Example #1
0
        public void PacketDispatcher(PcapDotNet.Packets.Packet packet)
        {
            Common.PacketData pdata = new Common.PacketData(packet);
            if (!NetworkFirewall.TestIncoming(pdata))
            {
                return;
            }
            Task.Run(() =>
            {
                switch (pdata.Type)
                {
                case PacketType.Arp:
                    Arp.OnReceivePacket(pdata);
                    break;

                case PacketType.Icmp:
                    Icmp.OnReceivePacket(pdata);
                    break;

                case PacketType.Dns:
                    Dns.OnReceivePacket(pdata);
                    break;

                case PacketType.Tcp:
                    Tcp.OnReceivePacket(pdata);
                    break;

                case PacketType.Http:
                    Tcp.OnReceivePacket(pdata);
                    break;
                }
            });
        }
Example #2
0
        public static CategorizeInfo SortPacket(PcapDotNet.Packets.Packet raw)
        {
            // Get a packet from raw data.
            // Be a little lazy and assume that only Ethernet DLL protcol is used.
            EthernetDatagram packet = raw.Ethernet;

            CategorizeInfo info = new CategorizeInfo
            {
                NetworkLayer     = new Dictionary <string, long>(),
                TransportLayer   = new Dictionary <string, long>(),
                ApplicationLayer = new Dictionary <string, long>()
            };

            #region Network Layer
            switch (packet.EtherType)
            {
            case EthernetType.Arp:
                info.NetworkLayer.Increment("ARP");
                break;

            case EthernetType.IpV4:
                info.NetworkLayer.Increment("IPv4");
                break;

            case EthernetType.IpV6:
                info.NetworkLayer.Increment("IPv6");
                break;

            default:
                info.NetworkLayer.Increment("Others");
                break;
            }
            #endregion

            #region Transport Layer
            IpV4Datagram ipv4pk = null;
            if (packet.EtherType == EthernetType.IpV4)
            {
                ipv4pk = packet.IpV4;
                switch (ipv4pk.Protocol)
                {
                case IpV4Protocol.Tcp:
                    info.TransportLayer.Increment("TCP");
                    break;

                case IpV4Protocol.Udp:
                    info.TransportLayer.Increment("UDP");
                    break;

                default:
                    info.TransportLayer.Increment("Others");
                    break;
                }
            }
            #endregion

            #region Application Layer
            if (ipv4pk != null)
            {
                if (ipv4pk.Protocol == IpV4Protocol.Tcp)
                {
                    TcpDatagram tcpPk = ipv4pk.Tcp;
                    string      s     = new ASCIIEncoding().GetString(tcpPk.Payload.ToArray());
                    if (s.IndexOf("HTTP") > 0)
                    {  // Found HTTP head
                        info.ApplicationLayer.Increment("HTTP Header");
                    }
                    else
                    {
                        info.ApplicationLayer.Increment("Others");
                    }
                }
            }
            #endregion

            return(info);
        }
Example #3
0
        void PcapPacketHandler(PcapDotNet.Packets.Packet packet)
        {
            IpV4Datagram ipPacket  = packet.Ethernet.IpV4;
            TcpDatagram  tcpPacket = ipPacket.Tcp;
            Datagram     tcpData   = tcpPacket.Payload;

            byte[] PacketData = tcpData.ToMemoryStream().ToArray();

            if (PacketData.Length > 5)
            {
                string srcIp   = ipPacket.Source.ToString();
                string dstIp   = ipPacket.Destination.ToString();
                int    srcPort = tcpPacket.SourcePort;
                int    dstPort = tcpPacket.DestinationPort;

                if (LocalIP == null)
                {
                    IPHostEntry _IPHostEntry = Dns.GetHostEntry(System.Net.Dns.GetHostName());

                    foreach (IPAddress _IPAddress in _IPHostEntry.AddressList)
                    {
                        if (_IPAddress.AddressFamily.ToString() == "InterNetwork")
                        {
                            if (_IPAddress.ToString() == srcIp.ToString() || _IPAddress.ToString() == dstIp.ToString())
                            {
                                LocalIP = _IPAddress;
                            }
                        }
                    }
                }

                if (!IsConnected)
                {
                    if (PacketData.Length == 14)
                    {
                        if (PacketData[0] == 0x03 && PacketData[1] == 0x0E)
                        {
                            if (srcPort >= 20050 && srcPort <= 20080)
                            {
                                Console.WriteLine("Got ClientHello on port {0}!", srcPort);
                                ShardAddr   = srcIp;
                                ShardPort   = srcPort;
                                IsConnected = true;
                            }
                        }
                    }
                    return;
                }

                if (!GotHandShake)
                {
                    if (PacketData[0] == 0x04)
                    {
                        Console.WriteLine("Got ClientHandshake!");
                        GotHandShake = true;
                    }
                    return;
                }

                if (LocalIP.ToString() == dstIp.ToString() && srcPort == ShardPort && srcIp.ToString() == ShardAddr.ToString())
                {
                    // Server -> Client
                    byte[] gPacket = new byte[PacketData.Length + 1];
                    gPacket[0] = 0x00;
                    Array.Copy(PacketData, 0, gPacket, 1, PacketData.Length);
                    Packets.Add(gPacket);
                }
                else if (dstPort == ShardPort && dstIp.ToString() == ShardAddr.ToString())
                {
                    // Client -> Server
                    byte[] gPacket = new byte[PacketData.Length + 1];
                    gPacket[0] = 0x01;
                    Array.Copy(PacketData, 0, gPacket, 1, PacketData.Length);
                    Packets.Add(gPacket);
                }
            }
        }