public void Test()
{
connectionStatistics.OnMeasurementFound += HandleConnectionStatisticsOnMeasurementFound;
connectionStatistics.OnMeasurementEvent += HandleConnectionStatisticsOnMeasurementEvent;
captureFilename = capturePre + captureFN;
// open the offline file
var dev = new CaptureFileReaderDevice(captureFilename);
dev.Open();
Assert.True(dev != null, "failed to open " + captureFilename);
var tcpConnectionManager = new TcpConnectionManager();
tcpConnectionManager.OnConnectionFound += HandleTcpConnectionManagerOnConnectionFound;
RawCapture rawCapture;
while ((rawCapture = dev.GetNextPacket()) != null)
{
var p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data);
var tcpPacket = p.Extract <TcpPacket>();
if (tcpPacket != null)
{
// Console.WriteLine("{0}", tcpPacket.ToString());
tcpConnectionManager.ProcessPacket(rawCapture.Timeval, tcpPacket);
}
}
}
private void device_OnPacketArrival(object sender, CaptureEventArgs e)
{
var packet = Packet.ParsePacket(e.Packet.LinkLayerType,
e.Packet.Data);
var tcpPacket = packet.Extract <TcpPacket>();
if (tcpPacket == null || tcpPacket.PayloadData.Length == 0)
{
return;
}
//var dest = tcpPacket.SourcePort == Constants.LOGIN_PORT ? PacketDirection.ServerToClient : PacketDirection.ClientToServer;
//var data = new byte[tcpPacket.PayloadData.Length];
//tcpPacket.PayloadData.CopyTo(data, 0);
//var logAddr = $"{dest} Data: {BitConverter.ToString(data)}";
//Logger.LogInformation(logAddr);
//Crypt.Decrypt(data, 2, data.Length - 2);
//if(data[2] == 0 && Crypt.IsInitial)
//{
// Logger.LogInformation($"{dest} BXOR Data: {BitConverter.ToString(data)}");
// Crypt.DecXORPass(data);
// var init = new Init(new System.IO.MemoryStream(data));
// Crypt.SetKey(init.BlowFishKey);
//}
//Logger.LogInformation($"{dest} DEC Data: {BitConverter.ToString(data)}");
//var ipv4Packet = packet.Extract<IPv4Packet>();
ConnectionManager.ProcessPacket(e.Packet.Timeval, tcpPacket);
}
private void ProcessPackets(ICaptureDevice dev,
TcpConnectionManager tcpConnectionManager)
{
// reset the expected message index at the start of the test run
expectedMessageIndex = 0;
GetPacketStatus status;
PacketCapture e;
while ((status = dev.GetNextPacket(out e)) == GetPacketStatus.PacketRead)
{
var rawCapture = e.GetPacket();
var p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data);
var tcpPacket = p.Extract <TcpPacket>();
// skip non-tcp packets, http is a tcp based protocol
if (p == null)
{
continue;
}
log.Debug("passing packet to TcpConnectionManager");
tcpConnectionManager.ProcessPacket(rawCapture.Timeval,
tcpPacket);
}
// did we get all of the messages?
Assert.Equal(expectedMessages.Count, expectedMessageIndex);
}
public void TestCallbacks()
{
log4net.Config.XmlConfigurator.Configure(LogManager.GetRepository(Assembly.GetCallingAssembly()));
TcpConnectionManager connectionManager = new TcpConnectionManager();
connectionManager.OnConnectionFound += HandleConnectionManagerOnConnectionFound;
incomingGenerators = new List <TcpStreamGenerator>();
// outgoingGenerators = new List<TcpStreamGenerator>();
// open the offline file
var dev = new CaptureFileReaderDevice(captureFilename);
dev.Open();
Assert.True(dev != null, "failed to open " + captureFilename);
RawCapture rawCapture;
while ((rawCapture = dev.GetNextPacket()) != null)
{
var p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data);
var tcpPacket = p.Extract <TcpPacket>();
Console.WriteLine("tcpPacket.PayloadData.Length {0}", tcpPacket.PayloadData.Length);
connectionManager.ProcessPacket(rawCapture.Timeval, tcpPacket);
}
dev.Close();
int expectedCallbackCount = 5;
Assert.Equal(expectedCallbackCount, callbackCount);
}
/// <summary>
/// Prints the time and length of each received packet
/// </summary>
private static void device_OnPacketArrival(object sender, CaptureEventArgs e)
{
PacketCount++;
var p = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
var tcpPacket = p.Extract <TcpPacket>();
if (tcpPacket != null)
{
log.Debug("passing packet to TcpConnectionManager");
tcpConnectionManager.ProcessPacket(e.Packet.Timeval,
tcpPacket);
}
}
public void ConnectionCreation()
{
// store the logging value
var oldThreshold = LoggingConfiguration.GlobalLoggingLevel;
// disable logging to improve performance
LoggingConfiguration.GlobalLoggingLevel = log4net.Core.Level.Off;
string captureFN = "tcp_test.pcap";
string captureFilename = capturePre + captureFN;
// open the offline file
var dev = new CaptureFileReaderDevice(captureFilename);
dev.Open();
Assert.True(dev != null, "failed to open " + captureFilename);
var tcpConnectionManager = new TcpConnectionManager();
tcpConnectionManager.OnConnectionFound += HandleTcpConnectionManagerOnConnectionFound;
connectionsFound = 0;
var startTime = DateTime.Now;
PacketCapture e;
GetPacketStatus status;
while ((status = dev.GetNextPacket(out e)) == GetPacketStatus.PacketRead)
{
var rawCapture = e.GetPacket();
var p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data);
var tcpPacket = p.Extract <TcpPacket>();
if (tcpPacket != null)
{
// Console.WriteLine("{0}", tcpPacket.ToString());
tcpConnectionManager.ProcessPacket(rawCapture.Timeval, tcpPacket);
}
}
var endTime = DateTime.Now;
// restore logging
LoggingConfiguration.GlobalLoggingLevel = oldThreshold;
var rate = new Utils.Rate(startTime, endTime, connectionsFound, "Connections found");
Console.WriteLine(rate.ToString());
}
private void device_OnPacketArrival(object sender, CaptureEventArgs e)
{
var packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType,
e.Packet.Data);
try
{
var tcpPacket = packet.Extract <TcpPacket>();
// only pass tcp packets to the tcpConnectionManager
if (tcpPacket != null)
{
_tcpConnectionManager.ProcessPacket(e.Packet.Timeval, tcpPacket);
}
}
catch { }
}
public void ConnectionEstablishResetIgnored()
{
string captureFN = "tcp_stream_with_disconnect_and_reset.pcap";
string captureFilename = capturePre + captureFN;
// open the offline file
var dev = new CaptureFileReaderDevice(captureFilename);
dev.Open();
Assert.True(dev != null, "failed to open " + captureFilename);
int expectedConnectionsFound = 1;
int connectionsFound = 0;
var tcpConnectionManager = new TcpConnectionManager();
tcpConnectionManager.OnConnectionFound += delegate(TcpConnection c) {
Console.WriteLine("found connection");
connectionsFound++;
};
tcpConnectionManager.OnConnectionFound += HandleTcpConnectionManagerOnConnectionFound;
GetPacketStatus status;
PacketCapture e;
while ((status = dev.GetNextPacket(out e)) == GetPacketStatus.PacketRead)
{
var rawCapture = e.GetPacket();
var p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data);
var tcpPacket = p.Extract <TcpPacket>();
if (tcpPacket != null)
{
// Console.WriteLine("{0}", tcpPacket.ToString());
tcpConnectionManager.ProcessPacket(rawCapture.Timeval, tcpPacket);
}
}
Assert.Equal(expectedConnectionsFound, connectionsFound);
}
/// <summary>
/// Prints the time and length of each received packet
/// </summary>
private static void device_OnPacketArrival(object sender, CaptureEventArgs e)
{
#if false
var time = e.Packet.Timeval.Date;
var len = e.Packet.Data.Length;
Console.WriteLine("{0}:{1}:{2},{3} Len={4}",
time.Hour, time.Minute, time.Second, time.Millisecond, len);
Console.WriteLine(e.Packet.ToString());
#endif
var p = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
var tcpPacket = p.Extract <TcpPacket>();
if (tcpPacket == null)
{
return;
}
log.Debug("passing packet to TcpConnectionManager");
tcpConnectionManager.ProcessPacket(e.Packet.Timeval,
tcpPacket);
}
private List <MemoryStream> packetParserUsingDotnetConnections(String capFile)
{
//Open packet file
//String capFile = "";
ICaptureDevice device;
try
{
// Get an offline device
device = new CaptureFileReaderDevice(capFile);
// tcpdump filter to capture only TCP/IP packets
string filter = "ip and (tcp or udp)";
//Convert to flows
//string tcpFilter = "tcp.stream eq 1";
//string udpFilter = "udp.stream==1";
device.Filter = filter;
// Open the device
device.Open();
}
catch (Exception e)
{
Console.WriteLine("Error - Caught exception when opening file" + e.ToString());
return(null);
}
RawCapture packets;
List <byte> bytesList = new List <byte>();
List <NetFlow> tcpNetFlows = new List <NetFlow>();
List <NetFlow> udpNetFlows = new List <NetFlow>();
TcpConnectionManager tcpConnectionManager = new TcpConnectionManager();
tcpConnectionManager.OnConnectionFound += HandleTcpConnectionManagerOnConnectionFound;
// Capture packets using GetNextPacket()
while ((packets = device.GetNextPacket()) != null)
{
var p = PacketDotNet.Packet.ParsePacket(packets.LinkLayerType, packets.Data);
var tcpPacket = p.Extract <PacketDotNet.TcpPacket>();
var udpPacket = p.Extract <PacketDotNet.UdpPacket>();
//tcpPacket, also requires assembling packets into proper sequences
if (tcpPacket != null)
{
tcpConnectionManager.ProcessPacket(packets.Timeval, tcpPacket);
var ipPacket = (PacketDotNet.IPPacket)tcpPacket.ParentPacket;
System.Net.IPAddress srcIp = ipPacket.SourceAddress;
System.Net.IPAddress dstIp = ipPacket.DestinationAddress;
int srcPort = tcpPacket.SourcePort;
int dstPort = tcpPacket.DestinationPort;
}
//Console.WriteLine(p.ToString());
}
// Print out the device statistics
//Console.WriteLine(device.Statistics.ToString());
//Close the pcap device
device.Close();
//MemoryStream memoryStream = new MemoryStream(bytesList.ToArray());
// Dictionary<TcpFlow, List<Entry>> TcpPackets
List <MemoryStream> memoryStreams = new List <MemoryStream>();
MemoryStream memoryStream = null;
foreach (KeyValuePair <TcpFlow, List <Entry> > entry in TcpPackets)
{
// do something with entry.Value or entry.Key
foreach (var pkt in entry.Value)
{
if (pkt.Packet.HasPayloadData)
{
memoryStream = new MemoryStream();
memoryStream.Write(pkt.Packet.PayloadData, 0, pkt.Packet.PayloadData.Length);
memoryStreams.Add(memoryStream);
}
}
}
return(memoryStreams);
}
