// tcp
public void VerifyPacket0(Packet p)
{
Console.WriteLine(p.ToString());
EthernetPacket e = (EthernetPacket)p;
Assert.AreEqual(PhysicalAddress.Parse("00-13-10-03-71-47"), e.SourceHwAddress);
Assert.AreEqual(PhysicalAddress.Parse("00-E0-4C-E5-73-AD"), e.DestinationHwAddress);
IPPacket ip = (IPPacket)p;
Assert.AreEqual(System.Net.IPAddress.Parse("82.165.240.134"), ip.SourceAddress);
Assert.AreEqual(System.Net.IPAddress.Parse("192.168.1.221"), ip.DestinationAddress);
Assert.AreEqual(IPPacket.IPVersions.IPv4, ip.IPVersion);
Assert.AreEqual(IPProtocol.IPProtocolType.TCP, ip.IPProtocol);
Assert.AreEqual(254, ip.TimeToLive);
Assert.AreEqual(0x0df8, ip.ComputeIPChecksum());
Assert.AreEqual(1176685346, ip.Timeval.Seconds);
Assert.AreEqual(885259.000, ip.Timeval.MicroSeconds);
TCPPacket tcp = (TCPPacket)(p);
Assert.AreEqual(80, tcp.SourcePort);
Assert.AreEqual(4324, tcp.DestinationPort);
Assert.IsTrue(tcp.Ack);
Assert.AreEqual(3536, tcp.WindowSize);
Assert.AreEqual(0x0df8, tcp.ComputeIPChecksum());
Assert.AreEqual(0xc835, tcp.ComputeTCPChecksum());
Assert.AreEqual(0xc835, tcp.Checksum);
Assert.IsTrue(tcp.ValidTCPChecksum);
}
internal static void FillDataGridView(Packet packet, DataGridView dataGridView)
{
dataGridView.Rows.Clear();
string[] stringArray = BitConverter.ToString(packet.Bytes).Split('-');
int rowsCount = stringArray.Length / 16;
if (stringArray.Length % 16 != 0)
{
rowsCount++;
}
for (int i = 0; i < rowsCount; i++)
{
int rowSize = i < rowsCount - 1 ? 16 : stringArray.Length % 16;
string[] tempStringArray = new string[rowSize];
byte[] tempBytes = new byte[rowSize];
Array.Copy(stringArray, i * 16, tempStringArray, 0, rowSize);
dataGridView.Rows.Add(tempStringArray);
Array.Copy(packet.Bytes, i * 16, tempBytes, 0, rowSize);
char[] asciiChars = Encoding.UTF7.GetChars(tempBytes);
string ascii = new string(asciiChars);
ascii = Regex.Replace(ascii, @"[^\u0020-\u007E]", ".");
dataGridView.Rows[i].Cells[dataGridView.Columns.Count - 1].Value = ascii;
dataGridView.Rows[i].HeaderCell.Value = String.Format("{0:X4}", i * 16);
}
}
// arp response
private void VerifyPacket1(Packet p)
{
Assert.IsTrue(p is ARPPacket, "p isn't an ARPPacket");
ARPPacket arpPacket = (ARPPacket)p;
IPAddress senderIp = IPAddress.Parse("192.168.1.214");
IPAddress targetIp = IPAddress.Parse("192.168.1.202");
Assert.AreEqual(senderIp, arpPacket.ARPSenderProtoAddress);
Assert.AreEqual(targetIp, arpPacket.ARPTargetProtoAddress);
string senderMacAddress = "00:21:6a:02:08:54";
string targetMacAddress = "00:04:61:99:01:54";
Assert.AreEqual(senderMacAddress, arpPacket.ARPSenderHwAddress);
Assert.AreEqual(targetMacAddress, arpPacket.ARPTargetHwAddress);
}
internal PcapStatistics(Packets.Packet p)
{
this.m_pktHdr = p.PcapHeader.m_pcap_pkthdr;
this.m_pktData = p.Bytes;
}
private void DisplayPacketData(Packet packet)
{
packetsCount++;
packetsDictionary.AddOrUpdate(packetsCount, packet, (i, p) => p);
ListViewItem packetItem;
if (packet is ARPPacket)
{
ARPPacket arpPacket = (ARPPacket)packet;
packetItem = ListViewVisualizer.GenerateListViewItem(
Color.LightPink,
packetsCount.ToString(),
TreeViewVisualizer.GetHyphenatedHwAddress(arpPacket.ARPSenderHwAddress),
String.Empty,
String.Empty,
TreeViewVisualizer.GetHyphenatedHwAddress(arpPacket.ARPTargetHwAddress),
String.Empty,
String.Empty,
"ARP",
arpPacket.ToString());
}
else if (packet is ICMPPacket)
{
ICMPPacket icmpPacket = (ICMPPacket)packet;
packetItem = ListViewVisualizer.GenerateListViewItem(
Color.Thistle,
packetsCount.ToString(),
icmpPacket.SourceAddress.ToString(),
DnsTable.GetHostByAddress(icmpPacket.SourceAddress),
String.Empty,
icmpPacket.DestinationAddress.ToString(),
DnsTable.GetHostByAddress(icmpPacket.DestinationAddress),
String.Empty,
"ICMP",
icmpPacket.ToString());
}
else if (packet is TCPPacket)
{
TCPPacket tcpPacket = (TCPPacket)packet;
packetItem = ListViewVisualizer.GenerateListViewItem(
Color.LightSkyBlue,
packetsCount.ToString(),
tcpPacket.SourceAddress.ToString(),
DnsTable.GetHostByAddress(tcpPacket.SourceAddress),
tcpPacket.SourcePort.ToString(),
tcpPacket.DestinationAddress.ToString(),
DnsTable.GetHostByAddress(tcpPacket.DestinationAddress),
tcpPacket.DestinationPort.ToString(),
"TCP",
tcpPacket.ToString());
}
else if (packet is UDPPacket)
{
UDPPacket udpPacket = (UDPPacket)packet;
packetItem = ListViewVisualizer.GenerateListViewItem(
Color.LemonChiffon,
packetsCount.ToString(),
udpPacket.SourceAddress.ToString(),
DnsTable.GetHostByAddress(udpPacket.SourceAddress),
udpPacket.SourcePort.ToString(),
udpPacket.DestinationAddress.ToString(),
DnsTable.GetHostByAddress(udpPacket.DestinationAddress),
udpPacket.DestinationPort.ToString(),
"UDP",
udpPacket.ToString());
}
else
{
packetItem = ListViewVisualizer.GenerateListViewItem(
Color.Linen,
packetsCount.ToString(),
String.Empty,
String.Empty,
String.Empty,
String.Empty,
String.Empty,
String.Empty,
"unknown",
String.Empty);
}
AddListViewItemDelegate addListViewItemDelegate = new AddListViewItemDelegate(ListViewVisualizer.AddListViewItem);
listViewPackets.Invoke(addListViewItemDelegate, new object[] { packetItem, listViewPackets });
ShowDisplayedPacketsCountDelegate showDisplayedPacketsDelegate = new ShowDisplayedPacketsCountDelegate(StatusStripVisualizer.SetLabelText);
statusStrip.Invoke(showDisplayedPacketsDelegate, new object[] { toolStripStatusLabelPacketsInfo.Name, String.Format("|Displayed packets: {0}", packetsCount), statusStrip });
if (packetsCount == 1)
{
UpdateTreeViewDelegate updateTreeViewDelegate = new UpdateTreeViewDelegate(TreeViewVisualizer.UpdateTreeView);
treeViewPacketInfo.Invoke(updateTreeViewDelegate, new object[] { (Packet)packetsDictionary[1], treeViewPacketInfo });
FillGridViewDelegate fillGridViewDelegate = new FillGridViewDelegate(DataGridViewVisualizer.FillDataGridView);
dataGridViewPacketData.Invoke(fillGridViewDelegate, new object[] { (Packet)packetsDictionary[1], dataGridViewPacketData });
}
}
public PcapStatisticsModeEventArgs(Packets.Packet packet, PcapDevice device)
: base(packet, device)
{
}
public PcapCaptureEventArgs(Packets.Packet packet, PcapDevice device)
{
this.packet = packet;
this.device = device;
}
// icmpv6
public void VerifyPacket0(Packet p)
{
Assert.IsNotNull(p);
Console.WriteLine(p.ToString());
EthernetPacket e = (EthernetPacket)p;
Assert.AreEqual(PhysicalAddress.Parse("00-A0-CC-D9-41-75"), e.SourceHwAddress);
Assert.AreEqual(PhysicalAddress.Parse("33-33-00-00-00-02"), e.DestinationHwAddress);
IPPacket ip = (IPPacket)p;
Assert.AreEqual(System.Net.IPAddress.Parse("fe80::2a0:ccff:fed9:4175"), ip.SourceAddress);
Assert.AreEqual(System.Net.IPAddress.Parse("ff02::2"), ip.DestinationAddress);
Assert.AreEqual(IPPacket.IPVersions.IPv6, ip.IPVersion);
Assert.AreEqual(IPProtocol.IPProtocolType.ICMPV6, ip.IPProtocol);
Assert.AreEqual(16, ip.IPPayloadLength);
Assert.AreEqual(255, ip.HopLimit);
Assert.AreEqual(255, ip.TimeToLive);
Console.WriteLine("Failed: ip.ComputeIPChecksum() not implemented.");
// Assert.AreEqual(0x5d50, ip.ComputeIPChecksum());
Assert.AreEqual(1221145299, ip.Timeval.Seconds);
Assert.AreEqual(453568.000, ip.Timeval.MicroSeconds);
}
public PcapCaptureEventArgs(Packets.Packet packet, PcapDevice device)
{
this.packet = packet;
this.device = device;
}
/// <summary>
/// Gets the next packet captured on this device
/// </summary>
/// <param name="p">A packet reference</param>
/// <returns>A reference to a packet object</returns>
public virtual int GetNextPacket(out Packet p)
{
//Pointer to a packet info struct
IntPtr header = IntPtr.Zero;
//Pointer to a packet struct
IntPtr data = IntPtr.Zero;
int res = 0;
// using an invalid PcapHandle can result in an unmanaged segfault
// so check for that here
if(!Opened)
{
throw new PcapDeviceNotReadyException("Device must be opened via Open() prior to use");
}
//Get a packet from winpcap
res = SafeNativeMethods.pcap_next_ex( PcapHandle, ref header, ref data);
p = null;
if(res>0)
{
//Marshal the packet
if ( (header != IntPtr.Zero) && (data != IntPtr.Zero) )
{
p = MarshalPacket(header, data);
}
}
return res;
}
/// <summary>
/// Sends a raw packet throgh this device
/// </summary>
/// <param name="p">The packet to send</param>
/// <param name="size">The number of bytes to send</param>
public void SendPacket(Packet p, int size)
{
SendPacket(p.Bytes, size);
}
/// <summary>
/// Add a packet to this send queue.
/// </summary>
/// <param name="packet">The packet to add</param>
/// <returns>True if success, else false</returns>
public bool Add(Packet packet)
{
return this.AddInternal(packet.Bytes, packet.PcapHeader);
}
/// <summary>
/// Add a packet to this send queue.
/// </summary>
/// <param name="packet">The packet to add</param>
/// <returns>True if success, else false</returns>
public bool Add( Packet packet )
{
return this.Add( packet.Bytes, packet.PcapHeader.m_pcap_pkthdr );
}
// tcp
public void VerifyPacket1(Packet p)
{
Console.WriteLine(p.ToString());
EthernetPacket e = (EthernetPacket)p;
Assert.AreEqual("00:16:cf:c9:1e:29", e.SourceHwAddress);
Assert.AreEqual("00:14:bf:f2:ef:0a", e.DestinationHwAddress);
IPPacket ip = (IPPacket)p;
Assert.AreEqual(System.Net.IPAddress.Parse("192.168.1.104"), ip.SourceAddress);
Assert.AreEqual(System.Net.IPAddress.Parse("86.42.196.13"), ip.DestinationAddress);
Assert.AreEqual(64, ip.TimeToLive);
Assert.AreEqual(0x2ff4, ip.ComputeIPChecksum());
Assert.AreEqual(1171483600, ip.Timeval.Seconds);
Assert.AreEqual(125234.000, ip.Timeval.MicroSeconds);
TCPPacket tcp = (TCPPacket)(p);
Assert.AreEqual(56925, tcp.SourcePort);
Assert.AreEqual(50199, tcp.DestinationPort);
Assert.IsTrue(tcp.Ack);
Assert.IsTrue(tcp.Psh);
Assert.AreEqual(16666, tcp.WindowSize);
Assert.AreEqual(0x2ff4, tcp.ComputeIPChecksum());
Assert.AreEqual(0x9b02, tcp.ComputeTCPChecksum());
Assert.AreEqual(0x9b02, tcp.Checksum);
Assert.IsTrue(tcp.ValidTCPChecksum);
}
// udp
public void VerifyPacket2(Packet p)
{
Console.WriteLine(p.ToString());
EthernetPacket e = (EthernetPacket)p;
Assert.AreEqual("00:14:bf:f2:ef:0a", e.SourceHwAddress);
Assert.AreEqual("00:16:cf:c9:1e:29", e.DestinationHwAddress);
IPPacket ip = (IPPacket)p;
Assert.AreEqual(System.Net.IPAddress.Parse("172.210.164.56"), ip.SourceAddress);
Assert.AreEqual(System.Net.IPAddress.Parse("192.168.1.104"), ip.DestinationAddress);
Assert.AreEqual(IPPacket.IPVersions.IPv4, ip.IPVersion);
Assert.AreEqual(IPProtocol.IPProtocolType.UDP, ip.IPProtocol);
Assert.AreEqual(112, ip.TimeToLive);
Assert.AreEqual(0xe0a2, ip.ComputeIPChecksum());
Assert.AreEqual(1171483602, ip.Timeval.Seconds);
Assert.AreEqual(578641.000, ip.Timeval.MicroSeconds);
UDPPacket udp = (UDPPacket)(p);
Assert.AreEqual(52886, udp.SourcePort);
Assert.AreEqual(56924, udp.DestinationPort);
Assert.AreEqual(71, udp.UDPLength);
Assert.AreEqual(0xe0a2, udp.ComputeIPChecksum());
Assert.AreEqual(0xc8b8, udp.UDPChecksum);
Assert.AreEqual(0xc8b8, udp.Checksum);
}
// icmp
public void VerifyPacket5(Packet p)
{
Console.WriteLine(p.ToString());
EthernetPacket e = (EthernetPacket)p;
Assert.AreEqual("00:16:cf:c9:1e:29", e.SourceHwAddress);
Assert.AreEqual("00:14:bf:f2:ef:0a", e.DestinationHwAddress);
IPPacket ip = (IPPacket)p;
Assert.AreEqual(System.Net.IPAddress.Parse("192.168.1.104"), ip.SourceAddress);
Assert.AreEqual(System.Net.IPAddress.Parse("85.195.52.22"), ip.DestinationAddress);
}
// arp
public void VerifyPacket4(Packet p)
{
Console.WriteLine(p.ToString());
EthernetPacket e = (EthernetPacket)p;
Assert.AreEqual("00:18:f8:4b:17:a0", e.SourceHwAddress);
Assert.AreEqual("ff:ff:ff:ff:ff:ff", e.DestinationHwAddress);
}
// dns
public void VerifyPacket3(Packet p)
{
Console.WriteLine(p.ToString());
EthernetPacket e = (EthernetPacket)p;
Assert.AreEqual( "00:16:cf:c9:1e:29", e.SourceHwAddress);
Assert.AreEqual("00:14:bf:f2:ef:0a", e.DestinationHwAddress);
IPPacket ip = (IPPacket)p;
Assert.AreEqual(System.Net.IPAddress.Parse("192.168.1.172"), ip.SourceAddress);
Assert.AreEqual(System.Net.IPAddress.Parse("66.189.0.29"), ip.DestinationAddress);
Assert.AreEqual(IPProtocol.IPProtocolType.UDP, ip.IPProtocol);
Assert.AreEqual(0x7988, ip.ComputeIPChecksum());
UDPPacket udp = (UDPPacket)(p);
Assert.AreEqual(3619, udp.SourcePort);
Assert.AreEqual(53, udp.DestinationPort);
Assert.AreEqual(47, udp.UDPLength);
Assert.AreEqual(0x7988, udp.ComputeIPChecksum());
Assert.AreEqual(0xbe2d, udp.UDPChecksum);
Assert.AreEqual(0xbe2d, udp.Checksum);
}
/// <summary>
/// Writes a packet to the pcap dump file associated with this device.
/// </summary>
/// <param name="p">The packet to write</param>
public void Dump(Packet p)
{
Dump(p.Bytes, p.PcapHeader);
}
internal static void UpdateFrameNode(TreeView treeView, Packet frame)
{
TreeNode frameNode = treeView.Nodes["Frame"];
if (frameNode == null)
{
frameNode = AddFrameNode(treeView);
}
frameNode.Text = String.Format("Frame ({0} bytes on wire, {1} bytes captured)", frame.PcapHeader.PacketLength, frame.PcapHeader.CaptureLength);
frameNode.Nodes["ArrivalTime"].Text = String.Format("Arrival Time: {0}", frame.PcapHeader.Date);
frameNode.Nodes["FrameLength"].Text = String.Format("Frame Length: {0} bytes", frame.PcapHeader.PacketLength);
frameNode.Nodes["CaptureLength"].Text = String.Format("Capture Length: {0} bytes", frame.PcapHeader.CaptureLength);
}
/// <summary>
/// Sends a raw packet throgh this device
/// </summary>
/// <param name="p">The packet to send</param>
public void SendPacket(Packet p)
{
SendPacket(p.Bytes);
}
internal static void UpdateTreeView(Packet packet, TreeView treeView)
{
// the packet's network layer data is an IP datagram
UpdateFrameNode(treeView, packet);
if (packet is EthernetPacket)
{
UpdateEthernetNode(treeView, (EthernetPacket)packet);
}
else
{
RemoveNode("Ethernet", treeView);
}
// the packet is an ARP packet
if (packet is ARPPacket)
{
UpdateArpNode(treeView, (ARPPacket)packet);
}
else
{
RemoveNode("ARP", treeView);
}
if (packet is IPPacket && ((IPPacket)packet).IPVersion == IPPacket.IPVersions.IPv4)
{
UpdateIPv4Node(treeView, ((IPPacket)packet).ipv4);
}
else
{
RemoveNode("IPv4", treeView);
}
// the packet is an ICMP packet
if (packet is ICMPPacket)
{
UpdateIcmpNode(treeView, (ICMPPacket)packet);
}
else
{
RemoveNode("ICMP", treeView);
}
// the packet's transport layer data is a TCP segment
if (packet is TCPPacket)
{
UpdateTcpNode(treeView, (TCPPacket)packet);
}
else
{
RemoveNode("TCP", treeView);
}
// the packet's transport layer data is a UDP datagram
if (packet is UDPPacket)
{
UpdateUdpNode(treeView, (UDPPacket)packet);
}
else
{
RemoveNode("UDP", treeView);
}
}
private void SendPacketArrivalEvent(Packet p)
{
//If mode is MODE_CAP:
if(Mode==PcapMode.Capture)
{
if(OnPacketArrival != null )
{
//Invoke the packet arrival event
OnPacketArrival(this, new PcapCaptureEventArgs(p, this));
}
}
//else mode is MODE_STAT
else if(Mode==PcapMode.Statistics)
{
if(OnPcapStatistics != null)
{
//Invoke the pcap statistics event
OnPcapStatistics(this, new PcapStatisticsEventArgs(p, this));
}
}
}
internal PcapStatisticsModePacket(Packets.Packet p)
{
this.m_pktHdr = p.PcapHeader;
this.m_pktData = p.Bytes;
}
