public NetworkTcpSession(Packets.TcpPacket tcpSynPacket, NetworkHost clientHost, NetworkHost serverHost, ISessionProtocolFinderFactory protocolFinderFactory)
{
if (tcpSynPacket.FlagBits.Synchronize) //It's normal to start the session with a SYN flag
{
FiveTuple fiveTuple = new FiveTuple(clientHost, tcpSynPacket.SourcePort, serverHost, tcpSynPacket.DestinationPort, FiveTuple.TransportProtocol.TCP);
this.flow = new NetworkFlow(fiveTuple, tcpSynPacket.ParentFrame.Timestamp, tcpSynPacket.ParentFrame.Timestamp, 0, 0);
//this.synPacketTimestamp=tcpSynPacket.ParentFrame.Timestamp;
//this.clientHost=clientHost;
//this.serverHost=serverHost;
//this.clientTcpPort=tcpSynPacket.SourcePort;
//this.serverTcpPort=tcpSynPacket.DestinationPort;
this.synPacketReceived = false;
this.synAckPacketReceived = false;
this.finPacketReceived = false;
this.clientToServerFinPacketSequenceNumber = UInt32.MaxValue;
this.serverToClientFinPacketSequenceNumber = UInt32.MaxValue;
this.sessionEstablished = false;
this.sessionClosed = false;
this.startFrameNumber = tcpSynPacket.ParentFrame.FrameNumber;
this.clientToServerTcpDataStream = null;
this.serverToClientTcpDataStream = null;
this.protocolFinder = protocolFinderFactory.CreateProtocolFinder(this.flow, this.startFrameNumber);
}
else
{
throw new Exception("SYN flag not set on TCP packet");
}
}
/// <summary>
/// Creates a truncated TCP session where the initial 3 way handshake is missing
/// </summary>
/// <param name="sourceHost"></param>
/// <param name="destinationHost"></param>
/// <param name="tcpPacket"></param>
internal NetworkTcpSession(NetworkHost sourceHost, NetworkHost destinationHost, Packets.TcpPacket tcpPacket, ISessionProtocolFinderFactory protocolFinderFactory)
{
//this part is used to create a cropped (truncated) session where the beginning is missing!
this.synPacketTimestamp = tcpPacket.ParentFrame.Timestamp;
this.synPacketReceived = true;
this.synAckPacketReceived = true;
this.finPacketReceived = false;
this.sessionEstablished = false;//I will change this one soon,...
this.sessionClosed = false;
this.startFrameNumber = tcpPacket.ParentFrame.FrameNumber;
this.clientToServerTcpDataStream = null;
this.serverToClientTcpDataStream = null;
//now let's do a qualified guess of who is the server and who is client...
System.Collections.Generic.List <ApplicationLayerProtocol> serverToClientProtocols = new List <ApplicationLayerProtocol>(TcpPortProtocolFinder.GetProbableApplicationLayerProtocols(tcpPacket.SourcePort, tcpPacket.DestinationPort));
System.Collections.Generic.List <ApplicationLayerProtocol> clientToServerProtocols = new List <ApplicationLayerProtocol>(TcpPortProtocolFinder.GetProbableApplicationLayerProtocols(tcpPacket.DestinationPort, tcpPacket.SourcePort));
if (serverToClientProtocols.Count > 0) //server -> client
{
this.clientHost = destinationHost;
this.serverHost = sourceHost;
this.clientTcpPort = tcpPacket.DestinationPort;
this.serverTcpPort = tcpPacket.SourcePort;
this.SetEstablished(tcpPacket.AcknowledgmentNumber, tcpPacket.SequenceNumber);
}
else if (clientToServerProtocols.Count > 0) //client -> server
{
this.clientHost = sourceHost;
this.serverHost = destinationHost;
this.clientTcpPort = tcpPacket.SourcePort;
this.serverTcpPort = tcpPacket.DestinationPort;
this.SetEstablished(tcpPacket.SequenceNumber, tcpPacket.AcknowledgmentNumber);
}
else if (tcpPacket.SourcePort < tcpPacket.DestinationPort)//server -> client
{
this.clientHost = destinationHost;
this.serverHost = sourceHost;
this.clientTcpPort = tcpPacket.DestinationPort;
this.serverTcpPort = tcpPacket.SourcePort;
this.SetEstablished(tcpPacket.AcknowledgmentNumber, tcpPacket.SequenceNumber);
}
else //client -> server
{
this.clientHost = sourceHost;
this.serverHost = destinationHost;
this.clientTcpPort = tcpPacket.SourcePort;
this.serverTcpPort = tcpPacket.DestinationPort;
this.SetEstablished(tcpPacket.SequenceNumber, tcpPacket.AcknowledgmentNumber);
}
this.protocolFinder = protocolFinderFactory.CreateProtocolFinder(this.clientHost, this.serverHost, this.clientTcpPort, this.serverTcpPort, true, this.startFrameNumber, this.synPacketTimestamp);
}
internal IEnumerable <AbstractPacket> GetSubPackets(bool includeSelfReference, ISessionProtocolFinder protocolFinder, bool clientToServer)
{
if (includeSelfReference)
{
yield return(this);
}
if (this.PayloadDataLength > 0)
{
AbstractPacket packet = null;
if (protocolFinder.GetConfirmedApplicationLayerProtocol() != ApplicationLayerProtocol.Unknown)
{
try {
packet = this.GetProtocolPacket(protocolFinder.GetConfirmedApplicationLayerProtocol(), clientToServer);
}
catch (Exception e) {
SharedUtils.Logger.Log("Error parsing frame " + this.ParentFrame.FrameNumber + " as " + protocolFinder.GetConfirmedApplicationLayerProtocol() + " packet: " + e.Message, SharedUtils.Logger.EventLogEntryType.Error);
packet = null;
}
}
if (packet == null)
{
foreach (ApplicationLayerProtocol protocol in protocolFinder.GetProbableApplicationLayerProtocols())
{
try {
packet = this.GetProtocolPacket(protocol, clientToServer);
if (packet != null)
{
protocolFinder.SetConfirmedApplicationLayerProtocol(protocol, true);
break;
}
}
catch (Exception e) {
SharedUtils.Logger.Log("Unable to parse frame " + this.ParentFrame.FrameNumber + " as " + protocol + " packet: " + e.Message, SharedUtils.Logger.EventLogEntryType.Warning);
packet = null;
}
}
}
if (packet == null)
{
packet = new RawPacket(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex);
}
yield return(packet);
foreach (AbstractPacket subPacket in packet.GetSubPackets(false))
{
yield return(subPacket);
}
}
}
internal IEnumerable <AbstractPacket> GetSubPackets(bool includeSelfReference, ISessionProtocolFinder protocolFinder, bool clientToServer)
{
if (includeSelfReference)
{
yield return(this);
}
if (PacketStartIndex + dataOffsetByteCount < PacketEndIndex)
{
AbstractPacket packet = null;
if (protocolFinder.GetConfirmedApplicationLayerProtocol() != ApplicationLayerProtocol.Unknown)
{
try {
packet = this.GetProtocolPacket(protocolFinder.GetConfirmedApplicationLayerProtocol(), clientToServer);
}
catch { }
}
if (packet == null)
{
foreach (ApplicationLayerProtocol protocol in protocolFinder.GetProbableApplicationLayerProtocols())
{
try {
packet = this.GetProtocolPacket(protocol, clientToServer);
if (packet != null)
{
protocolFinder.SetConfirmedApplicationLayerProtocol(protocol, true);
break;
}
/*
* if (protocol == ApplicationLayerProtocol.Dns) {
* packet = new DnsPacket(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex);
* protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Dns;
* break;
* }
* else if (protocol == ApplicationLayerProtocol.FtpControl) {
* if (FtpPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, clientToServer, out packet)) {
* protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.FtpControl;
* break;
* }
* }
* else if (protocol == ApplicationLayerProtocol.Http) {
* if (HttpPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet)) {
* protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Http;
* break;
* }
* }
* else if (protocol == ApplicationLayerProtocol.Irc) {
* if (IrcPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet)) {
* protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Irc;
* break;
* }
* }
* else if (protocol == ApplicationLayerProtocol.IEC_104) {
* if (IEC_60870_5_104Packet.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet)) {
* protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.IEC_104;
* break;
* }
* }
* else if (protocol == ApplicationLayerProtocol.Imap) {
* packet = new ImapPacket(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, clientToServer);
* protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Imap;
* break;
* }
* else if (protocol == ApplicationLayerProtocol.ModbusTCP) {
* if (ModbusTcpPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, this.sourcePort, this.destinationPort, out packet)) {
* protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.ModbusTCP;
* break;
* }
* }
* else if (protocol == ApplicationLayerProtocol.NetBiosNameService) {
* packet = new NetBiosNameServicePacket(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex);
* protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.NetBiosNameService;
* break;
* }
* else if (protocol == ApplicationLayerProtocol.NetBiosSessionService) {
* //if (NetBiosSessionService.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet)) {
* if (NetBiosSessionService.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, this.sourcePort, this.destinationPort, out packet)) {
* //packet = new NetBiosSessionService(ParentFrame, PacketStartIndex+dataOffsetByteCount, PacketEndIndex, false);
* protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.NetBiosSessionService;
* break;
* }
* }
* else if (protocol == ApplicationLayerProtocol.OpenFlow) {
* if (OpenFlowPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet)) {
* protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.OpenFlow;
* break;
* }
* }
* else if (protocol == ApplicationLayerProtocol.Oscar) {
* if (OscarPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet)) {
* protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Oscar;
* break;
* }
* }
* else if (protocol == ApplicationLayerProtocol.OscarFileTransfer) {
* if (OscarFileTransferPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet)) {
* protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.OscarFileTransfer;
* break;
* }
* }
* else if (protocol == ApplicationLayerProtocol.Pop3) {
* packet = new Pop3Packet(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, clientToServer);
* protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Pop3;
* break;
* }
* else if (protocol == ApplicationLayerProtocol.Smtp) {
* packet = new SmtpPacket(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, clientToServer);
* protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Smtp;
* break;
* }
* else if (protocol == ApplicationLayerProtocol.Socks) {
* if (SocksPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, clientToServer, out packet)) {
* protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Socks;
* break;
* }
* }
* else if (protocol == ApplicationLayerProtocol.SpotifyServerProtocol) {
* if (SpotifyKeyExchangePacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, clientToServer, out packet)) {
* protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.SpotifyServerProtocol;
* break;
* }
* }
* else if (protocol == ApplicationLayerProtocol.Ssh) {
* if (SshPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet)) {
* protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Ssh;
* break;
* }
* }
* else if (protocol == ApplicationLayerProtocol.Ssl) {
* if (SslPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet)) {
* protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Ssl;
* break;
* }
* }
* else if (protocol == ApplicationLayerProtocol.TabularDataStream) {
* packet = new TabularDataStreamPacket(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex);
* protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.TabularDataStream;
* break;
* }
* else if (protocol == ApplicationLayerProtocol.Tpkt) {
* if (TpktPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, this, out packet)) {
* protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Tpkt;
* break;
* }
* }*/
}
catch (Exception) {
packet = null;
}
}
}
if (packet == null)
{
packet = new RawPacket(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex);
}
yield return(packet);
foreach (AbstractPacket subPacket in packet.GetSubPackets(false))
{
yield return(subPacket);
}
}
}
/// <summary>
/// Creates a truncated TCP session where the initial 3 way handshake is missing
/// </summary>
/// <param name="sourceHost"></param>
/// <param name="destinationHost"></param>
/// <param name="tcpPacket"></param>
public NetworkTcpSession(NetworkHost sourceHost, NetworkHost destinationHost, Packets.TcpPacket tcpPacket, ISessionProtocolFinderFactory protocolFinderFactory, Func <DateTime, string> toCustomTimeZoneStringFunction)
{
//this part is used to create a cropped (truncated) session where the beginning is missing!
//this.synPacketTimestamp=tcpPacket.ParentFrame.Timestamp;
this.toCustomTimeZoneStringFunction = toCustomTimeZoneStringFunction;
this.synPacketReceived = true;
this.synAckPacketReceived = true;
this.finPacketReceived = false;
this.sessionEstablished = false;//I will change this one soon,...
this.sessionClosed = false;
this.startFrameNumber = tcpPacket.ParentFrame.FrameNumber;
this.clientToServerTcpDataStream = null;
this.serverToClientTcpDataStream = null;
//now let's do a qualified guess of who is the server and who is client...
FiveTuple fiveTuple;
System.Collections.Generic.List <ApplicationLayerProtocol> sourcePortProtocols = new List <ApplicationLayerProtocol>(TcpPortProtocolFinder.GetProbableApplicationLayerProtocols(tcpPacket.SourcePort, tcpPacket.SourcePort));
System.Collections.Generic.List <ApplicationLayerProtocol> destinationPortProtocols = new List <ApplicationLayerProtocol>(TcpPortProtocolFinder.GetProbableApplicationLayerProtocols(tcpPacket.DestinationPort, tcpPacket.DestinationPort));
if (sourcePortProtocols.Count > destinationPortProtocols.Count) //packet is server -> client
//this.clientHost=destinationHost;
//this.serverHost=sourceHost;
//this.clientTcpPort=tcpPacket.DestinationPort;
//this.serverTcpPort=tcpPacket.SourcePort;
{
fiveTuple = new FiveTuple(destinationHost, tcpPacket.DestinationPort, sourceHost, tcpPacket.SourcePort, FiveTuple.TransportProtocol.TCP);
this.flow = new NetworkFlow(fiveTuple, tcpPacket.ParentFrame.Timestamp, tcpPacket.ParentFrame.Timestamp, 0, 0);
this.SetEstablished(tcpPacket.AcknowledgmentNumber, tcpPacket.SequenceNumber);
}
else if (destinationPortProtocols.Count > 0) //packet is client -> server
//this.clientHost=sourceHost;
//this.serverHost=destinationHost;
//this.clientTcpPort=tcpPacket.SourcePort;
//this.serverTcpPort=tcpPacket.DestinationPort;
{
fiveTuple = new FiveTuple(sourceHost, tcpPacket.SourcePort, destinationHost, tcpPacket.DestinationPort, FiveTuple.TransportProtocol.TCP);
this.flow = new NetworkFlow(fiveTuple, tcpPacket.ParentFrame.Timestamp, tcpPacket.ParentFrame.Timestamp, 0, 0);
this.SetEstablished(tcpPacket.SequenceNumber, tcpPacket.AcknowledgmentNumber);
}
else if (tcpPacket.SourcePort < tcpPacket.DestinationPort)//packet is server -> client
//this.clientHost=destinationHost;
//this.serverHost=sourceHost;
//this.clientTcpPort=tcpPacket.DestinationPort;
//this.serverTcpPort=tcpPacket.SourcePort;
{
fiveTuple = new FiveTuple(destinationHost, tcpPacket.DestinationPort, sourceHost, tcpPacket.SourcePort, FiveTuple.TransportProtocol.TCP);
this.flow = new NetworkFlow(fiveTuple, tcpPacket.ParentFrame.Timestamp, tcpPacket.ParentFrame.Timestamp, 0, 0);
this.SetEstablished(tcpPacket.AcknowledgmentNumber, tcpPacket.SequenceNumber);
}
else //packet is client -> server
//this.clientHost=sourceHost;
//this.serverHost=destinationHost;
//this.clientTcpPort=tcpPacket.SourcePort;
//this.serverTcpPort=tcpPacket.DestinationPort;
{
fiveTuple = new FiveTuple(sourceHost, tcpPacket.SourcePort, destinationHost, tcpPacket.DestinationPort, FiveTuple.TransportProtocol.TCP);
this.flow = new NetworkFlow(fiveTuple, tcpPacket.ParentFrame.Timestamp, tcpPacket.ParentFrame.Timestamp, 0, 0);
this.SetEstablished(tcpPacket.SequenceNumber, tcpPacket.AcknowledgmentNumber);
}
this.protocolFinder = protocolFinderFactory.CreateProtocolFinder(this.flow, this.startFrameNumber);
}
internal IEnumerable <AbstractPacket> GetSubPackets(bool includeSelfReference, ISessionProtocolFinder protocolFinder, bool clientToServer)
{
if (includeSelfReference)
{
yield return(this);
}
if (PacketStartIndex + dataOffsetByteCount < PacketEndIndex)
{
AbstractPacket packet = null;
foreach (ApplicationLayerProtocol protocol in protocolFinder.GetProbableApplicationLayerProtocols())
{
try{
if (protocol == ApplicationLayerProtocol.Dns)
{
packet = new DnsPacket(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex);
protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Dns;
break;
}
else if (protocol == ApplicationLayerProtocol.FtpControl)
{
if (FtpPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, clientToServer, out packet))
{
protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.FtpControl;
break;
}
}
else if (protocol == ApplicationLayerProtocol.Http)
{
if (HttpPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet))
{
protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Http;
break;
}
}
else if (protocol == ApplicationLayerProtocol.Irc)
{
if (IrcPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet))
{
protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Irc;
break;
}
}
else if (protocol == ApplicationLayerProtocol.IEC_104)
{
if (IEC_60870_5_104Packet.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet))
{
protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.IEC_104;
break;
}
}
else if (protocol == ApplicationLayerProtocol.NetBiosNameService)
{
packet = new NetBiosNameServicePacket(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex);
protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.NetBiosNameService;
break;
}
else if (protocol == ApplicationLayerProtocol.NetBiosSessionService)
{
if (NetBiosSessionService.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet))
{
//packet = new NetBiosSessionService(ParentFrame, PacketStartIndex+dataOffsetByteCount, PacketEndIndex, false);
protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.NetBiosSessionService;
break;
}
}
else if (protocol == ApplicationLayerProtocol.Oscar)
{
if (OscarPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet))
{
protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Oscar;
break;
}
}
else if (protocol == ApplicationLayerProtocol.OscarFileTransfer)
{
if (OscarFileTransferPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet))
{
protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.OscarFileTransfer;
break;
}
}
else if (protocol == ApplicationLayerProtocol.Smtp)
{
packet = new SmtpPacket(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, clientToServer);
protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Smtp;
break;
}
else if (protocol == ApplicationLayerProtocol.SpotifyServerProtocol)
{
if (SpotifyKeyExchangePacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, clientToServer, out packet))
{
protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.SpotifyServerProtocol;
break;
}
}
else if (protocol == ApplicationLayerProtocol.Ssh)
{
if (SshPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet))
{
protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Ssh;
break;
}
}
else if (protocol == ApplicationLayerProtocol.Ssl)
{
if (SslPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet))
{
protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Ssl;
break;
}
}
else if (protocol == ApplicationLayerProtocol.TabularDataStream)
{
packet = new TabularDataStreamPacket(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex);
protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.TabularDataStream;
break;
}
}
catch (Exception) {
packet = null;
}
}
if (packet == null)
{
packet = new RawPacket(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex);
}
yield return(packet);
foreach (AbstractPacket subPacket in packet.GetSubPackets(false))
{
yield return(subPacket);
}
}
}