public PacketSlice(PacketSlice srcSlice)
{
Packet = srcSlice.Packet;
Offset = srcSlice.Offset;
Length = srcSlice.Length;
Tag = srcSlice.Tag;
}
private void Initialize(IPPacket packet, int offset, int length, int tag)
{
Packet = packet;
Offset = offset;
Length = length;
Tag = tag;
}
private void Initialize(IPPacket packet, int offset, int length, int tag)
{
Packet = packet;
Offset = offset;
Length = length;
Tag = tag;
}
public PacketSlice(PacketSlice srcSlice)
{
Packet = srcSlice.Packet;
Offset = srcSlice.Offset;
Length = srcSlice.Length;
Tag = srcSlice.Tag;
}
public PacketStream GetNextStreamDirection()
{
if (curDirection == PacketDirection.PACKET_DIRECTION_INCOMING)
{
curDirection = PacketDirection.PACKET_DIRECTION_OUTGOING;
}
else if (curDirection == PacketDirection.PACKET_DIRECTION_OUTGOING)
{
curDirection = PacketDirection.PACKET_DIRECTION_INCOMING;
}
else if (curDirection == PacketDirection.PACKET_DIRECTION_INVALID)
{
IPPacket pktIn = null, pktOut = null;
if (streamIn.Packets.Count > 0)
{
pktIn = streamIn.Packets[0];
if (streamOut.Packets.Count > 0)
{
pktOut = streamOut.Packets[0];
// FIXME: is this check correct for the earliest packet?
if (pktIn.CompareTo(pktOut) < 0)
{
curDirection = PacketDirection.PACKET_DIRECTION_INCOMING;
}
else
{
curDirection = PacketDirection.PACKET_DIRECTION_OUTGOING;
}
}
}
if (curDirection == PacketDirection.PACKET_DIRECTION_INVALID)
{
if (pktIn != null)
{
curDirection = PacketDirection.PACKET_DIRECTION_INCOMING;
}
else
{
curDirection = PacketDirection.PACKET_DIRECTION_OUTGOING;
}
}
}
if (curDirection == PacketDirection.PACKET_DIRECTION_INCOMING)
{
return(streamIn);
}
else
{
return(streamOut);
}
}
public void AddPacket(IPPacket p)
{
if (p.Direction == PacketDirection.PACKET_DIRECTION_INCOMING)
{
streamIn.AppendPacket(p);
}
else
{
streamOut.AppendPacket(p);
}
}
public static IPSession[] ExtractAllFrom(IPPacket[] packets, TCPEvent[] events, IProgressFeedback progress)
{
//
// Find sessions
//
progress.ProgressUpdate("Identifying sessions", 0);
Dictionary<UInt32, IPSession> sessionById = new Dictionary<UInt32, IPSession>();
List<UInt32> sessionIds = new List<UInt32>();
int i = 0;
foreach (IPPacket p in packets)
{
UInt32 id = p.ResourceId;
IPSession session;
if (sessionById.ContainsKey(id))
{
session = sessionById[id];
}
else
{
session = new IPSession();
sessionById[id] = session;
sessionIds.Add(id);
}
session.AddPacket(p);
i++;
progress.ProgressUpdate("Identifying sessions",
(int) ((i / (float) packets.Length) * 100.0f));
}
//
// Add the events to the appropriate sessions
//
// First off, sort them by timestamp
Array.Sort(events);
// Then match them with the sessions
foreach (TCPEvent ev in events)
{
if (sessionById.ContainsKey(ev.ResourceId))
sessionById[ev.ResourceId].AddEvent(ev);
}
//
// Build an ordered list of sessions
//
List<IPSession> result = new List<IPSession>();
foreach (UInt32 id in sessionIds)
result.Add(sessionById[id]);
return result.ToArray();
}
public PacketSlice(IPPacket packet, int offset, int length, int tag)
{
Initialize(packet, offset, length, tag);
}
public PacketSlice(IPPacket packet, int offset, int length)
{
Initialize(packet, offset, length, -1);
}
public void AppendPacket(IPPacket packet)
{
packets.Add(packet);
length += packet.Bytes.Length;
}
public PacketSlice(IPPacket packet, int offset, int length, int tag)
{
Initialize(packet, offset, length, tag);
}
public PacketSlice(IPPacket packet, int offset, int length)
{
Initialize(packet, offset, length, -1);
}
public void AddPacket(IPPacket p)
{
if (p.Direction == PacketDirection.PACKET_DIRECTION_INCOMING)
streamIn.AppendPacket(p);
else
streamOut.AppendPacket(p);
}
public int CompareTo(Object obj)
{
IPPacket otherPacket = obj as IPPacket;
return(index.CompareTo(otherPacket.Index));
}
static void Main(string[] args)
{
PacketStream stream = new PacketStream();
IPEndPoint localEndpoint = new IPEndPoint(IPAddress.Parse("169.254.2.2"), 27516);
IPEndPoint remoteEndpoint = new IPEndPoint(IPAddress.Parse("169.254.2.1"), 1056);
int n = 1;
IPPacket p = new IPPacket(n++, 1, PacketDirection.PACKET_DIRECTION_OUTGOING, localEndpoint, remoteEndpoint,
NewArrayIncremental(6, 10));
stream.AppendPacket(p);
p = new IPPacket(n++, 1, PacketDirection.PACKET_DIRECTION_OUTGOING, localEndpoint, remoteEndpoint,
NewArrayIncremental(3, 35));
stream.AppendPacket(p);
p = new IPPacket(n++, 1, PacketDirection.PACKET_DIRECTION_OUTGOING, localEndpoint, remoteEndpoint,
NewArrayIncremental(1, 60));
stream.AppendPacket(p);
p = new IPPacket(n++, 1, PacketDirection.PACKET_DIRECTION_OUTGOING, localEndpoint, remoteEndpoint,
NewArrayIncremental(1, 200));
stream.AppendPacket(p);
p = new IPPacket(n++, 1, PacketDirection.PACKET_DIRECTION_OUTGOING, localEndpoint, remoteEndpoint,
NewArrayIncremental(3, 210));
stream.AppendPacket(p);
p = new IPPacket(n++, 1, PacketDirection.PACKET_DIRECTION_OUTGOING, localEndpoint, remoteEndpoint,
NewArrayIncremental(1, 70));
stream.AppendPacket(p);
p = new IPPacket(n++, 1, PacketDirection.PACKET_DIRECTION_OUTGOING, localEndpoint, remoteEndpoint,
NewArrayIncremental(1, 80));
stream.AppendPacket(p);
Debug.Assert(stream.Position == 0, "Position != 0");
Debug.Assert(stream.Length == 16, "Length != 16");
byte[] buf = new byte[stream.Length];
Debug.Assert(stream.Read(buf, 0, 16) == 16, "Read() != 16");
byte[] expectedBytes = new byte[] { 10, 11, 12, 13, 14, 15,
35, 36, 37,
60,
200,
210, 211, 212,
70,
80 };
Debug.Assert(CompareByteArrays(buf, expectedBytes), "Content after first read is not as expected");
Debug.Assert(stream.Position == 16, "Position != 16");
Debug.Assert(stream.Read(buf, 0, 10) == 0, "Read at offset 16 doesn't return 0");
stream.Seek(-1, SeekOrigin.Current);
Debug.Assert(stream.Read(buf, 2, 100) == 1, "Read at offset 15 doesn't return 1");
Debug.Assert(buf[2] == 80, "Byte at offset 15 isn't 80");
stream.Seek(-16, SeekOrigin.Current);
Debug.Assert(stream.Position == 0, "Position != 0 after reverse seek");
stream.Position = 9;
Debug.Assert(stream.Read(buf, 1, 1) == 1, "Read at Position=9 didn't yield 1 byte");
Debug.Assert(buf[1] == 60, "buf[1] != 60");
stream.Position = 13;
Debug.Assert(stream.Read(buf, 5, 4) == 3, "Read at Position=13 didn't yield 3 bytes");
Debug.Assert(buf[5] == 212, "buf[5] != 212");
Debug.Assert(buf[6] == 70, "buf[5] != 70");
Debug.Assert(buf[7] == 80, "buf[5] != 80");
System.Console.WriteLine("All tests passed");
System.Console.ReadKey();
}
public void AppendPacket(IPPacket packet)
{
packets.Add(packet);
length += packet.Bytes.Length;
}
private void packetParser_PacketDescriptionReceived(IPPacket[] packets, string description)
{
for (int i = 0; i < packets.Length; i++)
{
DataRow row = dataSet.Tables[0].Select(String.Format("Index = {0}", packets[i].Index))[0];
if (packets.Length == 1)
row["Comment"] = description;
else if (i == 0)
row["Comment"] = String.Format("<{0}", description);
else if (i == packets.Length - 1)
row["Comment"] = String.Format("{0}>", description);
else
row["Comment"] = String.Format("...{0}...", description);
}
}
private void messageTbl_RowChanged(object sender, DataRowChangeEventArgs e)
{
if (e.Action == DataRowAction.Add)
{
e.Row.BeginEdit();
e.Row["Sender"] = String.Format("{0} [pid={1}, tid={2}]",
e.Row["ProcessName"],
e.Row["ProcessId"],
e.Row["ThreadId"]);
int index = (int) e.Row["Index"];
DateTime timestamp = (DateTime) e.Row["Timestamp"];
UInt32 resourceId = (UInt32) e.Row["ResourceId"];
PacketDirection direction = (PacketDirection)((UInt32)e.Row["Direction"]);
byte[] data = (byte[]) e.Row["Data"];
string suffix = (data.Length > 1) ? "s" : "";
IPEndpoint localEndpoint = new IPEndpoint((string) e.Row["LocalAddress"],
(UInt16) e.Row["LocalPort"]);
IPEndpoint remoteEndpoint = new IPEndpoint((string)e.Row["PeerAddress"],
(UInt16)e.Row["PeerPort"]);
if ((MessageType) ((UInt32) e.Row["MsgType"]) == MessageType.MESSAGE_TYPE_MESSAGE)
{
MessageContext context = (MessageContext) ((UInt32) e.Row["MsgContext"]);
string s = "";
switch (context)
{
case MessageContext.MESSAGE_CTX_ACTIVESYNC_DEVICE:
s = "DeviceLabel = ";
break;
case MessageContext.MESSAGE_CTX_ACTIVESYNC_STATUS:
s = "StatusLabel = ";
break;
case MessageContext.MESSAGE_CTX_ACTIVESYNC_SUBSTATUS:
s = "SubStatusLabel = ";
break;
case MessageContext.MESSAGE_CTX_ACTIVESYNC_WZ_STATUS:
s = "WizardStatusLabel = ";
break;
case MessageContext.MESSAGE_CTX_SOCKET_CONNECTING:
case MessageContext.MESSAGE_CTX_SOCKET_CONNECTED:
case MessageContext.MESSAGE_CTX_SOCKET_DISCONNECTED:
case MessageContext.MESSAGE_CTX_SOCKET_RESET:
case MessageContext.MESSAGE_CTX_SOCKET_LISTENING:
SocketEventType evType;
switch (context)
{
case MessageContext.MESSAGE_CTX_SOCKET_CONNECTING:
evType = SocketEventType.CONNECTING;
break;
case MessageContext.MESSAGE_CTX_SOCKET_CONNECTED:
if (direction == PacketDirection.PACKET_DIRECTION_INCOMING)
evType = SocketEventType.CONNECTED_INBOUND;
else
evType = SocketEventType.CONNECTED_OUTBOUND;
break;
case MessageContext.MESSAGE_CTX_SOCKET_DISCONNECTED:
evType = SocketEventType.DISCONNECTED;
break;
case MessageContext.MESSAGE_CTX_SOCKET_RESET:
evType = SocketEventType.RESET;
break;
case MessageContext.MESSAGE_CTX_SOCKET_LISTENING:
evType = SocketEventType.LISTENING;
break;
default:
evType = SocketEventType.UNKNOWN;
break;
}
TCPEvent ev = new TCPEvent(timestamp, resourceId, evType, localEndpoint, remoteEndpoint);
tmpEventList.Add(ev);
break;
}
if (s != "")
e.Row["Description"] = String.Format("{0}\"{1}\"", s, e.Row["Message"]);
else
e.Row["Description"] = e.Row["Message"];
}
else
{
string msgPrefix = "";
if (localEndpoint.Address.Length > 0)
{
msgPrefix = String.Format("{0}: ", localEndpoint);
}
string msgSuffix = "";
if (remoteEndpoint.Address.Length > 0)
{
msgSuffix = String.Format(" {0} {1}",
(direction == PacketDirection.PACKET_DIRECTION_INCOMING) ? "from" : "to",
remoteEndpoint);
}
if (msgPrefix.Length > 0 && msgSuffix.Length > 0)
{
if (direction == PacketDirection.PACKET_DIRECTION_INCOMING)
{
e.Row["Description"] = String.Format("{0}Received {1} byte{2}{3}",
msgPrefix, data.Length, suffix, msgSuffix);
}
else
{
e.Row["Description"] = String.Format("{0}Sent {1} byte{2}{3}",
msgPrefix, data.Length, suffix, msgSuffix);
}
}
else
{
e.Row["Description"] = e.Row["Message"];
}
IPPacket pkt = new IPPacket(index, timestamp, resourceId, direction, localEndpoint, remoteEndpoint, data);
tmpPacketList.Add(pkt);
}
e.Row["BgColor"] = GetColorForASState(e.Row);
e.Row.EndEdit();
}
}
