public void PacketDispatcher(PcapDotNet.Packets.Packet packet) { Common.PacketData pdata = new Common.PacketData(packet); if (!NetworkFirewall.TestIncoming(pdata)) { return; } Task.Run(() => { switch (pdata.Type) { case PacketType.Arp: Arp.OnReceivePacket(pdata); break; case PacketType.Icmp: Icmp.OnReceivePacket(pdata); break; case PacketType.Dns: Dns.OnReceivePacket(pdata); break; case PacketType.Tcp: Tcp.OnReceivePacket(pdata); break; case PacketType.Http: Tcp.OnReceivePacket(pdata); break; } }); }
public static CategorizeInfo SortPacket(PcapDotNet.Packets.Packet raw) { // Get a packet from raw data. // Be a little lazy and assume that only Ethernet DLL protcol is used. EthernetDatagram packet = raw.Ethernet; CategorizeInfo info = new CategorizeInfo { NetworkLayer = new Dictionary <string, long>(), TransportLayer = new Dictionary <string, long>(), ApplicationLayer = new Dictionary <string, long>() }; #region Network Layer switch (packet.EtherType) { case EthernetType.Arp: info.NetworkLayer.Increment("ARP"); break; case EthernetType.IpV4: info.NetworkLayer.Increment("IPv4"); break; case EthernetType.IpV6: info.NetworkLayer.Increment("IPv6"); break; default: info.NetworkLayer.Increment("Others"); break; } #endregion #region Transport Layer IpV4Datagram ipv4pk = null; if (packet.EtherType == EthernetType.IpV4) { ipv4pk = packet.IpV4; switch (ipv4pk.Protocol) { case IpV4Protocol.Tcp: info.TransportLayer.Increment("TCP"); break; case IpV4Protocol.Udp: info.TransportLayer.Increment("UDP"); break; default: info.TransportLayer.Increment("Others"); break; } } #endregion #region Application Layer if (ipv4pk != null) { if (ipv4pk.Protocol == IpV4Protocol.Tcp) { TcpDatagram tcpPk = ipv4pk.Tcp; string s = new ASCIIEncoding().GetString(tcpPk.Payload.ToArray()); if (s.IndexOf("HTTP") > 0) { // Found HTTP head info.ApplicationLayer.Increment("HTTP Header"); } else { info.ApplicationLayer.Increment("Others"); } } } #endregion return(info); }
void PcapPacketHandler(PcapDotNet.Packets.Packet packet) { IpV4Datagram ipPacket = packet.Ethernet.IpV4; TcpDatagram tcpPacket = ipPacket.Tcp; Datagram tcpData = tcpPacket.Payload; byte[] PacketData = tcpData.ToMemoryStream().ToArray(); if (PacketData.Length > 5) { string srcIp = ipPacket.Source.ToString(); string dstIp = ipPacket.Destination.ToString(); int srcPort = tcpPacket.SourcePort; int dstPort = tcpPacket.DestinationPort; if (LocalIP == null) { IPHostEntry _IPHostEntry = Dns.GetHostEntry(System.Net.Dns.GetHostName()); foreach (IPAddress _IPAddress in _IPHostEntry.AddressList) { if (_IPAddress.AddressFamily.ToString() == "InterNetwork") { if (_IPAddress.ToString() == srcIp.ToString() || _IPAddress.ToString() == dstIp.ToString()) { LocalIP = _IPAddress; } } } } if (!IsConnected) { if (PacketData.Length == 14) { if (PacketData[0] == 0x03 && PacketData[1] == 0x0E) { if (srcPort >= 20050 && srcPort <= 20080) { Console.WriteLine("Got ClientHello on port {0}!", srcPort); ShardAddr = srcIp; ShardPort = srcPort; IsConnected = true; } } } return; } if (!GotHandShake) { if (PacketData[0] == 0x04) { Console.WriteLine("Got ClientHandshake!"); GotHandShake = true; } return; } if (LocalIP.ToString() == dstIp.ToString() && srcPort == ShardPort && srcIp.ToString() == ShardAddr.ToString()) { // Server -> Client byte[] gPacket = new byte[PacketData.Length + 1]; gPacket[0] = 0x00; Array.Copy(PacketData, 0, gPacket, 1, PacketData.Length); Packets.Add(gPacket); } else if (dstPort == ShardPort && dstIp.ToString() == ShardAddr.ToString()) { // Client -> Server byte[] gPacket = new byte[PacketData.Length + 1]; gPacket[0] = 0x01; Array.Copy(PacketData, 0, gPacket, 1, PacketData.Length); Packets.Add(gPacket); } } }