/// <summary>
/// Load a list of packets from a PCAP (really basic mode)
/// </summary>
/// <param name="fileName">The file to read from</param>l
/// <param name="raw">Whether to import the raw data or parse for TCP/UDP data</param>
/// <returns>The array of LogPackets</returns>
public static LogPacket[] Load(string fileName, bool raw)
{
List <LogPacket> packets = new List <LogPacket>();
using (Stream stm = File.OpenRead(fileName))
{
DataReader reader = new DataReader(stm);
bool littleEndian = true;
uint magic = reader.ReadUInt32(littleEndian);
if (magic == 0xa1b2c3d4)
{
// OK
}
else if (magic == 0xd4c3b2a1)
{
littleEndian = false;
}
else
{
throw new ArgumentException(Resources.PcapReader_InvalidMagic);
}
reader.ReadUInt16(littleEndian); // Major
reader.ReadUInt16(littleEndian); // Minor
reader.ReadInt32(littleEndian); // Zone
reader.ReadUInt32(littleEndian); // Sig figures
reader.ReadUInt32(littleEndian); // Snap length
uint netType = reader.ReadUInt32(littleEndian);
if (!raw && netType != 1)
{
throw new ArgumentException(Resources.PcapReader_OnlyEthernet);
}
try
{
Guid netId = Guid.NewGuid();
while (reader.DataLeft > 0)
{
int secs = reader.ReadInt32(littleEndian);
int usecs = reader.ReadInt32(littleEndian);
DateTime captureTime = GeneralUtils.FromUnixTime(secs).AddMilliseconds(usecs / 10);
int caplen = reader.ReadInt32(littleEndian);
int origlen = reader.ReadInt32(littleEndian);
byte[] data = reader.ReadBytes(caplen);
if (raw)
{
packets.Add(new LogPacket("PCAP Raw", netId, Guid.NewGuid(), "Unknown",
new DataFrame(data), new ColorValue(0xFF, 0xFF, 0xFF, 0xFF),
captureTime));
}
else
{
LogPacket p = ReadPacket(captureTime, netId, data);
if (p != null)
{
packets.Add(p);
}
}
}
}
catch (EndOfStreamException)
{
}
}
return(packets.ToArray());
}
