public void StartAnalysisThread()
{
MatchedPayloadBuf = Unpooled.Buffer();
new Thread(() =>
{
while (Frm.Device.Started)
{
try
{
while (MatchedPayloadBuf.IsReadable())
{
if (IsAndroidQQProtocol(MatchedPayloadBuf))
{
string orientation = (MatchedPayloadBuf.GetInt(MatchedPayloadBuf.ReaderIndex + 9) == 0) ? "Recv" : "Send";
int pkg_len = MatchedPayloadBuf.GetInt(MatchedPayloadBuf.ReaderIndex);
byte[] pkg_payload = new byte[pkg_len];
if (MatchedPayloadBuf.ReadableBytes >= pkg_payload.Length)
{
MatchedPayloadBuf.ReadBytes(pkg_payload, 0, pkg_payload.Length);
AppendPacketLogItems(orientation, pkg_payload);
MatchedPayloadBuf.DiscardReadBytes();
}
}
else if (MatchedPayloadBuf.ReadableBytes >= 9)
{
MatchedPayloadBuf.ReadBytes(9);
}
else
{
Thread.Sleep(1000);
}
}
}
catch (Exception ex)
{
Logger.Error(ex, ex.Message);
}
Thread.Sleep(1000);
}
Logger.Info("The analysis thread has stopped.");
MatchedSrcIp = null;
MatchedDstIp = null;
MatchedSrcPort = null;
MatchedDstPort = null;
MatchedPayloadBuf.SafeRelease();
}).Start();
}
public void ProcessPackets(TcpPacket tcpPacket)
{
IPPacket ipPacket = (IPPacket)tcpPacket.ParentPacket;
IPAddress srcIp = ipPacket.SourceAddress;
IPAddress dstIp = ipPacket.DestinationAddress;
int srcPort = tcpPacket.SourcePort;
int dstPort = tcpPacket.DestinationPort;
if (tcpPacket.PayloadData.Length == 0 || tcpPacket.PayloadData == ZERO_BYTES)
{
return;
}
if (MatchedDstIp == null)
{
//首次捕获
IByteBuffer buf = Unpooled.WrappedBuffer(tcpPacket.PayloadData);
try
{
if (IsAndroidQQProtocol(buf))
{
MatchedPayloadBuf.WriteBytes(tcpPacket.PayloadData);
MatchedSrcIp = srcIp.ToString();
MatchedDstIp = dstIp.ToString();
MatchedSrcPort = srcPort.ToString();
MatchedDstPort = dstPort.ToString();
}
}
finally
{
buf.SafeRelease();
}
}
else
{
if (srcIp.ToString() == MatchedDstIp || dstIp.ToString() == MatchedDstIp)
{
MatchedPayloadBuf.WriteBytes(tcpPacket.PayloadData);
}
}
}
