartIndex+8, PacketEndIndex);
* }
* */
ApplicationLayerProtocol l7Protocol = UdpPortProtocolFinder.Instance.GetApplicationLayerProtocol(TransportLayerProtocol.UDP, sourcePort, destinationPort);
if (l7Protocol == ApplicationLayerProtocol.Dns) //DNS or Multicast DNS http://www.multicastdns.org/
{
try {
packet = new DnsPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
catch (Exception e) {
if (!this.ParentFrame.QuickParse)
{
ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse DNS packet (" + e.Message + ")"));
}
packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
}
else if (l7Protocol == ApplicationLayerProtocol.Dhcp)
{
try {
packet = new DhcpPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
catch (Exception e) {
if (!this.ParentFrame.QuickParse)
{
ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse DHCP (or BOOTP) protocol: " + e.Message));
}
packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
}
else if (l7Protocol == ApplicationLayerProtocol.Tftp)
{
try {
packet = new TftpPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
catch (Exception e) {
if (!this.ParentFrame.QuickParse)
{
ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse NetBiosNameServicePacket packet (" + e.Message + ")"));
}
packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
}
else if (l7Protocol == ApplicationLayerProtocol.NetBiosNameService)
{
try {
packet = new NetBiosNameServicePacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
catch (Exception e) {
if (!this.ParentFrame.QuickParse)
{
ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse NetBiosNameServicePacket packet (" + e.Message + ")"));
}
packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
}
else if (l7Protocol == ApplicationLayerProtocol.NetBiosDatagramService)
{
try {
packet = new NetBiosDatagramServicePacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
catch (Exception e) {
if (!this.ParentFrame.QuickParse)
{
ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse NetBiosDatagramServicePacket packet (" + e.Message + ")"));
}
packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
}
else if (l7Protocol == ApplicationLayerProtocol.Syslog)
{
try {
packet = new SyslogPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
catch (Exception e) {
if (!this.ParentFrame.QuickParse)
{
ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse Syslog packet (" + e.Message + ")"));
}
packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
}
else if (l7Protocol == ApplicationLayerProtocol.Upnp)
{
try {
packet = new UpnpPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
catch (Exception e) {
if (!this.ParentFrame.QuickParse)
{
ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse UPnP packet (" + e.Message + ")"));
}
packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
}
else if (l7Protocol == ApplicationLayerProtocol.Sip)
{
try {
packet = new SipPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
catch (Exception e) {
if (!this.ParentFrame.QuickParse)
{
ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse SIP packet (" + e.Message + ")"));
}
packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
}
else
{
packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
yield return(packet);
foreach (AbstractPacket subPacket in packet.GetSubPackets(false))
{
yield return(subPacket);
}
}
}
public override IEnumerable <AbstractPacket> GetSubPackets(bool includeSelfReference)
{
if (includeSelfReference)
{
yield return(this);
}
//List<Packet> subPackets=new List<Packet>();
if (PacketStartIndex + 8 < PacketEndIndex)
{
AbstractPacket packet;
ApplicationLayerProtocol l7Protocol = UdpPortProtocolFinder.Instance.GetApplicationLayerProtocol(FiveTuple.TransportProtocol.UDP, sourcePort, destinationPort);
if (l7Protocol == ApplicationLayerProtocol.Unknown && UdpPortProtocolFinder.PipiInstance != null)
{
l7Protocol = UdpPortProtocolFinder.PipiInstance.GetApplicationLayerProtocol(this);//do a second attempt using PIPI (NM Pro only)
}
if (l7Protocol == ApplicationLayerProtocol.Dns) //DNS or Multicast DNS http://www.multicastdns.org/
{
try {
packet = new DnsPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
catch (Exception e) {
if (!this.ParentFrame.QuickParse)
{
ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse DNS packet (" + e.Message + ")"));
}
packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
}
else if (l7Protocol == ApplicationLayerProtocol.Dhcp)
{
try {
packet = new DhcpPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
catch (Exception e) {
if (!this.ParentFrame.QuickParse)
{
ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse DHCP (or BOOTP) protocol: " + e.Message));
}
packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
}
else if (l7Protocol == ApplicationLayerProtocol.Tftp)
{
try {
packet = new TftpPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
catch (Exception e) {
if (!this.ParentFrame.QuickParse)
{
ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse NetBiosNameServicePacket packet (" + e.Message + ")"));
}
packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
}
else if (l7Protocol == ApplicationLayerProtocol.NetBiosNameService)
{
try {
packet = new NetBiosNameServicePacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
catch (Exception e) {
if (!this.ParentFrame.QuickParse)
{
ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse NetBiosNameServicePacket packet (" + e.Message + ")"));
}
packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
}
else if (l7Protocol == ApplicationLayerProtocol.NetBiosDatagramService)
{
try {
packet = new NetBiosDatagramServicePacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
catch (Exception e) {
if (!this.ParentFrame.QuickParse)
{
ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse NetBiosDatagramServicePacket packet (" + e.Message + ")"));
}
packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
}
else if (l7Protocol == ApplicationLayerProtocol.Snmp)
{
try {
packet = new SnmpPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
catch (Exception e) {
if (!this.ParentFrame.QuickParse)
{
ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse SNMP packet (" + e.Message + ")"));
}
packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
}
else if (l7Protocol == ApplicationLayerProtocol.Syslog)
{
try {
packet = new SyslogPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
catch (Exception e) {
if (!this.ParentFrame.QuickParse)
{
ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse Syslog packet (" + e.Message + ")"));
}
packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
}
else if (l7Protocol == ApplicationLayerProtocol.Upnp)
{
try {
packet = new UpnpPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
catch (Exception e) {
if (!this.ParentFrame.QuickParse)
{
ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse UPnP packet (" + e.Message + ")"));
}
packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
}
else if (l7Protocol == ApplicationLayerProtocol.Sip)
{
try {
packet = new SipPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
catch (Exception e) {
if (!this.ParentFrame.QuickParse)
{
ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse SIP packet (" + e.Message + ")"));
}
packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
}
else if (l7Protocol == ApplicationLayerProtocol.Rtp)
{
try {
packet = new RtpPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
catch (Exception e) {
if (!this.ParentFrame.QuickParse)
{
ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse RTP packet (" + e.Message + ")"));
}
packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
}
else if (l7Protocol == ApplicationLayerProtocol.VXLAN)
{
try {
packet = new VxlanPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
catch (Exception e) {
if (!this.ParentFrame.QuickParse)
{
ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse VXLAN packet (" + e.Message + ")"));
}
packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
}
else
{
packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
yield return(packet);
foreach (AbstractPacket subPacket in packet.GetSubPackets(false))
{
yield return(subPacket);
}
}
}
public override IEnumerable <AbstractPacket> GetSubPackets(bool includeSelfReference)
{
if (includeSelfReference)
{
yield return(this);
}
//same as for Ethernet's GetSubPackets()
if (PacketStartIndex + 4 < PacketEndIndex)
{
AbstractPacket packet;
/*
* if(this.etherType==(ushort)Ethernet2Packet.EtherTypes.IPv4) {
* //IPv4 packet
* packet=new IPv4Packet(this.ParentFrame, PacketStartIndex+4, PacketEndIndex);
* }
* else if(this.etherType==(ushort)Ethernet2Packet.EtherTypes.ARP) {
* packet=new ArpPacket(this.ParentFrame, PacketStartIndex+4, PacketEndIndex);
* //ARP-packet
* }
* else {
* //something else
* packet=new RawPacket(this.ParentFrame, PacketStartIndex+4, PacketEndIndex);
* }*/
//copied from Ethernet2Packet.cs
if (this.etherType == (ushort)Ethernet2Packet.EtherTypes.IPv4)
{
//IPv4 packet
packet = new IPv4Packet(this.ParentFrame, PacketStartIndex + 4, PacketEndIndex);
}
else if (this.etherType == (ushort)Ethernet2Packet.EtherTypes.IPv6)
{
//IPv6 packet
packet = new IPv6Packet(this.ParentFrame, PacketStartIndex + 4, PacketEndIndex);
}
//else if(this.ParentFrame.Data[PacketStartIndex+12]==0x08 && this.ParentFrame.Data[PacketStartIndex+13]==0x06) {
else if (this.etherType == (ushort)Ethernet2Packet.EtherTypes.ARP)
{
packet = new ArpPacket(this.ParentFrame, PacketStartIndex + 4, PacketEndIndex);
//ARP-packet
}
else if (this.etherType == (ushort)Ethernet2Packet.EtherTypes.IEEE802_1Q)
{
//VLAN
packet = new IEEE_802_1Q_VlanPacket(this.ParentFrame, PacketStartIndex + 4, PacketEndIndex);
}
else if (this.etherType == (ushort)Ethernet2Packet.EtherTypes.PPPoE)
{
packet = new PointToPointOverEthernetPacket(ParentFrame, PacketStartIndex + 4, PacketEndIndex);
}
//etherType might actually be a content length if it is an IEEE 802.3 packet
else if (this.etherType < 0x0600)
{
//the etherType showed to actually be a length value
packet = new LogicalLinkControlPacket(this.ParentFrame, PacketStartIndex + 4, PacketEndIndex);
}
else
{
//something else
packet = new RawPacket(this.ParentFrame, PacketStartIndex + 4, PacketEndIndex);
}
yield return(packet);
foreach (AbstractPacket subPacket in packet.GetSubPackets(false))
{
yield return(subPacket);
}
}
}
public override IEnumerable <AbstractPacket> GetSubPackets(bool includeSelfReference)
{
if (includeSelfReference)
{
yield return(this);
}
if (this.fragmentOffset != 0 || this.moreFragmentsFlag)
{
if (!this.ParentFrame.QuickParse)
{
byte[] reassembledIpFrameData = null;
string fragmentID = this.GetFragmentIdentifier();
lock (PacketHandler.Ipv4Fragments) {
List <IPv4Packet> ipPacketList;
if (!PacketHandler.Ipv4Fragments.ContainsKey(fragmentID))
{
ipPacketList = new List <IPv4Packet>();
PacketHandler.Ipv4Fragments.Add(fragmentID, ipPacketList);
}
else
{
ipPacketList = PacketHandler.Ipv4Fragments[fragmentID];
}
ipPacketList.Add(this);
//see if we have all fragments of a complete IP packet
bool allFragmentsHaveMoreFragmentsFlag = true;
int completeIpPacketPayloadLength = 0;
foreach (IPv4Packet p in ipPacketList)
{
completeIpPacketPayloadLength += p.PayloadLength;
if (!p.moreFragmentsFlag)
{
allFragmentsHaveMoreFragmentsFlag = false;
}
}
if (!allFragmentsHaveMoreFragmentsFlag)
{
//we might actually have all the fragments!
reassembledIpFrameData = new byte[this.HeaderLength + completeIpPacketPayloadLength];
if (reassembledIpFrameData.Length > UInt16.MaxValue)
{
PacketHandler.Ipv4Fragments.Remove(fragmentID);
yield break;
}
foreach (IPv4Packet p in ipPacketList)
{
if (p.fragmentOffset + this.HeaderLength + p.PayloadLength > reassembledIpFrameData.Length)
{
yield break;
}
Array.Copy(p.ParentFrame.Data, p.PacketStartIndex + p.HeaderLength, reassembledIpFrameData, p.fragmentOffset + this.HeaderLength, p.PayloadLength);
}
PacketHandler.Ipv4Fragments.Remove(fragmentID);//we don't want to reassemble this IP frame any more
//we now need to create a fake frame and run GetSubPackets(false) on it
}
}//Release lock on PacketHandler.Ipv4Fragments
if (reassembledIpFrameData != null && reassembledIpFrameData.Length > this.HeaderLength)
{
Array.Copy(this.ParentFrame.Data, this.PacketStartIndex, reassembledIpFrameData, 0, this.headerLength);
//totalLength = (ushort)reassembledIpFrameData.Length;
Utils.ByteConverter.ToByteArray((ushort)reassembledIpFrameData.Length, reassembledIpFrameData, 2);
//moreFragmentsFlag = false;
//fragmentOffset = 0;
reassembledIpFrameData[6] = 0;
reassembledIpFrameData[7] = 0;
Frame reassembledFrame = new Frame(this.ParentFrame.Timestamp, reassembledIpFrameData, ParentFrame.FrameNumber);
IPv4Packet reassembledIpPacket = new IPv4Packet(reassembledFrame, 0, reassembledFrame.Data.Length - 1);
reassembledIpPacket.fragmentOffset = 0;
reassembledIpPacket.moreFragmentsFlag = false;
reassembledIpPacket.totalLength = (ushort)reassembledIpFrameData.Length;
foreach (AbstractPacket subPacket in reassembledIpPacket.GetSubPackets(false))
{
yield return(subPacket);
}
}
}
}
else if (PacketStartIndex + headerLength < PacketEndIndex && this.fragmentOffset == 0)
{
AbstractPacket packet;
try {
if (this.protocol == (byte)IPv4Packet.RFC1700Protocols.TCP)
{
//TCP packet
packet = new TcpPacket(this.ParentFrame, PacketStartIndex + headerLength, PacketEndIndex);
}
else if (this.protocol == (byte)IPv4Packet.RFC1700Protocols.UDP)
{
//UDP packet
packet = new UdpPacket(this.ParentFrame, PacketStartIndex + headerLength, PacketEndIndex);
}
else if (this.protocol == (byte)IPv4Packet.RFC1700Protocols.IPv6)
{
packet = new IPv6Packet(this.ParentFrame, PacketStartIndex + headerLength, PacketEndIndex);
}
else if (this.protocol == (byte)IPv4Packet.RFC1700Protocols.GRE)
{
packet = new GrePacket(this.ParentFrame, PacketStartIndex + headerLength, PacketEndIndex);
}
else
{
packet = new RawPacket(ParentFrame, PacketStartIndex + headerLength, PacketEndIndex);
}
}
catch (Exception) {
packet = new RawPacket(ParentFrame, PacketStartIndex + headerLength, PacketEndIndex);
}
yield return(packet);
foreach (AbstractPacket subPacket in packet.GetSubPackets(false))
{
yield return(subPacket);
}
}
}
internal IEnumerable <AbstractPacket> GetSubPackets(bool includeSelfReference, ISessionProtocolFinder protocolFinder, bool clientToServer)
{
if (includeSelfReference)
{
yield return(this);
}
if (PacketStartIndex + dataOffsetByteCount < PacketEndIndex)
{
AbstractPacket packet = null;
if (protocolFinder.GetConfirmedApplicationLayerProtocol() != ApplicationLayerProtocol.Unknown)
{
try {
packet = this.GetProtocolPacket(protocolFinder.GetConfirmedApplicationLayerProtocol(), clientToServer);
}
catch { }
}
if (packet == null)
{
foreach (ApplicationLayerProtocol protocol in protocolFinder.GetProbableApplicationLayerProtocols())
{
try {
packet = this.GetProtocolPacket(protocol, clientToServer);
if (packet != null)
{
protocolFinder.SetConfirmedApplicationLayerProtocol(protocol, true);
break;
}
/*
* if (protocol == ApplicationLayerProtocol.Dns) {
* packet = new DnsPacket(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex);
* protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Dns;
* break;
* }
* else if (protocol == ApplicationLayerProtocol.FtpControl) {
* if (FtpPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, clientToServer, out packet)) {
* protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.FtpControl;
* break;
* }
* }
* else if (protocol == ApplicationLayerProtocol.Http) {
* if (HttpPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet)) {
* protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Http;
* break;
* }
* }
* else if (protocol == ApplicationLayerProtocol.Irc) {
* if (IrcPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet)) {
* protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Irc;
* break;
* }
* }
* else if (protocol == ApplicationLayerProtocol.IEC_104) {
* if (IEC_60870_5_104Packet.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet)) {
* protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.IEC_104;
* break;
* }
* }
* else if (protocol == ApplicationLayerProtocol.Imap) {
* packet = new ImapPacket(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, clientToServer);
* protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Imap;
* break;
* }
* else if (protocol == ApplicationLayerProtocol.ModbusTCP) {
* if (ModbusTcpPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, this.sourcePort, this.destinationPort, out packet)) {
* protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.ModbusTCP;
* break;
* }
* }
* else if (protocol == ApplicationLayerProtocol.NetBiosNameService) {
* packet = new NetBiosNameServicePacket(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex);
* protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.NetBiosNameService;
* break;
* }
* else if (protocol == ApplicationLayerProtocol.NetBiosSessionService) {
* //if (NetBiosSessionService.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet)) {
* if (NetBiosSessionService.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, this.sourcePort, this.destinationPort, out packet)) {
* //packet = new NetBiosSessionService(ParentFrame, PacketStartIndex+dataOffsetByteCount, PacketEndIndex, false);
* protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.NetBiosSessionService;
* break;
* }
* }
* else if (protocol == ApplicationLayerProtocol.OpenFlow) {
* if (OpenFlowPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet)) {
* protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.OpenFlow;
* break;
* }
* }
* else if (protocol == ApplicationLayerProtocol.Oscar) {
* if (OscarPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet)) {
* protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Oscar;
* break;
* }
* }
* else if (protocol == ApplicationLayerProtocol.OscarFileTransfer) {
* if (OscarFileTransferPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet)) {
* protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.OscarFileTransfer;
* break;
* }
* }
* else if (protocol == ApplicationLayerProtocol.Pop3) {
* packet = new Pop3Packet(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, clientToServer);
* protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Pop3;
* break;
* }
* else if (protocol == ApplicationLayerProtocol.Smtp) {
* packet = new SmtpPacket(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, clientToServer);
* protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Smtp;
* break;
* }
* else if (protocol == ApplicationLayerProtocol.Socks) {
* if (SocksPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, clientToServer, out packet)) {
* protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Socks;
* break;
* }
* }
* else if (protocol == ApplicationLayerProtocol.SpotifyServerProtocol) {
* if (SpotifyKeyExchangePacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, clientToServer, out packet)) {
* protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.SpotifyServerProtocol;
* break;
* }
* }
* else if (protocol == ApplicationLayerProtocol.Ssh) {
* if (SshPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet)) {
* protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Ssh;
* break;
* }
* }
* else if (protocol == ApplicationLayerProtocol.Ssl) {
* if (SslPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet)) {
* protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Ssl;
* break;
* }
* }
* else if (protocol == ApplicationLayerProtocol.TabularDataStream) {
* packet = new TabularDataStreamPacket(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex);
* protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.TabularDataStream;
* break;
* }
* else if (protocol == ApplicationLayerProtocol.Tpkt) {
* if (TpktPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, this, out packet)) {
* protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Tpkt;
* break;
* }
* }*/
}
catch (Exception) {
packet = null;
}
}
}
if (packet == null)
{
packet = new RawPacket(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex);
}
yield return(packet);
foreach (AbstractPacket subPacket in packet.GetSubPackets(false))
{
yield return(subPacket);
}
}
}