public void PacketDispatcher(PcapDotNet.Packets.Packet packet) { Common.PacketData pdata = new Common.PacketData(packet); if (!NetworkFirewall.TestIncoming(pdata)) { return; } Task.Run(() => { switch (pdata.Type) { case PacketType.Arp: Arp.OnReceivePacket(pdata); break; case PacketType.Icmp: Icmp.OnReceivePacket(pdata); break; case PacketType.Dns: Dns.OnReceivePacket(pdata); break; case PacketType.Tcp: Tcp.OnReceivePacket(pdata); break; case PacketType.Http: Tcp.OnReceivePacket(pdata); break; } }); }
public override void OnReceivePacket(Common.PacketData pdata) { var ip = pdata.Packet.Ethernet.IpV4; var tcp = ip.Tcp; var destPort = tcp.DestinationPort; var destIp = new Common.IPv4Address(ip.Destination.ToString()); Sessions[destPort].AddPacketToQueue(pdata); }
public void AddPacketToQueue(Common.PacketData pdata) { if (Queue.Count == 0) { HandlePacket(pdata); } else { Queue.Enqueue(pdata); } }
public override bool TestOutgoing(Common.PacketData pdata) { if (ServiceRules.ContainsKey(pdata.Type)) { bool result = ServiceRules[pdata.Type].AllowOutgoing; LogPacket(result, false, pdata.Type); return(result); } else { LogPacket(DefaultResultOutgoing, false, pdata.Type); return(DefaultResultOutgoing); } }
public void HandlePacket(Common.PacketData pdata) { var ip = pdata.Packet.Ethernet.IpV4; var tcp = ip.Tcp; if (State == TcpState.SYN_SENT) { if (tcp.IsSynchronize && tcp.IsAcknowledgment) { // BAM. SYN-ACK received, TCP handshake complete after we send // this ACK State = TcpState.ESTABLISHED; AcknowledgementNumber = tcp.SequenceNumber + 1; SequenceNumber++; SendAck(); } else { // BAD. Nothing to do here, becuase they are stupid. } } else if (State == TcpState.ESTABLISHED) { if (tcp.PayloadLength != 0) { AcknowledgementNumber += (uint)tcp.PayloadLength; PacketReceived(pdata); SendAck(); } if (tcp.IsFin) { CloseConnection(); } } if (Queue.Count != 0) { Common.PacketData p = null; Queue.TryDequeue(out p); if (p != null) { HandlePacket(p); } } }
public override void OnReceivePacket(Common.PacketData pdata) { var packet = pdata.Packet; var fromIP = new Common.IPv4Address(packet.Ethernet.IpV4.Source.ToString()); var toIP = new Common.IPv4Address(packet.Ethernet.IpV4.Destination.ToString()); var ipv4 = packet.Ethernet.IpV4; var icmp = ipv4.Icmp; // Is this an echo request to our IP? if (icmp.MessageType == PcapDotNet.Packets.Icmp.IcmpMessageType.Echo && toIP.AsString == _client.Configuration.IpAddress.AsString) { SendIcmpReplyPacket(packet); } else if (icmp.MessageType == IcmpMessageType.EchoReply && CurrentPings.ContainsKey((packet.Ethernet.IpV4.Icmp as IcmpEchoReplyDatagram).Identifier)) { var reply = packet.Ethernet.IpV4.Icmp as IcmpEchoReplyDatagram; var request = CurrentPings[reply.Identifier]; PingResult result = new PingResult(packet, pdata.TimeStamp, request); result.Bytes = request.Bytes; request.Callback(result); } else if (icmp.MessageType == IcmpMessageType.TimeExceeded) { var reply = packet.Ethernet.IpV4.Icmp as IcmpTimeExceededDatagram; var replyEcho = reply.IpV4.Icmp as IcmpEchoDatagram; var request = CurrentPings[replyEcho.Identifier]; PingResult result = new PingResult(PingResultType.TtlExpired); result.RespondingHost = fromIP; result.Response = (int)(DateTime.Now - request.TimeStamp).TotalMilliseconds; request.Callback(result); } else if (icmp.MessageType == IcmpMessageType.DestinationUnreachable) { var reply = packet.Ethernet.IpV4.Icmp as IcmpDestinationUnreachableDatagram; var replyEcho = reply.IpV4.Icmp as IcmpDestinationUnreachableDatagram; //var request = CurrentPings[replyEcho.Identifier]; //PingResult result = new PingResult(PingResultType.DestinationHostUnreachable); //result.RespondingHost = fromIP; //result.Response = (int)(DateTime.Now - request.TimeStamp).TotalMilliseconds; //request.Callback(result); } }
public override void OnReceivePacket(Common.PacketData pdata) { var packet = pdata.Packet; var arp = packet.Ethernet.Arp; var senderMac = new Common.MacAddress(arp.SenderHardwareAddress.ToArray()); var destMac = new Common.MacAddress(arp.TargetHardwareAddress.ToArray()); var senderIp = new Common.IPv4Address(arp.SenderProtocolAddress.ToArray()); var destIp = new Common.IPv4Address(arp.TargetProtocolAddress.ToArray()); // We can cache their MAC and IP if (AcceptGratuitousReplies || destMac.AsString != Common.MacAddress.Broadcast.AsString) { ArpCache.AddOrUpdate(senderIp.AsString, new ArpCacheEntry() { Mac = senderMac, Ip = senderIp, Type = ArpEntryType.Dynamic, Expiration = GetNextExpirationTime(), }, (str, myarp) => myarp); if (arp.Operation == ArpOperation.Reply) { TryFireArpReplyReceied(senderIp, senderMac); } // Fire the Cache Changed event TryFireArpCacheChanged(); } // If it is a request for our IP, respond if (arp.Operation == ArpOperation.Request && destIp.AsString == _client.Configuration.IpAddress.AsString) { // Send Reply Packet SendArpReplyPacket(senderIp); } }
public abstract void OnReceivePacket(Common.PacketData packet);
public override void OnReceivePacket(Common.PacketData packet) { var udp = packet.Packet.Ethernet.IpV4.Udp; ushort destPort = udp.DestinationPort; var dns = udp.Dns; string domain = ""; try { if (dns.Answers[0].DnsType == DnsType.Ptr) { domain = dns.Queries[0].DomainName.ToString(); } else { domain = dns.Answers[0].DomainName.ToString(); } } catch { return; } domain = domain.Trim('.').ToLower(); string hashVal = domain + ":" + destPort.ToString(); Dictionary <string, DnsEntry> temp = new Dictionary <string, DnsEntry>(); if (PendingRequests.Contains(hashVal)) { PendingRequests.Remove(hashVal); foreach (DnsDataResourceRecord record in dns.Answers) { if (record.DnsType == DnsType.Ns) { string nsvalue = (record.Data as DnsResourceDataDomainName).Data.ToString().ToLower().Trim('.'); string domainname = record.DomainName.ToString().Trim('.'); if (temp.ContainsKey(domainname)) { ((NSRecord)temp[domainname]).Nameservers.Add(nsvalue); } else { temp.Add(domainname, new NSRecord(domain, record.Ttl, nsvalue)); } } else if (record.DnsType == DnsType.Ptr) { string newdata = (record.Data as DnsResourceDataDomainName).Data.ToString().ToLower().Trim('.'); string domainname = record.DomainName.ToString().Trim('.'); domainname = domainname.Remove(domainname.Length - 13, 13); domainname = (new Common.IPv4Address(new Common.IPv4Address(domainname).AsReverseString).AsString); if (temp.ContainsKey(domainname)) { ((PTRRecord)temp[domainname]).Domain = newdata; } else { temp.Add(domainname, new PTRRecord(newdata, record.Ttl, new Common.IPv4Address(domainname))); } } else if (record.DnsType == DnsType.A) { string ipvalue = (record.Data as DnsResourceDataIpV4).Data.ToString().ToLower().Trim('.'); string domainname = record.DomainName.ToString().Trim('.'); if (temp.ContainsKey(domainname)) { ((ARecord)temp[domainname]).IPs.Add(new Common.IPv4Address(ipvalue)); } else { temp.Add(domainname, new ARecord(domain, record.Ttl, new Common.IPv4Address(ipvalue))); } } else if (record.DnsType == DnsType.MailExchange) { var mx = (record.Data as DnsResourceDataMailExchange); string host = mx.MailExchangeHost.ToString(); int level = mx.Preference; string domainname = record.DomainName.ToString().Trim('.'); if (temp.ContainsKey(domainname)) { ((MXRecord)temp[domainname]).MailHosts.Add(new MXRecordRow(domainname, level, record.Ttl)); } else { temp.Add(domainname, new MXRecord(record.DomainName.ToString().Trim('.'), record.Ttl, new MXRecordRow(host, level, record.Ttl))); } } else if (record.DnsType == DnsType.CName) { var cnam = (record.Data as DnsResourceDataDomainName).Data.ToString().Trim('.'); string cnamdomain = record.DomainName.ToString().Trim('.'); if (temp.ContainsKey(cnamdomain)) { ((CNAMERecord)temp[cnamdomain]).AliasTarget = cnam; } else { temp.Add(cnamdomain, new CNAMERecord(cnamdomain, record.Ttl, cnam)); } } } } foreach (KeyValuePair <string, DnsEntry> pair in temp) { DnsCache.AddOrUpdate(pair.Key + " " + pair.Value.Type.ToString(), pair.Value, (a, b) => b); } }
public abstract override void OnReceivePacket(Common.PacketData pdata);
public abstract bool TestOutgoing(Common.PacketData pdata);
public abstract bool TestIncoming(Common.PacketData pdata);