public FTPMsg(PDUStreamReader reader)
{
// fill default values and store things we'll need later
this._reader = reader;
this.Valid = true;
this.InvalidReason = string.Empty;
this.Type = FTPMsgType.OTHER;
this.MessageContent = string.Empty;
this.DataContent = null;
this.ExportSources = new List <IExportSource>();
// do the parsing itself
this.Parse();
}
private void Parse()
{
// transform reader to stream provider to get timestamp and frame numbers values
var _streamProvider = this._reader.PDUStreamBasedProvider;
this.Frames = _streamProvider.ProcessedFrames;
if (_streamProvider.GetCurrentPDU() != null)
{
this.Timestamp = _streamProvider.GetCurrentPDU().FirstSeen;
}
else
{
this.InvalidReason = "could not retrieve PDU";
this.ExportSources.Add(_streamProvider.Conversation);
this.Valid = false;
return;
}
//Console.WriteLine("FTPMsg created, frame numbers: " + string.Join(",", Frames.ToArray()));
if (!_streamProvider.GetCurrentPDU().L7Conversation.ApplicationTags.Any())
{
this.Valid = false;
this.InvalidReason = "no application tag";
this.ExportSources.Add(_streamProvider.GetCurrentPDU());
return;
}
this.ExportSources.Add(_streamProvider.GetCurrentPDU());
switch (_streamProvider.GetCurrentPDU().L7Conversation.ApplicationTags[0])
{
case "ftp":
var _line = this._reader.ReadLine();
var _splittedLine = _line.Split(' ');
if (_splittedLine[0].IndexOf("PORT", StringComparison.OrdinalIgnoreCase) == 0)
{
// PORT message
this.Type = FTPMsgType.PORT;
var _value = _splittedLine[1].Split(',');
var _address = _value[0] + '.' + _value[1] + '.' + _value[2] + '.' + _value[3];
var _port1 = 0;
var _port2 = 0;
int.TryParse(_value[4], out _port1);
int.TryParse(_value[5], out _port2);
var _port = _port1 * 256 + _port2;
int.TryParse(_value[4], out _port1);
//EndPoint _endpoint = new IPEndPoint(_address);
//Console.WriteLine(" PORT: " + _address + ":" + _port);
this.MessageContent = _address + ":" + _port;
}
else if (_splittedLine[0].IndexOf("257", StringComparison.OrdinalIgnoreCase) == 0)
{
var _tmp = _line.Split('"');
this.MessageContent = _tmp[1];
//Console.WriteLine(" PWD: working directory changed: \"" + MessageContent + '"');
this.Type = FTPMsgType.PWD;
}
else if (_splittedLine[0].IndexOf("LIST", StringComparison.OrdinalIgnoreCase) == 0)
{
this.Type = FTPMsgType.LIST;
//Console.WriteLine(" LIST");
}
else if (_splittedLine[0].IndexOf("STOR", StringComparison.OrdinalIgnoreCase) == 0)
{
this.Type = FTPMsgType.STOR;
this.MessageContent = _splittedLine[1];
//Console.WriteLine(" STOR: uploaded file: " + MessageContent);
}
else if (_splittedLine[0].IndexOf("RETR", StringComparison.OrdinalIgnoreCase) == 0)
{
this.Type = FTPMsgType.RETR;
this.MessageContent = _splittedLine[1];
//Console.WriteLine(" RETR: downloaded file: " + MessageContent);
}
else if (_splittedLine[0].IndexOf("DELE", StringComparison.OrdinalIgnoreCase) == 0)
{
this.Type = FTPMsgType.RETR;
this.MessageContent = _splittedLine[1];
//Console.WriteLine(" DELE: deleted file: " + MessageContent);
}
else if (_splittedLine[0].IndexOf("USER", StringComparison.OrdinalIgnoreCase) == 0)
{
this.Type = FTPMsgType.USER;
this.MessageContent = _splittedLine[1];
//Console.WriteLine(" USER: "******"PASS", StringComparison.OrdinalIgnoreCase) == 0)
{
this.Type = FTPMsgType.PASS;
this.MessageContent = _splittedLine[1];
//Console.WriteLine(" PASS: "******"ftp-data":
//Console.WriteLine(" FTP DATA encountered");
this.Type = FTPMsgType.DATA;
// assign
this.DataContent = _streamProvider.GetCurrentPDU().PDUByteArr;
break;
default:
this.Valid = false;
this.InvalidReason = "unknown app tag encountered";
break;
}
}