/// <summary>
/// Process current conversation
/// </summary>
protected override void ProcessConversation()
{
if (this.CurrentConversation.L7PDUs.Any())
{
this.SnooperExport.TimeStampFirst = this.CurrentConversation.FirstSeen;
}
Debug.WriteLine("SnooperRTP.ProcessConversation() called");
if (this.CurrentConversation.ApplicationProtocols.Contains(this.RTPTaxonomyProtocol))
{
if (this.CurrentConversation.L7PDUs.Count() < this._minPackets)
{
return;
}
if (this.CurrentConversation.L7PDUs.Any(pdu => ApplicationRecognizerRTP.RecognizeProto(pdu.PDUByteArr) != ApplicationRecognizerRTP.Proto.RTP))
{
return;
}
//this is RTP
this.ProcessRTP();
}
else if (this.CurrentConversation.ApplicationProtocols.Contains(this.RtcpTaxonomyProtocol))
{
if (this.CurrentConversation.L7PDUs.Any(pdu => ApplicationRecognizerRTP.RecognizeProto(pdu.PDUByteArr) != ApplicationRecognizerRTP.Proto.RTCP))
{
return;
}
//this is RTCP
this.ProcessRTCP();
}
}
/// <summary>
/// Encapsulates basic Protocol to Port mapping and manipulation Instance is shared through one
/// investigation so changes is global to all If some changes like to add well-known protocol to
/// port mapping are required, please feel free to update it in code of InbarProtocolPortDatabase If
/// change is localy significant it is required to do it in the constructor of
/// ApplicationRecognizer which is called before ConversationTracker it self.
/// </summary>
public ApplicationRecognizerDefault(NBARProtocolPortDatabase nbarProtocolPortDatabase, ApplicationRecognizerNBAR applicationRecognizerNBAR, ApplicationRecognizerRTP applicationRecognizerRTP) : base(nbarProtocolPortDatabase)
{
this.ApplicationRecognizerNBAR = applicationRecognizerNBAR;
this.ApplicationRecognizerRTP = applicationRecognizerRTP;
}