Capture packets from an offline pcap file
Inheritance: SharpPcap.PcapDevice
        private void SendCaptureFile()
        {
            if (!ValidateUserInput())
            {
                return;
            }

            // Get the network device through which the packets will be sent.
            PcapDevice device = chooseDeviceUserControl.Device;

            // Get an offline file pcap device
            PcapDevice offlineDevice = new PcapOfflineDevice(textBoxCaptureFile.Text);

            PcapSendQueue sendQueue = null;

            bool isDeviceOpenedInThisForm = false;

            try
            {
                Cursor = Cursors.WaitCursor;

                if (!device.Opened)
                {
                    device.Open();
                    isDeviceOpenedInThisForm = true;
                }

                // Open the device for capturing
                offlineDevice.Open();

                // Allocate a new send queue
                sendQueue = new PcapSendQueue
                    ((int)((PcapOfflineDevice)offlineDevice).FileSize);

                Packet packet;

                // Go through all packets in the file and add to the queue
                while ((packet = offlineDevice.GetNextPacket()) != null)
                {
                    if (!sendQueue.Add(packet))
                    {
                        MessageBox.Show(
                            "Packet buffer too small, not all the packets will be sent.",
                            "Warning",
                            MessageBoxButtons.OK,
                            MessageBoxIcon.Warning);

                        break;
                    }
                }

                if (device.PcapDataLink != offlineDevice.PcapDataLink)
                {
                    DialogResult answer = MessageBox.Show(
                        "The datalink of the capture differs from the one of the" +
                        "\nselected interface. Do you want to continue?",
                        "Question",
                        MessageBoxButtons.YesNo,
                        MessageBoxIcon.Question);

                    if (answer == DialogResult.No)
                    {
                        return;
                    }
                }

                int bytesSent = device.SendQueue(sendQueue, false);

                if (bytesSent < sendQueue.CurrentLength)
                {
                    MessageBox.Show(
                        String.Format("An error occurred sending the packets: {0}.\nOnly {1} bytes were sent.", device.LastError, bytesSent),
                        "Error",
                        MessageBoxButtons.OK,
                        MessageBoxIcon.Error);
                }
            }
            catch (Exception ex)
            {
                MessageBox.Show(ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
            }
            finally
            {
                // Close the pcap device
                offlineDevice.Close();

                // Free the queue
                if (sendQueue != null)
                {
                    sendQueue.Dispose();
                }

                if (isDeviceOpenedInThisForm)
                {
                    device.Close();
                }

                Cursor = Cursors.Default;
            }
        }
Ejemplo n.º 2
0
        private void mFileImportMenu_Click(object pSender, EventArgs pArgs)
        {
            if (mImportDialog.ShowDialog(this) != DialogResult.OK) return;
            PcapOfflineDevice device = new PcapOfflineDevice(mImportDialog.FileName);
            device.Open();

            Packet packet = null;
            SessionForm session = null;
            while ((packet = device.GetNextPacket()) != null)
            {
                TCPPacket tcpPacket = packet as TCPPacket;
                if (tcpPacket == null) continue;
                if ((tcpPacket.SourcePort < Config.Instance.LowPort || tcpPacket.SourcePort > Config.Instance.HighPort) &&
                    (tcpPacket.DestinationPort < Config.Instance.LowPort || tcpPacket.DestinationPort > Config.Instance.HighPort)) continue;
                if (tcpPacket.Syn && !tcpPacket.Ack) { session = NewSession(); session.BufferTCPPacket(tcpPacket); }
                else if (session.MatchTCPPacket(tcpPacket)) session.BufferTCPPacket(tcpPacket);
            }
        }
Ejemplo n.º 3
0
        private void mFileImportMenu_Click(object pSender, EventArgs pArgs)
        {
            if (mImportKEYSDialog.ShowDialog(this) != DialogResult.OK) return;
            byte[] characterKey = null;
            byte[] worldKey = null;
            using (BinaryReader reader = new BinaryReader(new FileStream(mImportKEYSDialog.FileName, FileMode.Open)))
            {
                while (reader.BaseStream.Position < reader.BaseStream.Length)
                {
                    bool unknown = false;
                    switch (reader.ReadByte())
                    {
                        case 0x00:
                            characterKey = reader.ReadBytes(128);
                            break;
                        case 0x01:
                            worldKey = reader.ReadBytes(128);
                            break;
                        default: unknown = true; break;
                    }
                    if (unknown) break;
                }
            }
            if (characterKey == null && worldKey == null)
            {
                MessageBox.Show(this, "You have selected an invalid keys file.", "Invalid Keys", MessageBoxButtons.OK, MessageBoxIcon.Error);
                return;
            }
            if (characterKey != null) Array.Reverse(characterKey);
            if (worldKey != null) Array.Reverse(worldKey);
            Dictionary<bool, byte[]> keys = new Dictionary<bool, byte[]>();
            keys[true] = characterKey;
            keys[false] = worldKey;

            if (mImportPCAPDialog.ShowDialog(this) != DialogResult.OK) return;
            string pcapFileName = mImportPCAPDialog.FileName;
            PcapOfflineDevice device = new PcapOfflineDevice(pcapFileName);
            device.Open();

            Packet packet = null;
            SessionForm session = null;
            Dictionary<SessionForm, int> totalSessionTCPPackets = new Dictionary<SessionForm, int>();
            HashSet<SessionForm> terminatedSessions = new HashSet<SessionForm>();
            while ((packet = device.GetNextPacket()) != null)
            {
                TCPPacket tcpPacket = packet as TCPPacket;
                if (tcpPacket == null) continue;
                session = Array.Find(MdiChildren, f => (f as SessionForm).MatchTCPPacket(tcpPacket)) as SessionForm;
                if (session == null && tcpPacket.Syn && !tcpPacket.Ack)
                {
                    session = NewSession();
                    session.ImportClientPrivateKeys(keys);
                    session.BufferTCPPacket(tcpPacket);
                    totalSessionTCPPackets[session] = 0;
                    Application.DoEvents();
                }
                if (session != null && !terminatedSessions.Contains(session)) totalSessionTCPPackets[session] += 1;
                if (session != null && (tcpPacket.Fin || tcpPacket.Rst)) terminatedSessions.Add(session);
            }
            device.Close();

            device = new PcapOfflineDevice(pcapFileName);
            device.Open();

            Dictionary<SessionForm, int> processedSessionTCPPackets = new Dictionary<SessionForm, int>();
            Dictionary<SessionForm, int> processedSessionPercents = new Dictionary<SessionForm, int>();
            while ((packet = device.GetNextPacket()) != null)
            {
                if (mClosing) break;
                TCPPacket tcpPacket = packet as TCPPacket;
                if (tcpPacket == null) continue;
                session = Array.Find(MdiChildren, f => (f as SessionForm).MatchTCPPacket(tcpPacket)) as SessionForm;
                if (session != null)
                {
                    if (mDockPanel.ActiveDocument != session) session.Activate();
                    if (!processedSessionTCPPackets.ContainsKey(session)) processedSessionTCPPackets[session] = 0;
                    if (!processedSessionPercents.ContainsKey(session)) processedSessionPercents[session] = 0;
                    processedSessionTCPPackets[session] += 1;
                    session.BufferTCPPacket(tcpPacket);

                    int newPercent = (processedSessionTCPPackets[session] * 100) / totalSessionTCPPackets[session];
                    while (newPercent > processedSessionPercents[session])
                    {
                        processedSessionPercents[session] += 1;
                        session.ProgressUpdate();
                    }
                }
            }
        }
Ejemplo n.º 4
0
        private void OpenCaptureFile()
        {
            if (!capturedPacketsHaveBeenSaved)
            {
                DialogResult userWish = ShowDialogAskingUserToSaveCaptureData(ActionType.OpeningCaptureFile);

                if (userWish == DialogResult.OK)
                {
                    SaveCapturedPacketsToFile();
                }
                else if (userWish == DialogResult.Cancel)
                {
                    return;
                }
            }

            // Nullify the packets counter and clear the structures that keep
            // the captured packets info
            ClearDataStructures();

            capturedPacketsHaveBeenSaved = true;

            if (openCaptureFileDialog.ShowDialog() != DialogResult.OK)
            {
                SetNavigationButtonsEnabledState(false);
                return;
            }

            // Get an offline file pcap device
            PcapDevice offlineDevice = new PcapOfflineDevice(openCaptureFileDialog.FileName);

            try
            {
                Cursor = Cursors.WaitCursor;

                // Open the device for capturing
                offlineDevice.Open();

                // Register our handler function to the "packet arrival" event
                offlineDevice.OnPacketArrival += new Pcap.PacketArrivalEvent(device_OnPacketArrival);

                // Start capture "INFINTE" number of packets
                // This method will return when EOF reached.
                offlineDevice.Capture(Pcap.INFINITE);

                // Set the MainForm text
                SetMainFormText(String.Format("{0} - Traffic Dissector", Path.GetFileName(openCaptureFileDialog.FileName)));

                // Set the status labels texts
                SetStatusLabelsTexts(String.Format("File: \"{0}\"", openCaptureFileDialog.FileName), packetsCount == 0 ? "|No packets" : String.Format("|Displayed packets: {0}", packetsCount));
            }
            catch (Exception ex)
            {
                MessageBox.Show(ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
            }
            finally
            {
                // Close the pcap device
                offlineDevice.Close();

                Cursor = Cursors.Default;
            }
        }