public void TestFileCreationAndDeletion()
{
using (var wd = new CaptureFileWriterDevice(filename))
{
wd.Open();
Assert.AreEqual(filename, wd.Name);
Assert.IsNotEmpty(wd.Description);
var bytes = new byte[] { 1, 2, 3, 4 };
wd.Write(bytes);
var p = new RawCapture(PacketDotNet.LinkLayers.Ethernet, new PosixTimeval(), bytes);
wd.Write(p);
}
System.IO.File.Delete(@"abc.pcap");
}
public void Start(string captureFileName = null)
{
_device.OnPacketArrival += DeviceOnPacketArrival;
if (!string.IsNullOrEmpty(captureFileName))
{
var captureWriter = new CaptureFileWriterDevice(captureFileName);
_device.OnPacketArrival += (sender, args) => captureWriter.Write(args.Packet);
}
if (_mode == Mode.File)
{
_device.Open();
}
else if (_device is NpcapDevice nPCap)
{
nPCap.Open(OpenFlags.DataTransferUdp | OpenFlags.NoCaptureLocal | OpenFlags.MaxResponsiveness, 1000);
}
else
{
_device.Open(DeviceMode.Promiscuous, 1000);
}
_device.Filter = Filter;
_device.StartCapture();
}
public void WritePacket(RawCapture raw, PacketType type)
{
captureFileWriter.Write(raw);
//if (type == PacketType.SIPDialog)
//{
// var packet = PacketDotNet.Packet.ParsePacket(raw.LinkLayerType, raw.Data);
// var udpPacket = PacketDotNet.UdpPacket.GetEncapsulated(packet);
// SIPMessages.Add(udpPacket);
//}
if (type == PacketType.RTP)
{
var packet = PacketDotNet.Packet.ParsePacket(raw.LinkLayerType, raw.Data);
var udpPacket = PacketDotNet.UdpPacket.GetEncapsulated(packet);
// Only write out RTP packets to wav, and not RTPC
if (udpPacket.SourcePort != this.CalleeRTCPPort || udpPacket.SourcePort != this.CallerRTCPPort)
{
if (wavOutput == null)
{
wavOutput = new WaveFileWriter("Calls\\" + CallID + ".wav", new WaveFormat(8000, 16, 1));
}
for (int index = 0; index < udpPacket.PayloadData.Length; index++)
{
// assuming this is MuLaw, need to handle other formats like g729, g726 etc
short pcm = MuLawDecoder.MuLawToLinearSample(udpPacket.PayloadData[index]);
wavOutput.WriteByte((byte)(pcm & 0xFF));
wavOutput.WriteByte((byte)(pcm >> 8));
}
}
}
}
private static Action <(KeyValuePair <FlowKey, FlowRecordWithPackets> flow, int)> WriteFlow(string folder)
{
return((flowIndex) =>
{
var flow = flowIndex.flow;
var index = flowIndex.Item2;
var path = Path.Combine(folder, index.ToString()) + ".pcap";
var jsonPath = Path.ChangeExtension(path, ".json");
var pcapfile = new CaptureFileWriterDevice(path);
foreach (var(packet, time) in flow.Value.PacketList)
{
pcapfile.Write(new RawCapture(linkLayers, time, packet.Bytes));
}
pcapfile.Close();
var process = ExecuteTshark(path, jsonPath);
using (var compressedFileStream = File.Create(jsonPath + ".gz"))
using (var compressionStream = new GZipStream(compressedFileStream, CompressionMode.Compress))
{
process.StandardOutput.BaseStream.CopyTo(compressionStream);
}
process.WaitForExit();
});
}
public void TestFileCreationAndDeletion()
{
var wd = new CaptureFileWriterDevice(@"abc.pcap");
wd.Write(new byte[] { 1, 2, 3, 4 });
wd.Close();
System.IO.File.Delete(@"abc.pcap");
}
protected override void OnWritePacket(PacketObject packet)
{
if (packet.Attribute != PacketAttribute.Data)
{
return;
}
pcap_device_.Write(new SharpPcap.RawCapture(LinkLayers.Ethernet, new SharpPcap.PosixTimeval(packet.MakeTime), packet.Data));
}
/// <summary>
/// 将缓存队列中的数据包写入cap文件
/// </summary>
/// <param name="capFileName"></param>
public static void CreatecapFile(string capFileName)
{
deviceWriteFile = new CaptureFileWriterDevice(capFileName);
for (int i = 0; i < queue.Count; i++)
{
deviceWriteFile.Write(queue[i]);
}
deviceWriteFile.Close();
}
private void 导出为cap文件ToolStripMenuItem_Click(object sender, EventArgs e)
{
SaveFileDialog saveFileDialog = new SaveFileDialog();
saveFileDialog.RestoreDirectory = true;
if (saveFileDialog.ShowDialog() == DialogResult.OK)
{
CaptureFileWriterDevice device = new CaptureFileWriterDevice(saveFileDialog.FileName);
device.Write(rawCapture);
device.Close();
}
}
/// <summary>
/// Prints the time and length of each received packet
/// </summary>
private static void device_OnPacketArrival(object sender, CaptureEventArgs e)
{
//var device = (ICaptureDevice)sender;
// write the packet to the file
//captureFileWriter.Write(e.Packet);
//Console.WriteLine("Packet dumped to file.");
if (e.Packet.LinkLayerType == PacketDotNet.LinkLayers.Ethernet)
{
var packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
var ethernetPacket = (PacketDotNet.EthernetPacket)packet;
if (ethernetPacket.Type == EthernetPacketType.Arp)
{
ARPPacket arp = (ARPPacket)ethernetPacket.PayloadPacket;
//if (arp.Operation == ARPOperation.Request) return;
captureFileWriter.Write(e.Packet);
if (arp.Operation == ARPOperation.Response)
{
Console.ForegroundColor = ConsoleColor.Yellow;
}
else
{
Console.ForegroundColor = ConsoleColor.White;
}
Console.WriteLine("{0} At: {1}:{2,3}: MAC:{3} -> MAC:{4} {5} {6,8} {7} {8,15} --> {9} {10,15}",
packetIndex,
e.Packet.Timeval.Date.ToString(),
e.Packet.Timeval.Date.Millisecond,
ethernetPacket.SourceHwAddress,
ethernetPacket.DestinationHwAddress,
ethernetPacket.Type,
arp.Operation,
arp.SenderHardwareAddress,
arp.SenderProtocolAddress,
arp.TargetHardwareAddress,
arp.TargetProtocolAddress
);
CheckZuordnung(arp.SenderHardwareAddress, arp.SenderProtocolAddress);
if (arp.Operation == ARPOperation.Response)
{
CheckZuordnung(arp.TargetHardwareAddress, arp.TargetProtocolAddress);
}
packetIndex++;
}
}
}
private void _OnPacketArrival(object sender, CaptureEventArgs packet)
{
lock (_lock)
{
// _writer can be null if a packet arrives before the 1st iteration
if (_writer != null && _writer.Opened)
{
_writer.Write(packet.Packet);
_numPackets += 1;
}
}
}
public void Write(Byte[] packet)
{
Writer.Write(packet);
int Count = list.Count;
int index = list.IndexOf(Writer);
for (int i = index; i < Count - 1; i++)
{
list[i] = list[i + 1];
}
list[Count - 1] = Writer;
}
/// <summary>
/// Saves content of each flow to the specified folder.
/// </summary>
/// <param name="folder"></param>
/// <param name="table"></param>
private static void SaveFlows(string folder, FlowTable table)
{
foreach (var(flow, index) in table.Entries.Select((x, i) => (x, i + 1)))
{
var path = Path.Combine(folder, index.ToString()) + ".pcap";
var pcapfile = new CaptureFileWriterDevice(path);
foreach (var(packet, time) in flow.Value.PacketList)
{
pcapfile.Write(new RawCapture(linkLayers, time, packet.Bytes));
}
}
}
private static void WritePacketWrappers(string path, List <PacketWrapper> parsedPackets)
{
var writer = new CaptureFileWriterDevice(path, FileMode.CreateNew);
writer.Open();
foreach (var p in parsedPackets.SelectMany(pw => pw.GetWriteableCaptures()))
{
writer.Write(p);
}
writer.Close();
}
public void Device_OnPacketArrival(object sender, CaptureEventArgs e)
{
// dump to a file
captureFileWriter.Write(e.Packet);
// start extracting properties for the listview
DateTime time = e.Packet.Timeval.Date;
time_str = (time.Hour + 1) + ":" + time.Minute + ":" + time.Second + ":" + time.Millisecond;
length = e.Packet.Data.Length.ToString();
var packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
// add to the list
capturedPackets_list.Add(packetNumber, packet);
var ipPacket = (IpPacket)packet.Extract(typeof(IpPacket));
if (ipPacket != null)
{
System.Net.IPAddress srcIp = ipPacket.SourceAddress;
System.Net.IPAddress dstIp = ipPacket.DestinationAddress;
protocol_type = ipPacket.Protocol.ToString();
sourceIP = srcIp.ToString();
destinationIP = dstIp.ToString();
var protocolPacket = ipPacket.PayloadPacket;
ListViewItem item = new ListViewItem(packetNumber.ToString());
item.SubItems.Add(time_str);
item.SubItems.Add(sourceIP);
item.SubItems.Add(destinationIP);
item.SubItems.Add(protocol_type);
item.SubItems.Add(length);
Action action = () => listView1.Items.Add(item);
listView1.Invoke(action);
++packetNumber;
}
}
private void button8_Click(object sender, EventArgs e)
{
//save capture to file in system
saveFileDialog1.Title = "save capture file as";
if (saveFileDialog1.ShowDialog() == DialogResult.OK)
{
captureFileWriter = new CaptureFileWriterDevice(saveFileDialog1.FileName);
if (packets.Count > 0)
{
for (int i = 0; i < packets.Count; i++)
{
captureFileWriter.Write(packets[i]);
}
}
}
}
public void device_OnPacketArrival(object sender, CaptureEventArgs e)
{
var content = e.Packet.Data;
/* if(e.Packet.Timeval.Seconds == (ulong)this.targetSec)
* {
* if(e.Packet.Timeval.MicroSeconds == ((ulong)this.targetMS % 1000000))
* {
* Console.WriteLine("Found PACKET MATCH (uSEC)");
* Console.WriteLine("TARGET TS > " + this.targetMS + " - FOUND > " + e.Packet.ToString());
* }
* Console.WriteLine("Found PACKET MATCH (SEC)");
* Console.WriteLine("TARGET TS > " + targetSec + " FOUND > " + e.Packet.ToString());
* }*/
captureFileWriter.Write(e.Packet);
}
private void toolStripButton5_Click(object sender, EventArgs e)
{
SaveFileDialog dia = new SaveFileDialog();
dia.Filter = "数据包文件 (*.pcap)|*.pcap";
if (dia.ShowDialog() == System.Windows.Forms.DialogResult.OK)
{
CaptureFileWriterDevice fileWriter = new CaptureFileWriterDevice(dia.FileName);
foreach (Packet packet in softRoute.packets)
{
fileWriter.Write(packet.Bytes);
}
fileWriter.Close();
}
}
private void savefileCaptureToobar_Click(object sender, RoutedEventArgs e)
{
new Thread(() =>
{
System.DateTime startTime = TimeZone.CurrentTimeZone.ToLocalTime(new System.DateTime(1970, 1, 1)); // 当地时区
long timeStamp = (long)(DateTime.Now - startTime).TotalMilliseconds; // 相差毫秒数
string filename = @"E:\CapFile\capfile-" + timeStamp.ToString();
//File.Create(filename);
captureFileWriterDevice = new CaptureFileWriterDevice(filename);
foreach (var p in packets)
{
captureFileWriterDevice.Write(p);
}
packets.Clear();
captureFileWriterDevice.Close();
}).Start();
}
private void ButtonSave_Clicked(object sender, System.Windows.RoutedEventArgs e)
{
if (!GlobalResources.IsMonitoringEngineOn)
{
string PcapFile = "dump.pcap";
byte[] _packet = null;
CaptureFileWriterDevice packetWriter = new CaptureFileWriterDevice(PcapFile);
foreach (Packet packet in PacketSnifferResourcesObject.packets)
{
_packet = packet.Bytes;
packetWriter.Write(_packet);
}
MessageBox.Show("All the Packets Captured are being saved to dump.pcap", "Dump Successful", MessageBoxButton.OK, MessageBoxImage.Information);
}
else
{
MessageBox.Show("Please turn off the Monitoring Engine to save the packets", "Warning", MessageBoxButton.OK, MessageBoxImage.Warning);
}
}
private static void Device_OnPacketArrival(object sender, CaptureEventArgs e)
{
Packet rawPacket;
try
{
rawPacket = Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
}
catch
{
Console.WriteLine("parse packet fail " + e.Packet.LinkLayerType);
rawPacket = new UdpPacket(1, 1);
return;
}
//var ethernetPacket = (EthernetPacket)Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
if (rawPacket.PayloadPacket?.PayloadPacket is TcpPacket)
{
var ip = (IPPacket)rawPacket.PayloadPacket;
var tcp = (TcpPacket)rawPacket.PayloadPacket.PayloadPacket;
if (ip.SourceAddress.ToString().StartsWith("204.2.229.") || ip.DestinationAddress.ToString().StartsWith("204.2.229."))
//if (ip.SourceAddress.ToString().StartsWith("192") || ip.DestinationAddress.ToString().StartsWith("192"))
{
if (tcp.PayloadData.Length < 4)
{
return;
}
if (captureFileWriter != null)
{
captureFileWriter.Write(rawPacket.Bytes);
}
var s2c = !ip.SourceAddress.ToString().StartsWith("192");
var isLobby = s2c ? tcp.SourcePort == 54994 : tcp.DestinationPort == 54994;;
var channel = isLobby ? "Lobby" : "Game";
var p = new PacketWrapper
{
S2C = s2c,
Channel = channel,
Bytes = tcp.PayloadData
};
PacketProcessor(p);
}
}
}
// Received pakcets will be push into queue. ( This is a callback function.)
private void PushPacketToQueue(object sender, CaptureEventArgs e)
{
Packet packet;
try
{
packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
if (e.Packet.LinkLayerType != LinkLayers.Ethernet)
{
return;
}
// Write the packet to pcap file .
FileInfo PcapFile_Total = new FileInfo(AllPcapFileWriter.Name);
if (PcapFile_Total.Length < PcapFileMaxSizeOfByte) // 200 MB
{
AllPcapFileWriter.Write(packet.Bytes);
}
else
{
AllPcapFileWriter = new CaptureFileWriterDevice(FileStoragePath.GetPath_TotalPackets() + "\\" + DateTime.Now.ToString("tt hh.mm.ss.pcap"));
AllPcapFileWriter.Write(packet.Bytes);
}
// The Packet is too small , it does not be analyzed .
if (packet.Bytes.Length <= 60)
{
return;
}
lock (PacketQueueLock)
{
// push the packet to the queue .
PacketQueue.Enqueue(e.Packet);
}
}
catch
{
return;
}
}
private void Save_Click(object sender, EventArgs e)
{
var sfd = new SaveFileDialog
{
Filter = "Pcap Files (*.pcap)|*.pcap",
FilterIndex = 2,
RestoreDirectory = true
};
if (sfd.ShowDialog() == DialogResult.OK)
{
var writer = new CaptureFileWriterDevice(sfd.FileName);
writer.Open();
foreach (var packet in _reader.RawCapturedPacked)
{
writer.Write(packet);
}
writer.Close();
}
}
public void GetNextPacket()
{
RawCapture packet;
// Capture packets using GetNextPacket()
if ((packet = device.GetNextPacket()) != null)
{
captureFileWriter.Write(packet);
rawCapturesList.Add(packet);
CustomerPacket curpacket = AchieiveNewPacket(packet);
if (packets == null)
{
packets = new ObservableCollection <CustomerPacket>();
packets.Add(curpacket);
this.ViewBody.ItemsSource = packets;
}
else
{
try
{
//此处可能会有溢出
packets.Add(curpacket);
}
catch
{
this.continueGetPacket = false;
}
finally
{
}
}
}
if (this.continueGetPacket)
{
this.ViewBody.Dispatcher.BeginInvoke(DispatcherPriority.SystemIdle, new GetNextPacketDelegate(GetNextPacket));
}
}
public void StoreL7Conversation(L7Conversation l7Conversation)
{
var pcapFilename = $"{l7Conversation.Id}.pcapng";
var pcapPath = Path.Combine(this._configuration.BaseDirectory, pcapFilename);
CaptureFileWriterDevice pcapWriterDevice = null;
try
{
pcapWriterDevice = new CaptureFileWriterDevice(pcapPath);
var rawCaptures = l7Conversation.ReconstructRawCaptures();
foreach (var rawCapture in rawCaptures)
{
pcapWriterDevice.Write(rawCapture);
}
}
finally
{
pcapWriterDevice?.Close();
}
}
/// <summary>
/// Prints the time and length of each received packet
/// </summary>
private static void device_OnPacketArrival(object sender, CaptureEventArgs e)
{
//var device = (ICaptureDevice)sender;
// write the packet to the file
captureFileWriter.Write(e.Packet);
Console.WriteLine("Packet dumped to file.");
if (e.Packet.LinkLayerType == PacketDotNet.LinkLayers.Ethernet)
{
var packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
var ethernetPacket = (PacketDotNet.EthernetPacket)packet;
Console.WriteLine("{0} At: {1}:{2}: MAC:{3} -> MAC:{4}",
packetIndex,
e.Packet.Timeval.Date.ToString(),
e.Packet.Timeval.Date.Millisecond,
ethernetPacket.SourceHwAddress,
ethernetPacket.DestinationHwAddress);
packetIndex++;
}
}
public void device_OnPacketArrival(object sender, CaptureEventArgs e)
{
var content = e.Packet.Data;
captureFileWriter.Write(e.Packet);
}
private void do仅录像_Click(object sender, EventArgs e)
{
var _网卡 = (ICaptureDevice)this.in网卡.SelectedItem;
var __录像目录 = H路径.获取绝对路径("录像\\");
if (!Directory.Exists(__录像目录))
{
Directory.CreateDirectory(__录像目录);
}
var __录像机 = new CaptureFileWriterDevice(Path.Combine(__录像目录, _当前项目.称 + " " + DateTime.Now.ToString("yyyy-MM-dd hh-mm-ss")));
PacketArrivalEventHandler __处理抓包 = (object sender1, CaptureEventArgs e1) => __录像机.Write(e1.Packet);
_网卡.OnPacketArrival += __处理抓包;
_网卡.Open();
_网卡.Filter = H公共.获取过滤表达式(_当前项目.当前通信设备);
_网卡.StartCapture();
XtraMessageBox.Show(string.Format("开始时间: {0}, 按OK键终止录像!", DateTime.Now), "录像中", MessageBoxButtons.OK, MessageBoxIcon.Information);
_网卡.OnPacketArrival -= __处理抓包;
_网卡.Close();
__录像机.Close();
}
void do分析_Click(object sender, EventArgs e)
{
var __配置 = new M抓包配置
{
项目 = _当前项目,
录像 = this.in来源_文件.Checked
};
_B项目.保存项目映射(_当前项目.称, _当前项目.当前通信设备);
H程序配置.设置("当前项目索引", this.in项目.SelectedIndex.ToString());
if (__配置.录像)
{
var __录像名 = this.in文件.Text.Trim();
if (!File.Exists(__录像名))
{
XtraMessageBox.Show("请选择文件!");
return;
}
var __放映机 = new CaptureFileReaderDevice(__录像名);
__配置.网卡 = __放映机;
显示抓包列表窗口(__配置);
__放映机.Close();
}
else
{
__配置.网卡 = (ICaptureDevice)this.in网卡.SelectedItem;
if (__配置.网卡 == null)
{
XtraMessageBox.Show("请选择网卡!");
return;
}
H程序配置.设置("当前网卡索引", this.in网卡.SelectedIndex.ToString());
var __录像目录 = H路径.获取绝对路径("录像\\");
if (!Directory.Exists(__录像目录))
{
Directory.CreateDirectory(__录像目录);
}
var __录像机 = new CaptureFileWriterDevice(Path.Combine(__录像目录, _当前项目.称 + " " + DateTime.Now.ToString("yyyy-MM-dd hh-mm-ss")));
PacketArrivalEventHandler __处理抓包 = (object sender1, CaptureEventArgs e1) => __录像机.Write(e1.Packet);
__配置.网卡.OnPacketArrival += __处理抓包;
显示抓包列表窗口(__配置);
__配置.网卡.OnPacketArrival -= __处理抓包;
__录像机.Close();
}
}
public void SniffConnection()
{
//var packets = new List<RawCapture>();
LibPcapLiveDevice device = null;
CaptureFileWriterDevice FileWriter = null;
var devices = CaptureDeviceList.Instance;
foreach (var dev in devices)
{
if (((LibPcapLiveDevice)dev).Interface.FriendlyName.Equals("Wi-Fi 3")) // check for the interface to capture from "Wireless Network Connection"))//
{
device = (LibPcapLiveDevice)dev;
break;
}
}
try
{
//Open the device for capturing
device.Open(DeviceMode.Promiscuous);
}
catch (Exception e)
{
Console.WriteLine(e.Message);
return;
}
//Register our handler function to the 'packet arrival' event
//device.OnPacketArrival += (sender, packets_storage) => PacketArrivalHandler(sender, ref packets);
//set filter for device
//device.Filter = "(ip src " + ((IPEndPoint)client.Client.LocalEndPoint).Address + " and ip dst " + ((IPEndPoint)client.Client.RemoteEndPoint).Address
// + ") or (ip src " + ((IPEndPoint)client.Client.RemoteEndPoint).Address + " and ip dst " + ((IPEndPoint)client.Client.LocalEndPoint).Address + ")";
Console.WriteLine("sniffing...");
int packets_count;
try
{
//device.Capture();
RawCapture raw;
while (true)
{
FileWriter = new CaptureFileWriterDevice(DateTime.Now.ToString("yyyy-dd-M--HH-mm-ss") + ".pcap", System.IO.FileMode.Create);
packets_count = 0;
while (packets_count < 20)
{
raw = device.GetNextPacket();
if (raw != null)
{
var packet = Packet.ParsePacket(raw.LinkLayerType, raw.Data);
var tcpPacket = (TcpPacket)packet.Extract(typeof(TcpPacket));
var ipPacket = (IpPacket)packet.Extract(typeof(IpPacket));
if (ipPacket != null && tcpPacket != null)
{
if (!ipPacket.SourceAddress.Equals(Analyzer.GetCurrentIPAddress())) // if packet wasn't sent by the honeypot itself
{
FileWriter.Write(raw);
packets_count++;
Console.WriteLine(packets_count);
}
}
}
}
if (FileWriter != null)
{
lock (Analyzer.AnalyzeQueue)
{
Analyzer.AnalyzeQueue.Enqueue(FileWriter.Name);
}
FileWriter.Close();
}
}
}
catch (System.AccessViolationException e)
{
Console.WriteLine(e);
}
catch (Exception e)
{
Console.WriteLine(e);
}
Console.WriteLine("finished sniffing");
//Console.ReadLine();
//System.Diagnostics.Process.GetCurrentProcess().Kill();
}
public void WritePacket(Packet raw, PacketType type)
{
captureFileWriter.Write(raw.Bytes);
}
