public static void Trace(Packet packet, PacketMonitorForm PacketMonitor) { IpPacket ipPacket = null; TcpPacket tcpPacket = null; try { ipPacket = PacketDotNet.IpPacket.GetEncapsulated(packet); if (ipPacket == null || ipPacket.Version == IpVersion.IPv6) { return; } tcpPacket = PacketDotNet.TcpPacket.GetEncapsulated(packet); if (tcpPacket == null) { return; } long Key = ipPacket.SourceAddress.Address + tcpPacket.SourcePort + ipPacket.DestinationAddress.Address + tcpPacket.AcknowledgmentNumber; if (isReassembledPacketOfPostRequest(ipPacket, tcpPacket)) { PacketReassemble(Key, tcpPacket); MailList[Key].TimeToLive = 0; // Var_PushFlag == true 表示資料都已經擷取完全 if (MailList[Key].Var_PushFlag == true) { var Mail = MailList[Key]; foreach (var Data in Mail.PostRequestDataList) { Mail.PostRequestData += new string(Data); } foreach (var Data in Mail.VarDataList) { Mail.VarData += new string(Data); } DoSomething(Mail, PacketMonitor); MailList.Remove(Key); } } else if (isPostRequest(tcpPacket)) { MailList.Add(Key, new HttpMail(ipPacket, tcpPacket)); } else { return; } AddMailLiveTime(); } catch { Console.WriteLine(); return; } }
public static void Trace(Packet packet) { IpPacket ipPacket = null; TcpPacket tcpPacket = null; try { ipPacket = PacketDotNet.IPv4Packet.GetEncapsulated(packet); if (ipPacket == null) { return; } tcpPacket = PacketDotNet.TcpPacket.GetEncapsulated(packet); if (tcpPacket == null) { return; } } catch { Console.WriteLine(); return; } bool _isSend; if (isMailPort(tcpPacket, out _isSend)) { // analyze whether the mail session is exist. if (!MailList.ContainsKey(tcpPacket.SourcePort + tcpPacket.DestinationPort)) { MailTrace _MailTrace = new MailTrace(ipPacket.SourceAddress, ipPacket.DestinationAddress, tcpPacket.SourcePort, tcpPacket.DestinationPort, _isSend); _MailTrace.PcapFileWriter.Write(packet.Bytes); MailList.Add(tcpPacket.SourcePort + tcpPacket.DestinationPort, _MailTrace); return; } // the mail session has exist and write it into pcap file. MailList[tcpPacket.SourcePort + tcpPacket.DestinationPort].PcapFileWriter.Write(packet.Bytes); if (MailList[tcpPacket.SourcePort + tcpPacket.DestinationPort].MailEnd == true) { MailList.Remove(tcpPacket.SourcePort + tcpPacket.DestinationPort); } if (tcpPacket.Fin == true) // the fin flag means the session will be disconnected. First is from Server and Second is from client. { MailList[tcpPacket.SourcePort + tcpPacket.DestinationPort].PacketFlagFinCount++; if (MailList[tcpPacket.SourcePort + tcpPacket.DestinationPort].PacketFlagFinCount == 2) { MailList[tcpPacket.SourcePort + tcpPacket.DestinationPort].MailEnd = true; } } } }
// 增加每個Mail資料的生存次數,當大於 MailLiveTime 時則從 MailList刪去 private static void AddMailLiveTime() { List <long> Keys = new List <long>(); foreach (var Mail in MailList) { Mail.Value.TimeToLive += 1; if (Mail.Value.TimeToLive >= MailLiveTime) { Keys.Add(Mail.Key); } } foreach (var Key in Keys) { MailList.Remove(Key); } }