Example #1
0
        public IPHeader(EthernetHeader eth)
        {
            if (eth.Protocol == (int)EthernetProtocol.IP)
            {
                headerOffset = eth.DataOffset;
                data         = eth.Data;

                long addr = (long)data[headerOffset + 15] << 24 | (long)data[headerOffset + 14] << 16 |
                            (long)data[headerOffset + 13] << 8 | (long)data[headerOffset + 12];
                sourceIp = new IPAddress(addr);
                addr     = (long)data[headerOffset + 19] << 24 | (long)data[headerOffset + 18] << 16 |
                       (long)data[headerOffset + 17] << 8 | (long)data[headerOffset + 16];
                destinationIp = new IPAddress(addr);

                protocol = (IPProtocol)data[headerOffset + 9];
                length   = data[headerOffset + 2] << 8 | data[headerOffset + 3];

                dataOffset = headerOffset + ((data[headerOffset] & 0xF) << 2);
            }
            else
            {
                throw new PacketFormatException("Packet is not IP");
            }
        }
Example #2
0
        public IPHeader(EthernetHeader eth)
        {
            if (eth.Protocol == (int)EthernetProtocol.IP) {
            headerOffset = eth.DataOffset;
            data = eth.Data;

            long addr = (long)data[headerOffset + 15] << 24 | (long)data[headerOffset + 14] << 16 |
              (long)data[headerOffset + 13] << 8 | (long)data[headerOffset + 12];
            sourceIp = new IPAddress(addr);
            addr = (long)data[headerOffset + 19] << 24 | (long)data[headerOffset + 18] << 16 |
              (long)data[headerOffset + 17] << 8 | (long)data[headerOffset + 16];
            destinationIp = new IPAddress(addr);

            protocol = (IPProtocol)data[headerOffset + 9];
            length = data[headerOffset + 2] << 8 | data[headerOffset + 3];

            dataOffset = headerOffset + ((data[headerOffset] & 0xF) << 2);
              } else {
            throw new PacketFormatException("Packet is not IP");
              }
        }
Example #3
0
        static void Main(string[] args)
        {
            var pcap = new Pcap();
              pcap.Open(ConfigurationManager.AppSettings["Adapter"]);

              var address = IPAddress.Parse(ConfigurationManager.AppSettings["Address"]);
              var port = UInt16.Parse(ConfigurationManager.AppSettings["Port"]);

              Packet packet = null;

              long tx = 0, rx = 0;

              while (true)
              {
            if ((packet = pcap.Next()) != null)
            {
              var eth = new EthernetHeader(packet.Data);
              if (eth.Protocol == (int)EthernetProtocol.IP)
              {
            var ip = new IPHeader(eth);
            if (ip.Protocol == IPProtocol.Tcp)
            {
              var tcp = new TcpHeader(ip);
              if (ip.SourceIp.Equals(address) && tcp.SourcePort == port) rx += tcp.Length;
              else if (ip.DestinationIp.Equals(address) && tcp.DestinationPort == port) tx += tcp.Length;
            }
              }
            }

            if (KeyPressed())
            {
              Console.WriteLine("{0},{1}", tx, rx);
              tx = 0;
              rx = 0;
            }
              }
        }
Example #4
0
        public void Execute()
        {
            Packet packet;
              EthernetHeader eth;
              IPHeader ip;

              Flow key = new Flow();
              FlowStats stats;

              try {
            //BinaryReader log = new BinaryReader(new FileStream(@"c:\users\gavin\desktop\20081006.dat", FileMode.Open, FileAccess.Read));
            while (!terminated) {
              try {
            /*packet = new Packet();
            packet.Time = log.ReadInt64();
            packet.Length = log.ReadInt32();
            packet.Data = log.ReadBytes(log.ReadInt32());*/
            packet = pcap.Next();
              } catch (Exception e) {
            packet = null;
            throw;
              }
              if (packet != null) {
            if (dump != null) {
              dump.Write(packet.Time);
              dump.Write(packet.Length);
              int i = Math.Min(packet.Data.Length, 64);
              dump.Write(i);
              dump.Write(packet.Data, 0, i);
              dump.Flush();
            }

            eth = new EthernetHeader(packet.Data);

            if (eth.Protocol == (int)EthernetProtocol.IP) {
              ip = new IPHeader(eth);
              if (ip.Protocol == IPProtocol.Tcp) {
                TcpHeader tcp = new TcpHeader(ip);
                key = new Flow(ip, tcp);

                stats = tracker.Resolve(key, packet.Time);

                stats.Last = packet.Time;
                stats.Packets++;
                // Bytes at IP, including IP header
                stats.Bytes += ip.Length;

                #region debugging
                /*
              // TODO: Verify sorted order of queue - should be right now
              FlowStats check = queue.Head;
              while (check != null) {
                if (check.Next != null) Debug.Assert(check.Last >= check.Next.Last);
                check = check.Next;
              }
              */
                #endregion
              } else if (ip.Protocol == IPProtocol.Udp) {
                try {
                  UdpHeader udp = new UdpHeader(ip);
                  key = new Flow(ip, udp);

                  stats = tracker.Resolve(key, packet.Time);

                  stats.Last = packet.Time;
                  stats.Packets++;
                  // Bytes at IP, including IP header
                  stats.Bytes += ip.Length;
                } catch (IndexOutOfRangeException e) {
                  using (StreamWriter errorLog = new StreamWriter(Path.Combine(LogFolder, "error.log"), true)) {
                    errorLog.WriteLine(DateTime.Now);
                    errorLog.WriteLine(e.Message);
                    errorLog.WriteLine(e.StackTrace);
                    errorLog.WriteLine();
                  }

                  if (dump != null) {
                    dump.Write(packet.Time);
                    dump.Write(packet.Length);
                    dump.Write(packet.Data.Length);
                    dump.Write(packet.Data, 0, packet.Data.Length);
                    dump.Flush();
                  }
                } catch (Exception ex) {

                }
              } else if (ip.Protocol == IPProtocol.Icmp) {
                // TODO: Deal with ICMP
              } else if (ip.Protocol == IPProtocol.Gre) {
                // TODO: Deal with GRE
              }
            } else {
              // TODO: deal with non-IP
            }

            #region Age flows
            /**/
            while (tracker.Count > 0 && tracker.Tail.Last < packet.Time - ExpiryInterval) {
              stats = tracker.Tail;
              Dump(stats);
              tracker.Remove(stats);
            }
            writer.Flush();
            /**/
            #endregion
              }
              packets++;
            }
              } catch (EndOfStreamException e) {
            // TODO: nothing
              } catch (Exception e) {
            //debug.WriteLine("ERROR: " + e.Message);
            //debug.Flush();
            throw e;
              }
        }