// The callback function for the managedLibnids library static void handleData(byte[] arr, UInt32 sourceIP, UInt16 sourcePort, UInt32 destinationIP, UInt16 destinationPort, bool urgent) { System.Net.IPAddress srcIp = new System.Net.IPAddress(sourceIP); System.Net.IPAddress dstIp = new System.Net.IPAddress(destinationIP); // Creates a key for the dictionary Connection c = new Connection(srcIp.ToString(), sourcePort, dstIp.ToString(), destinationPort); // create a new entry if the key does not exists if (!nidsDict.ContainsKey(c)) { string fileName = c.getFileName(path); FileStream fStream = new FileStream(fileName, FileMode.Create); nidsDict.Add(c, fStream); } // write the new data to file nidsDict[c].Write(arr, 0, arr.Length); }
// The callback function for the SharpPcap library private static void device_PcapOnPacketArrival(object sender, Packet packet) { if (!(packet is TCPPacket)) return; TCPPacket tcpPacket = (TCPPacket)packet; // Creates a key for the dictionary Connection c = new Connection(tcpPacket); // create a new entry if the key does not exists if (!sharpPcapDict.ContainsKey(c)) { string fileName = c.getFileName(path); TcpRecon tcpRecon = new TcpRecon(fileName); sharpPcapDict.Add(c, tcpRecon); } // Use the TcpRecon class to reconstruct the session sharpPcapDict[c].ReassemblePacket(tcpPacket); }