//Helper function which returns the information contained in the TCP header as a
//tree node
private TreeNode MakeTCPTreeNode(TCPHeader tcpHeader)
{
TreeNode tcpNode = new TreeNode();
tcpNode.Text = "TCP";
tcpNode.Nodes.Add("Source Port: " + tcpHeader.SourcePort);
tcpNode.Nodes.Add("Destination Port: " + tcpHeader.DestinationPort);
tcpNode.Nodes.Add("Sequence Number: " + tcpHeader.SequenceNumber);
if (tcpHeader.AcknowledgementNumber != "")
{
tcpNode.Nodes.Add("Acknowledgement Number: " + tcpHeader.AcknowledgementNumber);
}
tcpNode.Nodes.Add("Header Length: " + tcpHeader.HeaderLength);
tcpNode.Nodes.Add("Flags: " + tcpHeader.Flags);
tcpNode.Nodes.Add("Window Size: " + tcpHeader.WindowSize);
tcpNode.Nodes.Add("Checksum: " + tcpHeader.Checksum);
if (tcpHeader.UrgentPointer != "")
{
tcpNode.Nodes.Add("Urgent Pointer: " + tcpHeader.UrgentPointer);
}
//udpNode.Nodes.Add("Data: " + ByteArrayToString(udpHeader.Data));
tcpNode.Nodes.Add("Data: " + ByteArrayToString(tcpHeader.Data));
return(tcpNode);
}
private void ParseData(byte[] byteData, int nReceived)
{
TreeNode rootNode = new TreeNode();
TreeNode tcpOrudpNode = new TreeNode();
//Since all protocol packets are encapsulated in the IP datagram
//so we start by parsing the IP header and see what protocol data
//is being carried by it
IPHeader ipHeader = new IPHeader(byteData, nReceived);
//IPAddress IPsrc = NetCode.NetCode.ToIPAddress("10.226.38.232");
IPAddress IPsrc = NetCode.NetCode.ToIPAddress("10.226.41.152");
IPAddress IPsrcMy = NetCode.NetCode.ToIPAddress("10.226.42.35");
IPAddress IPsrcSanjat = NetCode.NetCode.ToIPAddress("10.226.43.104");
IPAddress IPsrcSanjatLaptop = NetCode.NetCode.ToIPAddress("10.226.38.232");
IPAddress IPsrcPriyanka = NetCode.NetCode.ToIPAddress("10.226.41.152");
IPAddress IPsrcList1 = NetCode.NetCode.ToIPAddress("192.168.0.10");
TreeNode ipNode = MakeIPTreeNode(ipHeader);
//string str1 = ipHeader.SourceAddress.ToString();
//if (str1 == IPsrc.ToString())
//{
// MessageBox.Show("Found");
//}
//if (ipHeader.SourceAddress.ToString() == IPsrc.ToString())
rootNode.Nodes.Add(ipNode);
//Now according to the protocol being carried by the IP datagram we parse
//the data field of the datagram
//int intAddress = BitConverter.ToInt32(IPAddress.Parse(address).GetAddressBytes(), 0);
// string ipAddress = new IPAddress(BitConverter.GetBytes(intAddress)).ToString();
PORT_SRC_ADDRESS = 0;
PORT_DEST_ADDRESS = 0;
//if (ipHeader.SourceAddress.ToString() == IPsrc.ToString())
switch (ipHeader.ProtocolType)
{
case Protocol.TCP:
TCPHeader tcpHeader = new TCPHeader(ipHeader.Data, //IPHeader.Data stores the data being
//carried by the IP datagram
ipHeader.MessageLength); //Length of the data field
TreeNode tcpNode = MakeTCPTreeNode(tcpHeader);
rootNode.Nodes.Add(tcpNode);
tcpOrudpNode = (TreeNode)tcpNode.Clone();
Array.Resize(ref (PACKET_DATA), tcpHeader.MessageLength);
PACKET_DATA = tcpHeader.Data;
PORT_SRC_ADDRESS = Convert.ToInt64(tcpHeader.DestinationPort);
PORT_DEST_ADDRESS = Convert.ToInt64(tcpHeader.SourcePort);
//If the port is equal to 53 then the underlying protocol is DNS
//Note: DNS can use either TCP or UDP thats why the check is done twice
if (tcpHeader.DestinationPort == "53" || tcpHeader.SourcePort == "53")
{
TreeNode dnsNode = MakeDNSTreeNode(tcpHeader.Data, (int)tcpHeader.MessageLength);
rootNode.Nodes.Add(dnsNode);
// tcpOrudpNode = (TreeNode)dnsNode.Clone();
}
break;
case Protocol.UDP:
UDPHeader udpHeader = new UDPHeader(ipHeader.Data, //IPHeader.Data stores the data being
//carried by the IP datagram
(int)ipHeader.MessageLength); //Length of the data field
TreeNode udpNode = MakeUDPTreeNode(udpHeader);
tcpOrudpNode = (TreeNode)udpNode.Clone();;
Array.Resize(ref (PACKET_DATA), udpHeader.Data.Length);
PACKET_DATA = udpHeader.Data;
rootNode.Nodes.Add(udpNode);
PORT_SRC_ADDRESS = Convert.ToInt64(udpHeader.DestinationPort);
PORT_DEST_ADDRESS = Convert.ToInt64(udpHeader.SourcePort);
//If the port is equal to 53 then the underlying protocol is DNS
//Note: DNS can use either TCP or UDP thats why the check is done twice
if (udpHeader.DestinationPort == "53" || udpHeader.SourcePort == "53")
{
TreeNode dnsNode = MakeDNSTreeNode(udpHeader.Data,
//Length of UDP header is always eight bytes so we subtract that out of the total
//length to find the length of the data
Convert.ToInt32(udpHeader.Length) - 8);
rootNode.Nodes.Add(dnsNode);
// tcpOrudpNode = (TreeNode)dnsNode.Clone();
}
break;
case Protocol.Unknown:
rootNode.Nodes.Add(ipHeader.ProtocolType.ToString());
break;
}
AddTreeNode addTreeNode = new AddTreeNode(OnAddTreeNode);
rootNode.Text = ipHeader.SourceAddress.ToString() + "-" +
ipHeader.DestinationAddress.ToString();
//Thread safe adding of the nodes
treeView.Invoke(addTreeNode, new object[] { rootNode });
// Resolve various host names
string _srcstr = ipHeader.SourceAddress.ToString();
//if (!SOURCEIP.Contains(_srcstr))// || !SOURCEIP.Contains("->"))
try
{
SOURCEIP.Add(_srcstr, "?");
}
catch (Exception ex)
{ }
//SOURCEIP.Sort();
if (!backgroundWorker1.IsBusy)
{
//listBox1.Refresh();
SOURCEIP_COPY = SOURCEIP;
//textBox6.Text = SOURCEIP_COPY.Count.ToString();
backgroundWorker1.RunWorkerAsync();
}
// Filter by sorting individual condition
string _str = ipHeader.SourceAddress.ToString() + ":" + ipHeader.DestinationAddress.ToString();
bool _PortFound = false;
bool _ProtocolFound = false;
bool _IPFound = false;
if (checkBox_Port.Checked == true && textBox_PORT.Text != null)
{
if (PORT_DEST_ADDRESS == Convert.ToInt32(textBox_PORT.Text) || PORT_SRC_ADDRESS == Convert.ToInt32(textBox_PORT.Text))
{
FILTERED_PORT.Add(_str); _PortFound = true;
}
}
if (checkBox_Protocol.Checked == true)
{
int _Protocol = -1;
if ((CMB_box == "TCP") && (ipHeader.ProtocolType == Protocol.TCP))
{
_Protocol = Convert.ToInt16(Protocol.TCP); PROTOCOL = "TCP";
}
else if ((CMB_box == "UDP") && (ipHeader.ProtocolType == Protocol.UDP))
{
_Protocol = Convert.ToInt16(Protocol.UDP); PROTOCOL = "UDP";
}
else
{
PROTOCOL = "UNKNOWN";
}
if (Convert.ToInt16(ipHeader.ProtocolType) == _Protocol)
{
FILTERED_PROTOCOL.Add(_str); _ProtocolFound = true;
}
}
else
{
PROTOCOL = "TCP/UDP";
}
if (checkBox_IP.Checked == true && textBox_IP.Text != null)
{
//if (ipHeader.SourceAddress.ToString() == textBox_IP.Text || ipHeader.DestinationAddress.ToString() == textBox_IP.Text)
if (_str.Contains(textBox_IP.Text) && _str.Contains(textBox_IPE.Text))
{
FILTERED_IP.Add(_str); _IPFound = true;
}
}
/////////////////////////////////////// filter common part as per filter condition
bool UPDATE_FLG = false;
PARSE_PROCESS_STAT = true;
if (checkBox_Port.Checked == false && checkBox_Protocol.Checked == false && checkBox_IP.Checked == false)
{
FILTERED.Add(_str); UPDATE_FLG = true;
}
else if (checkBox_Port.Checked == true && checkBox_Protocol.Checked == false && checkBox_IP.Checked == false)
{
if (_PortFound == true)
{
FILTERED.Add(_str); UPDATE_FLG = true;
}
}
else if (checkBox_Port.Checked == false && checkBox_Protocol.Checked == true && checkBox_IP.Checked == false)
{
if (_ProtocolFound == true)
{
FILTERED.Add(_str); UPDATE_FLG = true;
}
}
else if (checkBox_Port.Checked == false && checkBox_Protocol.Checked == false && checkBox_IP.Checked == true)
{
if (_IPFound == true)
{
FILTERED.Add(_str); UPDATE_FLG = true;
}
}
else if (checkBox_Port.Checked == true && checkBox_Protocol.Checked == true && checkBox_IP.Checked == false)
{
if (_PortFound == true && _ProtocolFound == true && _IPFound == false)
{
FILTERED.Add(_str); UPDATE_FLG = true;
}
}
else if (checkBox_Port.Checked == true && checkBox_Protocol.Checked == false && checkBox_IP.Checked == true)
{
if (_PortFound == true && _ProtocolFound == true && _IPFound == true)
{
FILTERED.Add(_str); UPDATE_FLG = true;
}
}
else if (checkBox_Port.Checked == false && checkBox_Protocol.Checked == true && checkBox_IP.Checked == true)
{
//foreach (string element in FILTERED_IP)
if (_PortFound == false && _ProtocolFound == true && _IPFound == true)
{
FILTERED.Add(_str); UPDATE_FLG = true;
}
}
else if (checkBox_Port.Checked == true && checkBox_Protocol.Checked == true && checkBox_IP.Checked == true)
{
//foreach (string element in FILTERED_PORT)
if (_PortFound == true && _ProtocolFound == true && _IPFound == true)
{
FILTERED.Add(_str); UPDATE_FLG = true;
}
}
//Remove the entry which contains my own IP
if (checkBox_MyIP.Checked == true && FILTERED.Count > 0)
{
if (FILTERED[FILTERED.Count - 1].ToString().Contains(InterfaceIP))
{
FILTERED.RemoveAt(FILTERED.Count - 1); UPDATE_FLG = false;
}
}
if (UPDATE_FLG == true && FILTERED.Count > 0)
{
UPDATE_FLG = false;
FILTERED[FILTERED.Count - 1] = _str;// +" [" + PORT_SRC_ADDRESS + ":" + PORT_DEST_ADDRESS + "]";
//FILTERED.Sort();
if (checkBox_rmvDuplicates.Checked == true)
{
FILTERED = RemoveDuplicates(FILTERED);
}
TreeNode _FilteredRootNode = new TreeNode();
IPHeader _ipHeader = new IPHeader(byteData, nReceived);
TreeNode _ipNode = MakeIPTreeNode(_ipHeader);
_FilteredRootNode.Nodes.Add(_ipNode);
_FilteredRootNode.Nodes.Add(tcpOrudpNode);
AddTreeNode _addTreeNode = new AddTreeNode(_OnAddTreeNode);
string _DATA = ByteArrayToString(PACKET_DATA);
_FilteredRootNode.Text = _ipHeader.SourceAddress.ToString() + "->" + _ipHeader.DestinationAddress.ToString() + "[" + _DATA + "]";
string _SourceInfo = _ipHeader.SourceAddress.ToString() + "[" + PORT_SRC_ADDRESS + "]";
string _DestInfo = _ipHeader.DestinationAddress.ToString() + "[" + PORT_DEST_ADDRESS + "]";
string _strdummy = "";
//Thread safe adding of the nodes
treeView1.Invoke(_addTreeNode, new object[] { _FilteredRootNode });
if (checkBoxSave.Checked)
{
if (textBoxClient.Text != null && textBoxServer.Text != null)
{
if (_SourceInfo.Contains(textBoxServer.Text) && _DestInfo.Contains(textBoxClient.Text))
{
PCK_CTR1++;
_strdummy = "Client<-Server,";
if (checkBoxHeader.Checked)
{
_strdummy = _strdummy + PROTOCOL + "," + _DestInfo + "<-" + _SourceInfo + ",";
}
_strdummy = _strdummy + _DATA;
Log("log.txt", _strdummy);
}
else if (textBoxClient.Text == textBoxServer.Text)
{
if (_SourceInfo.Contains(textBoxClient.Text) || _DestInfo.Contains(textBoxServer.Text))
{
PCK_CTR2++;
_strdummy = "**Client->Server,";
if (checkBoxHeader.Checked)
{
_strdummy = _strdummy + PROTOCOL + "," + _SourceInfo + "->" + _DestInfo + ",";
}
_strdummy = _strdummy + _DATA;
Log("log.txt", _strdummy);
}
else if (_SourceInfo.Contains(textBoxClient.Text) && _DestInfo.Contains(textBoxServer.Text))
{
PCK_CTR2++;
_strdummy = "Client->Server,";
if (checkBoxHeader.Checked)
{
_strdummy = _strdummy + PROTOCOL + "," + _SourceInfo + "->" + _DestInfo + ",";
}
_strdummy = _strdummy + _DATA;
Log("log.txt", _strdummy);
}
}
}
}
}
PARSE_PROCESS_STAT = false;
}
