// The callback function for the managedLibnids library
static void handleData(byte[] arr, UInt32 sourceIP, UInt16 sourcePort, UInt32 destinationIP, UInt16 destinationPort, bool urgent)
{
System.Net.IPAddress srcIp = new System.Net.IPAddress(sourceIP);
System.Net.IPAddress dstIp = new System.Net.IPAddress(destinationIP);
// Creates a key for the dictionary
Connection c = new Connection(srcIp.ToString(), sourcePort, dstIp.ToString(), destinationPort);
// create a new entry if the key does not exists
if (!nidsDict.ContainsKey(c))
{
string fileName = c.getFileName(path);
FileStream fStream = new FileStream(fileName, FileMode.Create);
nidsDict.Add(c, fStream);
}
// write the new data to file
nidsDict[c].Write(arr, 0, arr.Length);
}
// The callback function for the SharpPcap library
private static void device_PcapOnPacketArrival(object sender, Packet packet)
{
if (!(packet is TCPPacket)) return;
TCPPacket tcpPacket = (TCPPacket)packet;
// Creates a key for the dictionary
Connection c = new Connection(tcpPacket);
// create a new entry if the key does not exists
if (!sharpPcapDict.ContainsKey(c))
{
string fileName = c.getFileName(path);
TcpRecon tcpRecon = new TcpRecon(fileName);
sharpPcapDict.Add(c, tcpRecon);
}
// Use the TcpRecon class to reconstruct the session
sharpPcapDict[c].ReassemblePacket(tcpPacket);
}
