protected override void ProcessConversation() { Debug.WriteLine(@"SnooperSMTP.ProcessConversation() called [" + this.CurrentConversation.SourceEndPoint + "->" + this.CurrentConversation.DestinationEndPoint + "]"); // we need a stream to read from var stream = new PDUStreamBasedProvider(this.CurrentConversation, EfcPDUProviderType.Breaked); // now we can create a reader that will be reading from the stream we just created var reader = new PDUStreamReader(stream, Encoding.ASCII); // reader will spawn messages, cycle through them do { this.OnBeforeProtocolParsing(); // parse protocol // this is self parsing message, it just needs a reader to get data from var message = new SMTPMsg(reader); if (!message.Valid) { // parsing went wrong, we have to report it this.SnooperExport.TimeStampFirst = message.Timestamp; this.SnooperExport.AddExportReport( ExportReport.ReportLevel.Warn, this.Name, "parsing of SMTP message failed, frame numbers: " + string.Join(",", message.Frames) + ": " + message.InvalidReason, message.ExportSources); Debug.WriteLine(@"parsing of SMTP message failed, frame numbers: " + string.Join(",", message.Frames) + ": " + message.InvalidReason); // skip processing, go to next message continue; } // parsing done this.OnAfterProtocolParsing(); // start processing this.OnBeforeDataExporting(); // process parsed structure switch (message.Type) { case SMTPMsg.SMTPMsgType.MAIL: var toBytes = Encoding.ASCII.GetBytes(message.MessageContent); var exportedObject = new MIMEemail(this.SnooperExport, toBytes, EMailContentType.Whole); exportedObject.EMailType = EMailType.SMTPOrgEmail; exportedObject.TimeStamp = message.Timestamp; foreach (var exportSource in message.ExportSources) { exportedObject.ExportSources.Add(exportSource); } this.SnooperExport.AddExportObject(exportedObject); break; default: break; } this.OnAfterDataExporting(); } while (reader.NewMessage()); }
protected override void ProcessConversation() { Debug.WriteLine(@"SnooperPOP.ProcessConversation() called [" + this.CurrentConversation.SourceEndPoint + "->" + this.CurrentConversation.DestinationEndPoint + "]"); // we need a stream to read from var stream = new PDUStreamBasedProvider(this.CurrentConversation, EfcPDUProviderType.SingleMessage); // now we can create a reader that will be reading from the stream we just created var reader = new PDUStreamReader(stream, Encoding.ASCII); // reader will spawn messages, cycle through them do { this.OnBeforeProtocolParsing(); // parse protocol // this is self parsing message, it just needs a reader to get data from var message = new POPMsg(reader); if (!message.Valid) { // parsing went wrong, we have to report it this.SnooperExport.TimeStampFirst = message.Timestamp; this.SnooperExport.AddExportReport( ExportReport.ReportLevel.Warn, this.Name, "parsing of POP message failed, frame numbers: " + string.Join(",", message.Frames) + ": " + message.InvalidReason, message.ExportSources); Debug.WriteLine(@"parsing of POP message failed, frame numbers: " + string.Join(",", message.Frames) + ": " + message.InvalidReason); // skip processing, go to next message continue; } // parsing done this.OnAfterProtocolParsing(); // start processing this.OnBeforeDataExporting(); var exportedObject = new SnooperExportedDataObjectPOP(this.SnooperExport); var addObject = true; exportedObject.TimeStamp = message.Timestamp; // process parsed structure switch (message.Type) { case POPMsg.POPMsgType.USER: //Debug.WriteLine(" user: "******"USER"; exportedObject.Value = message.MessageContent; break; case POPMsg.POPMsgType.PASS: //Debug.WriteLine(" password: "******"PASS"; exportedObject.Value = message.MessageContent; break; case POPMsg.POPMsgType.RETR: //Debug.WriteLine(" password: "******" unknown type of FTP message"); addObject = false; break; } //export if (addObject) { //TODO there should be list of guids (frames, other objects) foreach (var exportSource in message.ExportSources) { exportedObject.ExportSources.Add(exportSource); } this.SnooperExport.AddExportObject(exportedObject); } else { this.SnooperExport.DiscardExportObject(exportedObject); } this.OnAfterDataExporting(); //finalize processing of current message, moving to next one // IMPORTANT !!! this has to be called after each message successfully processed // so correct connections between exported data and exported reports can be kept //base.ProcessingDone(); } while (reader.NewMessage()); }