public IPHeader(EthernetHeader eth)
{
if (eth.Protocol == (int)EthernetProtocol.IP)
{
headerOffset = eth.DataOffset;
data = eth.Data;
long addr = (long)data[headerOffset + 15] << 24 | (long)data[headerOffset + 14] << 16 |
(long)data[headerOffset + 13] << 8 | (long)data[headerOffset + 12];
sourceIp = new IPAddress(addr);
addr = (long)data[headerOffset + 19] << 24 | (long)data[headerOffset + 18] << 16 |
(long)data[headerOffset + 17] << 8 | (long)data[headerOffset + 16];
destinationIp = new IPAddress(addr);
protocol = (IPProtocol)data[headerOffset + 9];
length = data[headerOffset + 2] << 8 | data[headerOffset + 3];
dataOffset = headerOffset + ((data[headerOffset] & 0xF) << 2);
}
else
{
throw new PacketFormatException("Packet is not IP");
}
}
public IPHeader(EthernetHeader eth)
{
if (eth.Protocol == (int)EthernetProtocol.IP) {
headerOffset = eth.DataOffset;
data = eth.Data;
long addr = (long)data[headerOffset + 15] << 24 | (long)data[headerOffset + 14] << 16 |
(long)data[headerOffset + 13] << 8 | (long)data[headerOffset + 12];
sourceIp = new IPAddress(addr);
addr = (long)data[headerOffset + 19] << 24 | (long)data[headerOffset + 18] << 16 |
(long)data[headerOffset + 17] << 8 | (long)data[headerOffset + 16];
destinationIp = new IPAddress(addr);
protocol = (IPProtocol)data[headerOffset + 9];
length = data[headerOffset + 2] << 8 | data[headerOffset + 3];
dataOffset = headerOffset + ((data[headerOffset] & 0xF) << 2);
} else {
throw new PacketFormatException("Packet is not IP");
}
}
static void Main(string[] args)
{
var pcap = new Pcap();
pcap.Open(ConfigurationManager.AppSettings["Adapter"]);
var address = IPAddress.Parse(ConfigurationManager.AppSettings["Address"]);
var port = UInt16.Parse(ConfigurationManager.AppSettings["Port"]);
Packet packet = null;
long tx = 0, rx = 0;
while (true)
{
if ((packet = pcap.Next()) != null)
{
var eth = new EthernetHeader(packet.Data);
if (eth.Protocol == (int)EthernetProtocol.IP)
{
var ip = new IPHeader(eth);
if (ip.Protocol == IPProtocol.Tcp)
{
var tcp = new TcpHeader(ip);
if (ip.SourceIp.Equals(address) && tcp.SourcePort == port) rx += tcp.Length;
else if (ip.DestinationIp.Equals(address) && tcp.DestinationPort == port) tx += tcp.Length;
}
}
}
if (KeyPressed())
{
Console.WriteLine("{0},{1}", tx, rx);
tx = 0;
rx = 0;
}
}
}
public void Execute()
{
Packet packet;
EthernetHeader eth;
IPHeader ip;
Flow key = new Flow();
FlowStats stats;
try {
//BinaryReader log = new BinaryReader(new FileStream(@"c:\users\gavin\desktop\20081006.dat", FileMode.Open, FileAccess.Read));
while (!terminated) {
try {
/*packet = new Packet();
packet.Time = log.ReadInt64();
packet.Length = log.ReadInt32();
packet.Data = log.ReadBytes(log.ReadInt32());*/
packet = pcap.Next();
} catch (Exception e) {
packet = null;
throw;
}
if (packet != null) {
if (dump != null) {
dump.Write(packet.Time);
dump.Write(packet.Length);
int i = Math.Min(packet.Data.Length, 64);
dump.Write(i);
dump.Write(packet.Data, 0, i);
dump.Flush();
}
eth = new EthernetHeader(packet.Data);
if (eth.Protocol == (int)EthernetProtocol.IP) {
ip = new IPHeader(eth);
if (ip.Protocol == IPProtocol.Tcp) {
TcpHeader tcp = new TcpHeader(ip);
key = new Flow(ip, tcp);
stats = tracker.Resolve(key, packet.Time);
stats.Last = packet.Time;
stats.Packets++;
// Bytes at IP, including IP header
stats.Bytes += ip.Length;
#region debugging
/*
// TODO: Verify sorted order of queue - should be right now
FlowStats check = queue.Head;
while (check != null) {
if (check.Next != null) Debug.Assert(check.Last >= check.Next.Last);
check = check.Next;
}
*/
#endregion
} else if (ip.Protocol == IPProtocol.Udp) {
try {
UdpHeader udp = new UdpHeader(ip);
key = new Flow(ip, udp);
stats = tracker.Resolve(key, packet.Time);
stats.Last = packet.Time;
stats.Packets++;
// Bytes at IP, including IP header
stats.Bytes += ip.Length;
} catch (IndexOutOfRangeException e) {
using (StreamWriter errorLog = new StreamWriter(Path.Combine(LogFolder, "error.log"), true)) {
errorLog.WriteLine(DateTime.Now);
errorLog.WriteLine(e.Message);
errorLog.WriteLine(e.StackTrace);
errorLog.WriteLine();
}
if (dump != null) {
dump.Write(packet.Time);
dump.Write(packet.Length);
dump.Write(packet.Data.Length);
dump.Write(packet.Data, 0, packet.Data.Length);
dump.Flush();
}
} catch (Exception ex) {
}
} else if (ip.Protocol == IPProtocol.Icmp) {
// TODO: Deal with ICMP
} else if (ip.Protocol == IPProtocol.Gre) {
// TODO: Deal with GRE
}
} else {
// TODO: deal with non-IP
}
#region Age flows
/**/
while (tracker.Count > 0 && tracker.Tail.Last < packet.Time - ExpiryInterval) {
stats = tracker.Tail;
Dump(stats);
tracker.Remove(stats);
}
writer.Flush();
/**/
#endregion
}
packets++;
}
} catch (EndOfStreamException e) {
// TODO: nothing
} catch (Exception e) {
//debug.WriteLine("ERROR: " + e.Message);
//debug.Flush();
throw e;
}
}