// IPv4 + TCP数据包封装函数 private EthernetPacket TcPonIPv4PacketMaker() { // Ether封包 var ether = new EthernetPacket(PhysicalAddress.Parse(MakeMaCaddr(SourceMAC1.Text, SourceMAC2.Text, SourceMAC3.Text, SourceMAC4.Text, SourceMAC5.Text, SourceMAC6.Text)), PhysicalAddress.Parse(MakeMaCaddr(DestMAC1.Text, DestMAC2.Text, DestMAC3.Text, DestMAC4.Text, DestMAC5.Text, DestMAC6.Text)), EthernetPacketType.IPv4); // TCP封包 var tcp = new TcpPacket(Convert.ToUInt16(SourcePortTextBox.Text), Convert.ToUInt16(DestPortTextBox.Text)) { Urg = TCPFlagsCheckedListBox.GetItemChecked(0), Ack = TCPFlagsCheckedListBox.GetItemChecked(1), Psh = TCPFlagsCheckedListBox.GetItemChecked(2), Rst = TCPFlagsCheckedListBox.GetItemChecked(3), Syn = TCPFlagsCheckedListBox.GetItemChecked(4), Fin = TCPFlagsCheckedListBox.GetItemChecked(5), SequenceNumber = Convert.ToUInt32(SequenceTextBox.Text), AcknowledgmentNumber = Convert.ToUInt32(AcknowledgmentTextBox.Text), WindowSize = Convert.ToUInt16(WindowSizeTextBox.Text), UrgentPointer = Convert.ToInt32(UrgPointerTextBox.Text) }; if (PayloadTextBox.Text.Length != 0) { tcp.PayloadData = Encoding.ASCII.GetBytes(PayloadTextBox.Text); } tcp.UpdateCalculatedValues(); // IPv4封包 var IPv4 = new IPv4Packet(IPAddress.Parse(MakeIPaddr(SourceIP1.Text, SourceIP2.Text, SourceIP3.Text, SourceIP4.Text)), IPAddress.Parse(MakeIPaddr(DestIP1.Text, DestIP2.Text, DestIP3.Text, DestIP4.Text))) { TimeToLive = Convert.ToInt32(TTLTextBox.Text), Protocol = IPProtocolType.TCP, Version = IPVersion.IPv4, FragmentFlags = Convert.ToInt16(FragmentFlagsTextBox.Text), FragmentOffset = Convert.ToInt32(FragmentOffsetTextBox.Text), TypeOfService = Convert.ToInt32(TOSTextBox.Text), Id = Convert.ToUInt16(IdentifierTextbox.Text), PayloadPacket = tcp }; ether.PayloadPacket = IPv4; IPv4.ParentPacket = ether; IPv4.UpdateIPChecksum(); tcp.ParentPacket = IPv4; tcp.UpdateTCPChecksum(); return(ether); }
public static IPv4Packet CreateIpV4Packet(IPAddress sourceIpAddress, IPAddress destinationIpAddress, TcpPacket payloadPacket) { var result = new IPv4Packet(sourceIpAddress, destinationIpAddress) { PayloadPacket = payloadPacket }; payloadPacket.UpdateTCPChecksum(); result.UpdateIPChecksum(); result.UpdateCalculatedValues(); return(result); }
private Packet GeneratePacket() { // FIXME in this case we always generate the same packet, but keep // regenerating it -- this can be made more efficient! var tcp_p = new TcpPacket(src_port, dst_port); var ip_p = new IPv4Packet(src_ip, dst_ip); var eth_p = new EthernetPacket(src_mac, dst_mac, EthernetPacketType.None); eth_p.PayloadPacket = ip_p; ip_p.PayloadPacket = tcp_p; tcp_p.UpdateTCPChecksum(); ip_p.UpdateIPChecksum(); eth_p.UpdateCalculatedValues(); return(eth_p); }
/// <summary> /// 尝试发送FIN+ACK标志结束某一组互联网上的连接。 /// </summary> /// <param name="srcAddress">连接的起点,应为小端地址。</param> /// <param name="srcPort">连接起点的端口。</param> /// <param name="dstAddress">连接的终点,应为大端地址。</param> /// <param name="dstPort">连接终点的端口。</param> /// <returns>成功发送包返回true,失败返回false。</returns> public bool KillConnection(IPAddress srcAddress, ushort srcPort, IPAddress dstAddress, ushort dstPort) { EthernetPacket ether; // 寻找指定目标 lock (_tcpLinks) { if (_tcpLinks.All(item => !(item.SrcAddress.Equals(srcAddress) && item.SrcPort == srcPort) || !(item.DstAddress.Equals(dstAddress) && item.DstPort == dstPort))) { return(false); } ether = new EthernetPacket(_tcpLinks.Find(item => item.SrcAddress.Equals(srcAddress) && item.SrcPort == srcPort && item.DstAddress.Equals(dstAddress) && item.DstPort == dstPort) .LastPacket.BytesHighPerformance); } // 解析包数据 var ipv4 = (IPv4Packet)ether.PayloadPacket; var tcp = (TcpPacket)ipv4.PayloadPacket; // 设置数据包内容 var payload = new TcpPacket(tcp.SourcePort, tcp.DestinationPort) { Fin = true, Ack = true, SequenceNumber = (uint)(tcp.SequenceNumber + (tcp.PayloadPacket?.TotalPacketLength ?? 0)), AcknowledgmentNumber = tcp.AcknowledgmentNumber, WindowSize = tcp.WindowSize }; payload.UpdateCalculatedValues(); ipv4.PayloadPacket = payload; payload.ParentPacket = ipv4; payload.UpdateTCPChecksum(); _device.SendPacket(ether); return(true); }
void device_OnPacketArrival(object sender, CaptureEventArgs e) { var Now = DateTime.Now; // cache 'DateTime.Now' for minor reduction in cpu overhead var interval = Now - _lastStatisticsOutput; if (interval > _lastStatisticsInterval) { //Console.WriteLine("device_OnPacketArrival: " + e.Device.Statistics); _captureStatistics = e.Device.Statistics; _statisticsUiNeedsUpdate = true; _lastStatisticsOutput = Now; } if (CaptureForm._pshPacket != null && _iRecvPackets <= RECEIVING_PACKED_EXPECTED) { Packet p = Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data); TcpPacket tcp = TcpPacket.GetEncapsulated(p); if (tcp.Psh && tcp.SourcePort == TARGET_PORT && tcp.PayloadData.Length > 0) { IPv4Packet ip = (IPv4Packet)IpPacket.GetEncapsulated(CaptureForm._pshPacket); IPv4Packet lastAckIp = (IPv4Packet)IpPacket.GetEncapsulated(CaptureForm._lastAckPacket); TcpPacket lastAckTcp = TcpPacket.GetEncapsulated(CaptureForm._lastAckPacket); lastAckIp.Id = (ushort)(ip.Id + 10); lastAckIp.UpdateIPChecksum(); lastAckTcp.SequenceNumber = tcp.AcknowledgmentNumber; lastAckTcp.AcknowledgmentNumber = (uint)(tcp.SequenceNumber + tcp.PayloadData.Length); lastAckTcp.UpdateTCPChecksum(); _device.SendPacket(CaptureForm._lastAckPacket); CaptureForm._pshPacket = CaptureForm._lastAckPacket; _iRecvPackets++; } } lock (_queueLock) _packetQueue.Add(e.Packet); }
static void Ns_OnPacket(object sender, IPProtocolType protocolType, EthernetPacket packet) { NetworkSniffer ns = (NetworkSniffer)sender; IPv4Packet ip = (IPv4Packet)packet.PayloadPacket; TcpPacket t = (TcpPacket)ip.PayloadPacket; // Si el paquete recibido es el de respuesta OK del mysql if (t.PayloadData.SequenceEqual(ResponseOk)) { Parent = packet; // Replicamos el paquete, enviando el payload de la fila, si, antes de recibir el SELECT LastSequenceId = (uint)(t.SequenceNumber + t.PayloadData.Length); ip.Id++; t.SequenceNumber = LastSequenceId; t.OptionsCollection.Clear(); t.PayloadData = Payload; t.Ack = true; t.Psh = true; ip.UpdateCalculatedValues(); t.UpdateCalculatedValues(); ip.UpdateIPChecksum(); t.UpdateTCPChecksum(); ns.Send(packet); LastSequenceId = (uint)(t.SequenceNumber + t.PayloadData.Length); Console.WriteLine(t.ToString(StringOutputType.Verbose)); } else { // Si el paquete contiene el valor SELECT string ascii = Encoding.ASCII.GetString(t.PayloadData); if (Parent != null && ascii.Contains("SELECT")) { // Ya no actuamos mas ns.OnPacket -= Ns_OnPacket; ip = (IPv4Packet)Parent.PayloadPacket; t = (TcpPacket)ip.PayloadPacket; // Enviamos un ACK del paquete recibido, para darle por bueno t.SequenceNumber = LastSequenceId; t.AcknowledgmentNumber = t.AcknowledgmentNumber; t.PayloadData = new byte[] { }; ip.Id++; t.Ack = true; t.Psh = false; ip.UpdateCalculatedValues(); t.UpdateCalculatedValues(); ip.UpdateIPChecksum(); t.UpdateTCPChecksum(); ns.Send(packet); Console.WriteLine(t.ToString(StringOutputType.Verbose)); } } }
// process packet public bool ProcessPacket(Packet rawPacket, TcpPacket packet) { if (packet.ParentPacket == null) { return(true); } if (packet.PayloadData == null) { return(true); } var sourceIP = ((IpPacket)packet.ParentPacket).SourceAddress.ToString(); var destIP = ((IpPacket)packet.ParentPacket).DestinationAddress.ToString(); var payload = packet.PayloadData; var data = encodingUtf8.GetString(payload); if (data != string.Empty) { var changed = new List <string>(); var matches = SimpleRegex.GetMatches(regexType, data); // HTTP request if (matches.Count > 2) { // check for images - stop further processing if (matches[2].Contains(".png") || matches[2].Contains(".jpg") || matches[2].Contains(".gif")) { return(true); } // check for Accept-Encoding and replace it to prevent unreadable data if (data.Contains("Accept-Encoding:")) { var diff = data.Length - regexEncoding.Replace(data, "Accept-Encoding: \r\n").Length; var extra = string.Empty; for (int i = 0; i < diff; i++) { extra += " "; } data = regexEncoding.Replace(data, "Accept-Encoding: " + extra + "\r\n"); changed.Add("Accept-Encoding"); } // check for If-Modified-Since and replace it to prevent caching if (data.Contains("If-Modified-Since:")) { var time = new DateTime(2000, 1, 1); data = regexModified.Replace(data, "If-Modified-Since: " + time.ToString("R") + "\r\n"); changed.Add("If-Modified-Since"); } // check for cookies and strip them if necessary if (stripCookies && data.Contains("Cookie:")) { data = data.Replace("Cookie:", "C00kie:"); changed.Add("Cookies"); } } // HTTP response else { // check for html tags - stop further processing if (!(data.Contains("<form") || data.Contains("<input") || data.Contains("<a ") || data.Contains("</a>") || data.Contains("</div>") || data.Contains("<meta") || data.Contains("javascript"))) { return(true); } var cmatches = SimpleRegex.GetMatches(regexCType, data); // check for images - stop further processing if (cmatches.Count > 1 && cmatches[1].Contains("image")) { return(true); } // HTTP 302 redirect stripping foreach (var item in stripRedirects) { if (data.Contains("Location: " + item)) { data = data.Replace("Location: https://", "Location: http://"); changed.Add("HTTPS (302 redirect)"); } } // other links, actions... if (data.Contains("\"https://") || data.Contains("'https://")) { data = data.Replace("\"https://", "\" http://"); data = data.Replace("'https://", "' http://"); changed.Add("HTTPS"); } } if (changed.Count > 0) { // change packet data to stripped one var bytes = encodingUtf8.GetBytes(data); var diff = packet.PayloadData.Length - bytes.Length; packet.PayloadData = bytes; packet.UpdateTCPChecksum(); // checksum fixes for IPv4 packets (IPv6 packet doesn't have a checksum) if (packet.ParentPacket is IPv4Packet) { var ip = (IPv4Packet)packet.ParentPacket; ip.TotalLength = ip.HeaderLength + packet.Bytes.Length; ip.PayloadLength = (ushort)packet.Bytes.Length; ip.Checksum = (ushort)(ip.Checksum + diff); } Stripped(sourceIP, destIP, changed); } } return(true); }