public void KerberosHashParser_ParseUdpSession_ParseSuccess()
        {
            // Arrange
            var kerberosParser = new PcapAnalyzer.KerberosAsReqHashParser();

            var kerberosAsRequestPacket = new PcapAnalyzer.UdpPacket
            {
                SourceIp      = "2.2.2.2",
                DestinationIp = "1.1.1.1",
                Data          = new byte[]
                {
                    0x6a, 0x82, 0x01, 0x1f, 0x30, 0x82, 0x01, 0x1b, 0xa1, 0x03, 0x02, 0x01, 0x05, 0xa2, 0x03, 0x02,
                    0x01, 0x0a, 0xa3, 0x5f, 0x30, 0x5d, 0x30, 0x48, 0xa1, 0x03, 0x02, 0x01, 0x02, 0xa2, 0x41, 0x04,
                    0x3f, 0x30, 0x3d, 0xa0, 0x03, 0x02, 0x01, 0x17, 0xa2, 0x36, 0x04, 0x34, 0x09, 0xa2, 0x24, 0x48,
                    0x93, 0xaf, 0xf5, 0xf3, 0x84, 0xf7, 0x9c, 0x37, 0x88, 0x3f, 0x15, 0x4a, 0x32, 0xd3, 0x96, 0xa9,
                    0x14, 0xa4, 0xd0, 0xa7, 0x8e, 0x97, 0x9b, 0xa7, 0x5d, 0x4f, 0xf5, 0x3c, 0x1d, 0xb7, 0x29, 0x41,
                    0x41, 0x76, 0x0f, 0xee, 0x05, 0xe4, 0x34, 0xc1, 0x2e, 0xcf, 0x8d, 0x5b, 0x9a, 0xa5, 0x83, 0x9e,
                    0x30, 0x11, 0xa1, 0x04, 0x02, 0x02, 0x00, 0x80, 0xa2, 0x09, 0x04, 0x07, 0x30, 0x05, 0xa0, 0x03,
                    0x01, 0x01, 0xff, 0xa4, 0x81, 0xad, 0x30, 0x81, 0xaa, 0xa0, 0x07, 0x03, 0x05, 0x00, 0x40, 0x81,
                    0x00, 0x10, 0xa1, 0x10, 0x30, 0x0e, 0xa0, 0x03, 0x02, 0x01, 0x01, 0xa1, 0x07, 0x30, 0x05, 0x1b,
                    0x03, 0x64, 0x65, 0x73, 0xa2, 0x08, 0x1b, 0x06, 0x44, 0x45, 0x4e, 0x59, 0x44, 0x43, 0xa3, 0x1b,
                    0x30, 0x19, 0xa0, 0x03, 0x02, 0x01, 0x02, 0xa1, 0x12, 0x30, 0x10, 0x1b, 0x06, 0x6b, 0x72, 0x62,
                    0x74, 0x67, 0x74, 0x1b, 0x06, 0x44, 0x45, 0x4e, 0x59, 0x44, 0x43, 0xa5, 0x11, 0x18, 0x0f, 0x32,
                    0x30, 0x33, 0x37, 0x30, 0x39, 0x31, 0x33, 0x30, 0x32, 0x34, 0x38, 0x30, 0x35, 0x5a, 0xa6, 0x11,
                    0x18, 0x0f, 0x32, 0x30, 0x33, 0x37, 0x30, 0x39, 0x31, 0x33, 0x30, 0x32, 0x34, 0x38, 0x30, 0x35,
                    0x5a, 0xa7, 0x06, 0x02, 0x04, 0x0b, 0xc4, 0xdd, 0x7e, 0xa8, 0x19, 0x30, 0x17, 0x02, 0x01, 0x17,
                    0x02, 0x02, 0xff, 0x7b, 0x02, 0x01, 0x80, 0x02, 0x01, 0x03, 0x02, 0x01, 0x01, 0x02, 0x01, 0x18,
                    0x02, 0x02, 0xff, 0x79, 0xa9, 0x1d, 0x30, 0x1b, 0x30, 0x19, 0xa0, 0x03, 0x02, 0x01, 0x14, 0xa1,
                    0x12, 0x04, 0x10, 0x58, 0x50, 0x31, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
                    0x20, 0x20, 0x20
                }
            };

            // Act.
            var hash = kerberosParser.Parse(kerberosAsRequestPacket) as PcapAnalyzer.KerberosHash;

            // Assert.
            Assert.AreEqual("Kerberos V5 AS-REQ Pre-Auth etype 23", hash.HashType);
            Assert.AreEqual("des", hash.User);
            Assert.AreEqual("DENYDC", hash.Domain);
            Assert.AreEqual(hash.Hash, "32d396a914a4d0a78e979ba75d4ff53c1db7294141760fee05e434c12ecf8d5b9aa5839e09a2244893aff5f384f79c37883f154a");
        }
Example #2
0
        public void DnsModule_ParseTwoRecords_ParseSuccess()
        {
            // Arrange
            var dnsModule     = new PcapAnalyzer.DnsModule();
            var parsedRecords = new List <PcapAnalyzer.DnsNameMapping>();

            dnsModule.ParsedItemDetected +=
                (object sender, ParsedItemDetectedEventArgs e) => parsedRecords.Add(e.ParsedItem as PcapAnalyzer.DnsNameMapping);

            var dnsPacket = new PcapAnalyzer.UdpPacket
            {
                SourceIp        = "2.2.2.2",
                DestinationIp   = "1.1.1.1",
                DestinationPort = 53,
                SourcePort      = 100,
                Data            = new byte[]
                {
                    0x79, 0x56, 0x81, 0x80, 0x00, 0x01, 0x00, 0x02, 0x00, 0x02, 0x00, 0x00, 0x04, 0x6d, 0x61, 0x69,
                    0x6c, 0x08, 0x70, 0x61, 0x74, 0x72, 0x69, 0x6f, 0x74, 0x73, 0x02, 0x69, 0x6e, 0x00, 0x00, 0x01,
                    0x00, 0x01, 0xc0, 0x0c, 0x00, 0x05, 0x00, 0x01, 0x00, 0x00, 0x2a, 0x4b, 0x00, 0x02, 0xc0, 0x11,
                    0xc0, 0x11, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x2a, 0x4c, 0x00, 0x04, 0x4a, 0x35, 0x8c, 0x99,
                    0xc0, 0x11, 0x00, 0x02, 0x00, 0x01, 0x00, 0x01, 0x43, 0x8c, 0x00, 0x06, 0x03, 0x6e, 0x73, 0x32,
                    0xc0, 0x11, 0xc0, 0x11, 0x00, 0x02, 0x00, 0x01, 0x00, 0x01, 0x43, 0x8c, 0x00, 0x06, 0x03, 0x6e,
                    0x73, 0x31, 0xc0, 0x11
                }
            };

            // Act.
            dnsModule.Analyze(dnsPacket);

            // Assert.
            Assert.AreEqual(2, parsedRecords.Count);
            Assert.AreEqual(parsedRecords[0].Destination, "patriots.in");
            Assert.AreEqual(parsedRecords[0].Query, "mail.patriots.in");
            Assert.AreEqual(parsedRecords[1].Destination, "74.53.140.153");
            Assert.AreEqual(parsedRecords[1].Query, "mail.patriots.in");
        }
 public NetworkLayerObject Parse(UdpPacket udpPacket) => null;
Example #4
0
 public void Analyze(UdpPacket udpPacket) => AnalyzeGeneric(udpPacket);