public void TestFileCreationAndDeletion() { using (var wd = new CaptureFileWriterDevice(filename)) { wd.Open(); Assert.AreEqual(filename, wd.Name); Assert.IsNotEmpty(wd.Description); var bytes = new byte[] { 1, 2, 3, 4 }; wd.Write(bytes); var p = new RawCapture(PacketDotNet.LinkLayers.Ethernet, new PosixTimeval(), bytes); wd.Write(p); } System.IO.File.Delete(@"abc.pcap"); }
public void Start(string captureFileName = null) { _device.OnPacketArrival += DeviceOnPacketArrival; if (!string.IsNullOrEmpty(captureFileName)) { var captureWriter = new CaptureFileWriterDevice(captureFileName); _device.OnPacketArrival += (sender, args) => captureWriter.Write(args.Packet); } if (_mode == Mode.File) { _device.Open(); } else if (_device is NpcapDevice nPCap) { nPCap.Open(OpenFlags.DataTransferUdp | OpenFlags.NoCaptureLocal | OpenFlags.MaxResponsiveness, 1000); } else { _device.Open(DeviceMode.Promiscuous, 1000); } _device.Filter = Filter; _device.StartCapture(); }
public void WritePacket(RawCapture raw, PacketType type) { captureFileWriter.Write(raw); //if (type == PacketType.SIPDialog) //{ // var packet = PacketDotNet.Packet.ParsePacket(raw.LinkLayerType, raw.Data); // var udpPacket = PacketDotNet.UdpPacket.GetEncapsulated(packet); // SIPMessages.Add(udpPacket); //} if (type == PacketType.RTP) { var packet = PacketDotNet.Packet.ParsePacket(raw.LinkLayerType, raw.Data); var udpPacket = PacketDotNet.UdpPacket.GetEncapsulated(packet); // Only write out RTP packets to wav, and not RTPC if (udpPacket.SourcePort != this.CalleeRTCPPort || udpPacket.SourcePort != this.CallerRTCPPort) { if (wavOutput == null) { wavOutput = new WaveFileWriter("Calls\\" + CallID + ".wav", new WaveFormat(8000, 16, 1)); } for (int index = 0; index < udpPacket.PayloadData.Length; index++) { // assuming this is MuLaw, need to handle other formats like g729, g726 etc short pcm = MuLawDecoder.MuLawToLinearSample(udpPacket.PayloadData[index]); wavOutput.WriteByte((byte)(pcm & 0xFF)); wavOutput.WriteByte((byte)(pcm >> 8)); } } } }
private static Action <(KeyValuePair <FlowKey, FlowRecordWithPackets> flow, int)> WriteFlow(string folder) { return((flowIndex) => { var flow = flowIndex.flow; var index = flowIndex.Item2; var path = Path.Combine(folder, index.ToString()) + ".pcap"; var jsonPath = Path.ChangeExtension(path, ".json"); var pcapfile = new CaptureFileWriterDevice(path); foreach (var(packet, time) in flow.Value.PacketList) { pcapfile.Write(new RawCapture(linkLayers, time, packet.Bytes)); } pcapfile.Close(); var process = ExecuteTshark(path, jsonPath); using (var compressedFileStream = File.Create(jsonPath + ".gz")) using (var compressionStream = new GZipStream(compressedFileStream, CompressionMode.Compress)) { process.StandardOutput.BaseStream.CopyTo(compressionStream); } process.WaitForExit(); }); }
public void TestFileCreationAndDeletion() { var wd = new CaptureFileWriterDevice(@"abc.pcap"); wd.Write(new byte[] { 1, 2, 3, 4 }); wd.Close(); System.IO.File.Delete(@"abc.pcap"); }
protected override void OnWritePacket(PacketObject packet) { if (packet.Attribute != PacketAttribute.Data) { return; } pcap_device_.Write(new SharpPcap.RawCapture(LinkLayers.Ethernet, new SharpPcap.PosixTimeval(packet.MakeTime), packet.Data)); }
/// <summary> /// 将缓存队列中的数据包写入cap文件 /// </summary> /// <param name="capFileName"></param> public static void CreatecapFile(string capFileName) { deviceWriteFile = new CaptureFileWriterDevice(capFileName); for (int i = 0; i < queue.Count; i++) { deviceWriteFile.Write(queue[i]); } deviceWriteFile.Close(); }
private void 导出为cap文件ToolStripMenuItem_Click(object sender, EventArgs e) { SaveFileDialog saveFileDialog = new SaveFileDialog(); saveFileDialog.RestoreDirectory = true; if (saveFileDialog.ShowDialog() == DialogResult.OK) { CaptureFileWriterDevice device = new CaptureFileWriterDevice(saveFileDialog.FileName); device.Write(rawCapture); device.Close(); } }
/// <summary> /// Prints the time and length of each received packet /// </summary> private static void device_OnPacketArrival(object sender, CaptureEventArgs e) { //var device = (ICaptureDevice)sender; // write the packet to the file //captureFileWriter.Write(e.Packet); //Console.WriteLine("Packet dumped to file."); if (e.Packet.LinkLayerType == PacketDotNet.LinkLayers.Ethernet) { var packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data); var ethernetPacket = (PacketDotNet.EthernetPacket)packet; if (ethernetPacket.Type == EthernetPacketType.Arp) { ARPPacket arp = (ARPPacket)ethernetPacket.PayloadPacket; //if (arp.Operation == ARPOperation.Request) return; captureFileWriter.Write(e.Packet); if (arp.Operation == ARPOperation.Response) { Console.ForegroundColor = ConsoleColor.Yellow; } else { Console.ForegroundColor = ConsoleColor.White; } Console.WriteLine("{0} At: {1}:{2,3}: MAC:{3} -> MAC:{4} {5} {6,8} {7} {8,15} --> {9} {10,15}", packetIndex, e.Packet.Timeval.Date.ToString(), e.Packet.Timeval.Date.Millisecond, ethernetPacket.SourceHwAddress, ethernetPacket.DestinationHwAddress, ethernetPacket.Type, arp.Operation, arp.SenderHardwareAddress, arp.SenderProtocolAddress, arp.TargetHardwareAddress, arp.TargetProtocolAddress ); CheckZuordnung(arp.SenderHardwareAddress, arp.SenderProtocolAddress); if (arp.Operation == ARPOperation.Response) { CheckZuordnung(arp.TargetHardwareAddress, arp.TargetProtocolAddress); } packetIndex++; } } }
private void _OnPacketArrival(object sender, CaptureEventArgs packet) { lock (_lock) { // _writer can be null if a packet arrives before the 1st iteration if (_writer != null && _writer.Opened) { _writer.Write(packet.Packet); _numPackets += 1; } } }
public void Write(Byte[] packet) { Writer.Write(packet); int Count = list.Count; int index = list.IndexOf(Writer); for (int i = index; i < Count - 1; i++) { list[i] = list[i + 1]; } list[Count - 1] = Writer; }
/// <summary> /// Saves content of each flow to the specified folder. /// </summary> /// <param name="folder"></param> /// <param name="table"></param> private static void SaveFlows(string folder, FlowTable table) { foreach (var(flow, index) in table.Entries.Select((x, i) => (x, i + 1))) { var path = Path.Combine(folder, index.ToString()) + ".pcap"; var pcapfile = new CaptureFileWriterDevice(path); foreach (var(packet, time) in flow.Value.PacketList) { pcapfile.Write(new RawCapture(linkLayers, time, packet.Bytes)); } } }
private static void WritePacketWrappers(string path, List <PacketWrapper> parsedPackets) { var writer = new CaptureFileWriterDevice(path, FileMode.CreateNew); writer.Open(); foreach (var p in parsedPackets.SelectMany(pw => pw.GetWriteableCaptures())) { writer.Write(p); } writer.Close(); }
public void Device_OnPacketArrival(object sender, CaptureEventArgs e) { // dump to a file captureFileWriter.Write(e.Packet); // start extracting properties for the listview DateTime time = e.Packet.Timeval.Date; time_str = (time.Hour + 1) + ":" + time.Minute + ":" + time.Second + ":" + time.Millisecond; length = e.Packet.Data.Length.ToString(); var packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data); // add to the list capturedPackets_list.Add(packetNumber, packet); var ipPacket = (IpPacket)packet.Extract(typeof(IpPacket)); if (ipPacket != null) { System.Net.IPAddress srcIp = ipPacket.SourceAddress; System.Net.IPAddress dstIp = ipPacket.DestinationAddress; protocol_type = ipPacket.Protocol.ToString(); sourceIP = srcIp.ToString(); destinationIP = dstIp.ToString(); var protocolPacket = ipPacket.PayloadPacket; ListViewItem item = new ListViewItem(packetNumber.ToString()); item.SubItems.Add(time_str); item.SubItems.Add(sourceIP); item.SubItems.Add(destinationIP); item.SubItems.Add(protocol_type); item.SubItems.Add(length); Action action = () => listView1.Items.Add(item); listView1.Invoke(action); ++packetNumber; } }
private void button8_Click(object sender, EventArgs e) { //save capture to file in system saveFileDialog1.Title = "save capture file as"; if (saveFileDialog1.ShowDialog() == DialogResult.OK) { captureFileWriter = new CaptureFileWriterDevice(saveFileDialog1.FileName); if (packets.Count > 0) { for (int i = 0; i < packets.Count; i++) { captureFileWriter.Write(packets[i]); } } } }
public void device_OnPacketArrival(object sender, CaptureEventArgs e) { var content = e.Packet.Data; /* if(e.Packet.Timeval.Seconds == (ulong)this.targetSec) * { * if(e.Packet.Timeval.MicroSeconds == ((ulong)this.targetMS % 1000000)) * { * Console.WriteLine("Found PACKET MATCH (uSEC)"); * Console.WriteLine("TARGET TS > " + this.targetMS + " - FOUND > " + e.Packet.ToString()); * } * Console.WriteLine("Found PACKET MATCH (SEC)"); * Console.WriteLine("TARGET TS > " + targetSec + " FOUND > " + e.Packet.ToString()); * }*/ captureFileWriter.Write(e.Packet); }
private void toolStripButton5_Click(object sender, EventArgs e) { SaveFileDialog dia = new SaveFileDialog(); dia.Filter = "数据包文件 (*.pcap)|*.pcap"; if (dia.ShowDialog() == System.Windows.Forms.DialogResult.OK) { CaptureFileWriterDevice fileWriter = new CaptureFileWriterDevice(dia.FileName); foreach (Packet packet in softRoute.packets) { fileWriter.Write(packet.Bytes); } fileWriter.Close(); } }
private void savefileCaptureToobar_Click(object sender, RoutedEventArgs e) { new Thread(() => { System.DateTime startTime = TimeZone.CurrentTimeZone.ToLocalTime(new System.DateTime(1970, 1, 1)); // 当地时区 long timeStamp = (long)(DateTime.Now - startTime).TotalMilliseconds; // 相差毫秒数 string filename = @"E:\CapFile\capfile-" + timeStamp.ToString(); //File.Create(filename); captureFileWriterDevice = new CaptureFileWriterDevice(filename); foreach (var p in packets) { captureFileWriterDevice.Write(p); } packets.Clear(); captureFileWriterDevice.Close(); }).Start(); }
private void ButtonSave_Clicked(object sender, System.Windows.RoutedEventArgs e) { if (!GlobalResources.IsMonitoringEngineOn) { string PcapFile = "dump.pcap"; byte[] _packet = null; CaptureFileWriterDevice packetWriter = new CaptureFileWriterDevice(PcapFile); foreach (Packet packet in PacketSnifferResourcesObject.packets) { _packet = packet.Bytes; packetWriter.Write(_packet); } MessageBox.Show("All the Packets Captured are being saved to dump.pcap", "Dump Successful", MessageBoxButton.OK, MessageBoxImage.Information); } else { MessageBox.Show("Please turn off the Monitoring Engine to save the packets", "Warning", MessageBoxButton.OK, MessageBoxImage.Warning); } }
private static void Device_OnPacketArrival(object sender, CaptureEventArgs e) { Packet rawPacket; try { rawPacket = Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data); } catch { Console.WriteLine("parse packet fail " + e.Packet.LinkLayerType); rawPacket = new UdpPacket(1, 1); return; } //var ethernetPacket = (EthernetPacket)Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data); if (rawPacket.PayloadPacket?.PayloadPacket is TcpPacket) { var ip = (IPPacket)rawPacket.PayloadPacket; var tcp = (TcpPacket)rawPacket.PayloadPacket.PayloadPacket; if (ip.SourceAddress.ToString().StartsWith("204.2.229.") || ip.DestinationAddress.ToString().StartsWith("204.2.229.")) //if (ip.SourceAddress.ToString().StartsWith("192") || ip.DestinationAddress.ToString().StartsWith("192")) { if (tcp.PayloadData.Length < 4) { return; } if (captureFileWriter != null) { captureFileWriter.Write(rawPacket.Bytes); } var s2c = !ip.SourceAddress.ToString().StartsWith("192"); var isLobby = s2c ? tcp.SourcePort == 54994 : tcp.DestinationPort == 54994;; var channel = isLobby ? "Lobby" : "Game"; var p = new PacketWrapper { S2C = s2c, Channel = channel, Bytes = tcp.PayloadData }; PacketProcessor(p); } } }
// Received pakcets will be push into queue. ( This is a callback function.) private void PushPacketToQueue(object sender, CaptureEventArgs e) { Packet packet; try { packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data); if (e.Packet.LinkLayerType != LinkLayers.Ethernet) { return; } // Write the packet to pcap file . FileInfo PcapFile_Total = new FileInfo(AllPcapFileWriter.Name); if (PcapFile_Total.Length < PcapFileMaxSizeOfByte) // 200 MB { AllPcapFileWriter.Write(packet.Bytes); } else { AllPcapFileWriter = new CaptureFileWriterDevice(FileStoragePath.GetPath_TotalPackets() + "\\" + DateTime.Now.ToString("tt hh.mm.ss.pcap")); AllPcapFileWriter.Write(packet.Bytes); } // The Packet is too small , it does not be analyzed . if (packet.Bytes.Length <= 60) { return; } lock (PacketQueueLock) { // push the packet to the queue . PacketQueue.Enqueue(e.Packet); } } catch { return; } }
private void Save_Click(object sender, EventArgs e) { var sfd = new SaveFileDialog { Filter = "Pcap Files (*.pcap)|*.pcap", FilterIndex = 2, RestoreDirectory = true }; if (sfd.ShowDialog() == DialogResult.OK) { var writer = new CaptureFileWriterDevice(sfd.FileName); writer.Open(); foreach (var packet in _reader.RawCapturedPacked) { writer.Write(packet); } writer.Close(); } }
public void GetNextPacket() { RawCapture packet; // Capture packets using GetNextPacket() if ((packet = device.GetNextPacket()) != null) { captureFileWriter.Write(packet); rawCapturesList.Add(packet); CustomerPacket curpacket = AchieiveNewPacket(packet); if (packets == null) { packets = new ObservableCollection <CustomerPacket>(); packets.Add(curpacket); this.ViewBody.ItemsSource = packets; } else { try { //此处可能会有溢出 packets.Add(curpacket); } catch { this.continueGetPacket = false; } finally { } } } if (this.continueGetPacket) { this.ViewBody.Dispatcher.BeginInvoke(DispatcherPriority.SystemIdle, new GetNextPacketDelegate(GetNextPacket)); } }
public void StoreL7Conversation(L7Conversation l7Conversation) { var pcapFilename = $"{l7Conversation.Id}.pcapng"; var pcapPath = Path.Combine(this._configuration.BaseDirectory, pcapFilename); CaptureFileWriterDevice pcapWriterDevice = null; try { pcapWriterDevice = new CaptureFileWriterDevice(pcapPath); var rawCaptures = l7Conversation.ReconstructRawCaptures(); foreach (var rawCapture in rawCaptures) { pcapWriterDevice.Write(rawCapture); } } finally { pcapWriterDevice?.Close(); } }
/// <summary> /// Prints the time and length of each received packet /// </summary> private static void device_OnPacketArrival(object sender, CaptureEventArgs e) { //var device = (ICaptureDevice)sender; // write the packet to the file captureFileWriter.Write(e.Packet); Console.WriteLine("Packet dumped to file."); if (e.Packet.LinkLayerType == PacketDotNet.LinkLayers.Ethernet) { var packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data); var ethernetPacket = (PacketDotNet.EthernetPacket)packet; Console.WriteLine("{0} At: {1}:{2}: MAC:{3} -> MAC:{4}", packetIndex, e.Packet.Timeval.Date.ToString(), e.Packet.Timeval.Date.Millisecond, ethernetPacket.SourceHwAddress, ethernetPacket.DestinationHwAddress); packetIndex++; } }
public void device_OnPacketArrival(object sender, CaptureEventArgs e) { var content = e.Packet.Data; captureFileWriter.Write(e.Packet); }
private void do仅录像_Click(object sender, EventArgs e) { var _网卡 = (ICaptureDevice)this.in网卡.SelectedItem; var __录像目录 = H路径.获取绝对路径("录像\\"); if (!Directory.Exists(__录像目录)) { Directory.CreateDirectory(__录像目录); } var __录像机 = new CaptureFileWriterDevice(Path.Combine(__录像目录, _当前项目.称 + " " + DateTime.Now.ToString("yyyy-MM-dd hh-mm-ss"))); PacketArrivalEventHandler __处理抓包 = (object sender1, CaptureEventArgs e1) => __录像机.Write(e1.Packet); _网卡.OnPacketArrival += __处理抓包; _网卡.Open(); _网卡.Filter = H公共.获取过滤表达式(_当前项目.当前通信设备); _网卡.StartCapture(); XtraMessageBox.Show(string.Format("开始时间: {0}, 按OK键终止录像!", DateTime.Now), "录像中", MessageBoxButtons.OK, MessageBoxIcon.Information); _网卡.OnPacketArrival -= __处理抓包; _网卡.Close(); __录像机.Close(); }
void do分析_Click(object sender, EventArgs e) { var __配置 = new M抓包配置 { 项目 = _当前项目, 录像 = this.in来源_文件.Checked }; _B项目.保存项目映射(_当前项目.称, _当前项目.当前通信设备); H程序配置.设置("当前项目索引", this.in项目.SelectedIndex.ToString()); if (__配置.录像) { var __录像名 = this.in文件.Text.Trim(); if (!File.Exists(__录像名)) { XtraMessageBox.Show("请选择文件!"); return; } var __放映机 = new CaptureFileReaderDevice(__录像名); __配置.网卡 = __放映机; 显示抓包列表窗口(__配置); __放映机.Close(); } else { __配置.网卡 = (ICaptureDevice)this.in网卡.SelectedItem; if (__配置.网卡 == null) { XtraMessageBox.Show("请选择网卡!"); return; } H程序配置.设置("当前网卡索引", this.in网卡.SelectedIndex.ToString()); var __录像目录 = H路径.获取绝对路径("录像\\"); if (!Directory.Exists(__录像目录)) { Directory.CreateDirectory(__录像目录); } var __录像机 = new CaptureFileWriterDevice(Path.Combine(__录像目录, _当前项目.称 + " " + DateTime.Now.ToString("yyyy-MM-dd hh-mm-ss"))); PacketArrivalEventHandler __处理抓包 = (object sender1, CaptureEventArgs e1) => __录像机.Write(e1.Packet); __配置.网卡.OnPacketArrival += __处理抓包; 显示抓包列表窗口(__配置); __配置.网卡.OnPacketArrival -= __处理抓包; __录像机.Close(); } }
public void SniffConnection() { //var packets = new List<RawCapture>(); LibPcapLiveDevice device = null; CaptureFileWriterDevice FileWriter = null; var devices = CaptureDeviceList.Instance; foreach (var dev in devices) { if (((LibPcapLiveDevice)dev).Interface.FriendlyName.Equals("Wi-Fi 3")) // check for the interface to capture from "Wireless Network Connection"))// { device = (LibPcapLiveDevice)dev; break; } } try { //Open the device for capturing device.Open(DeviceMode.Promiscuous); } catch (Exception e) { Console.WriteLine(e.Message); return; } //Register our handler function to the 'packet arrival' event //device.OnPacketArrival += (sender, packets_storage) => PacketArrivalHandler(sender, ref packets); //set filter for device //device.Filter = "(ip src " + ((IPEndPoint)client.Client.LocalEndPoint).Address + " and ip dst " + ((IPEndPoint)client.Client.RemoteEndPoint).Address // + ") or (ip src " + ((IPEndPoint)client.Client.RemoteEndPoint).Address + " and ip dst " + ((IPEndPoint)client.Client.LocalEndPoint).Address + ")"; Console.WriteLine("sniffing..."); int packets_count; try { //device.Capture(); RawCapture raw; while (true) { FileWriter = new CaptureFileWriterDevice(DateTime.Now.ToString("yyyy-dd-M--HH-mm-ss") + ".pcap", System.IO.FileMode.Create); packets_count = 0; while (packets_count < 20) { raw = device.GetNextPacket(); if (raw != null) { var packet = Packet.ParsePacket(raw.LinkLayerType, raw.Data); var tcpPacket = (TcpPacket)packet.Extract(typeof(TcpPacket)); var ipPacket = (IpPacket)packet.Extract(typeof(IpPacket)); if (ipPacket != null && tcpPacket != null) { if (!ipPacket.SourceAddress.Equals(Analyzer.GetCurrentIPAddress())) // if packet wasn't sent by the honeypot itself { FileWriter.Write(raw); packets_count++; Console.WriteLine(packets_count); } } } } if (FileWriter != null) { lock (Analyzer.AnalyzeQueue) { Analyzer.AnalyzeQueue.Enqueue(FileWriter.Name); } FileWriter.Close(); } } } catch (System.AccessViolationException e) { Console.WriteLine(e); } catch (Exception e) { Console.WriteLine(e); } Console.WriteLine("finished sniffing"); //Console.ReadLine(); //System.Diagnostics.Process.GetCurrentProcess().Kill(); }
public void WritePacket(Packet raw, PacketType type) { captureFileWriter.Write(raw.Bytes); }