private void _Receive(int count = 0) { //using (_communicator = _device.Open(65536, PacketDeviceOpenAttributes.Promiscuous, 1000)) //{ // _ppacketManager = new PPacketManager(); // if (_filter != null) // _communicator.SetFilter(_filter); // _communicator.ReceivePackets(0, ReceivePacketHandle); //} try { _communicator = _device.Open(65536, PacketDeviceOpenAttributes.Promiscuous, 1000); if (_dumpFile != null) _packetDumpFile = _communicator.OpenDump(_dumpFile); _ppacketManager = new PPacketManager(); if (_filter != null) _communicator.SetFilter(_filter); _communicator.ReceivePackets(count, ReceivePacketHandle); } finally { if (_communicator != null) { _communicator.Dispose(); _communicator = null; } if (_packetDumpFile != null) { _packetDumpFile.Dispose(); _packetDumpFile = null; } } }
public void ReceivePackets() { // Retrieve the device list from the local machine IList<LivePacketDevice> allDevices = LivePacketDevice.AllLocalMachine; // Find the NPF device of the TAP interface PacketDevice selectedDevice = null; for (int i = 0; i != allDevices.Count; ++i) { LivePacketDevice device = allDevices[i]; if (device.Name.Contains(Guid)) { selectedDevice = device; break; } } if (selectedDevice == null) { Initialized.Set(); Global.ShowTrayTip("Byte Counter", "Interface " + Name + " not captured by WinPcap.", System.Windows.Forms.ToolTipIcon.Warning); Global.WriteLog("Byte Counter: Interface " + Name + " not captured by WinPcap."); return; } try { using (communicator = selectedDevice.Open(65536, PacketDeviceOpenAttributes.MaximumResponsiveness, 1000)) { Global.WriteLog("Byte Counter: Listening on " + Name + "..."); communicator.SetFilter("((ether dst " + ifHardwareAddressString + " or ether src " + ifHardwareAddressString + ") and ip and (tcp or udp))"); Initialized.Set(); communicator.ReceivePackets(0, (packet) => { if (!threadActive.IsSet) { communicator.Break(); return; } Table.CheckPacket(packet, ifHardwareAddress); }); } } catch (Exception e) { if (threadActive.IsSet) { threadActive.Reset(); Global.WriteLog("Byte Counter: Could not capture traffic from " + Name); if (Global.Config.Gadget.Debug) Global.WriteLog(e.ToString()); Global.ShowTrayTip("Byte Counter", "Could not capture traffic from " + Name, System.Windows.Forms.ToolTipIcon.Warning); } } }
public void ReceivePackets() { // Retrieve the device list from the local machine IList<LivePacketDevice> allDevices = LivePacketDevice.AllLocalMachine; // Find the NPF device of the TAP interface PacketDevice selectedDevice = null; for (int i = 0; i != allDevices.Count; ++i) { LivePacketDevice device = allDevices[i]; if (device.Name.ToUpper().Contains(Guid.ToString().ToUpper())) { selectedDevice = device; break; } } if (selectedDevice == null) { Initialized.Set(); Global.ShowTrayTip("Load Balancer", "Interface " + Name + " not captured by WinPcap.", System.Windows.Forms.ToolTipIcon.Warning); Global.WriteLog("Load Balancer: Interface " + Name + " not captured by WinPcap."); return; } try { using (communicator = selectedDevice.Open(65536, PacketDeviceOpenAttributes.MaximumResponsiveness, 1000)) { Global.WriteLog("Load Balancer: Listening on " + Name + "..."); communicator.SetFilter("(ether dst " + ownHardwareAddressString + " and ((ip and (tcp or udp or icmp)) or arp)) or (ether dst FF:FF:FF:FF:FF:FF and arp)"); Initialized.Set(); communicator.ReceivePackets(0, (packet) => { if (!ThreadActive.IsSet) { communicator.Break(); return; } if (packet.Ethernet.EtherType == EthernetType.Arp) { if (packet.Ethernet.Arp.TargetProtocolAddress.SequenceEqual(ownProtocolAddressByte) && packet.Ethernet.Arp.Operation == ArpOperation.Request) { EthernetLayer ethernetLayer = new EthernetLayer { Source = ownHardwareAddress, Destination = packet.Ethernet.Source, EtherType = EthernetType.None, }; ArpLayer arpLayer = new ArpLayer { ProtocolType = EthernetType.IpV4, Operation = ArpOperation.Reply, SenderHardwareAddress = ownHardwareAddressByte.AsReadOnly(), SenderProtocolAddress = packet.Ethernet.Arp.TargetProtocolAddress, TargetHardwareAddress = packet.Ethernet.Arp.SenderHardwareAddress, TargetProtocolAddress = packet.Ethernet.Arp.SenderProtocolAddress, }; PacketBuilder builder = new PacketBuilder(ethernetLayer, arpLayer); SendPacket(builder.Build(DateTime.Now)); } } else if (packet.Ethernet.EtherType.ToString() == "IpV4") { if (packet.Ethernet.IpV4.Fragmentation.Options == IpV4FragmentationOptions.DoNotFragment || packet.Ethernet.IpV4.Fragmentation.Options == IpV4FragmentationOptions.None && packet.Ethernet.IpV4.Fragmentation.Offset == 0) { IpV4Handler(packet); } else if (packet.Ethernet.IpV4.Fragmentation.Options == IpV4FragmentationOptions.MoreFragments || packet.Ethernet.IpV4.Fragmentation.Options == IpV4FragmentationOptions.None && packet.Ethernet.IpV4.Fragmentation.Offset > 0) { // TODO: fix warning spam if (Global.Config.LoadBalancer.ShowTrayTipsWarnings) Global.ShowTrayTip("Load Balancer", "IP fragmentation detected on " + Name + ".\n\nIP fragmentation is not supported.", ToolTipIcon.Warning); Global.WriteLog("Load Balancer: IP fragmentation detected on " + Name); //fragments = fragBuffer.Add(packet); //if (fragments != null) // for (int i = 0; i < fragments.Count; i++) // { // IpV4Handler(fragments[i], fragments); // } } } }); } } catch (Exception e) { if (ThreadActive.IsSet) { ThreadActive.Reset(); Global.WriteLog("Load Balancer: " + Name + " has disconnected"); if (Global.Config.Gadget.Debug) Global.WriteLog(e.ToString()); Global.ShowTrayTip("Load Balancer", Name + " has disconnected", System.Windows.Forms.ToolTipIcon.Warning); } } }
private static void preparePcap() { var source = new MacAddress(getClientMAC()); var dest = new MacAddress(getRouterMAC()); device = LivePacketDevice.AllLocalMachine[0]; communicator = device.Open(100, PacketDeviceOpenAttributes.Promiscuous, 1000); EthernetLayer ethLayer = new EthernetLayer { Source = source, Destination = dest }; ipLayer = new IpV4Layer { Source = new IpV4Address(LocalIPAddress()), Ttl = 128 }; icmpLayer = new IcmpEchoLayer(); icmpBuilder = new PacketBuilder(ethLayer, ipLayer, icmpLayer); TCPLayer = new TcpLayer(); TCPBuilder = new PacketBuilder(ethLayer, ipLayer, TCPLayer); if (!TCPMode) { communicator.SetFilter("icmp[0] = 0"); } else { //tcp[13] = 18 communicator.SetFilter("tcp[13] = 18 and port " + TCPPort); } }
public void Start() { // Start scanning WoW packets // Retrieve the device list from the local machine IList <LivePacketDevice> allDevices = LivePacketDevice.AllLocalMachine; if (allDevices.Count == 0) { Logger.Warn("No interfaces found! Can't scan WoW packets."); return; } // Take the selected adapter PacketDevice selectedDevice = allDevices.First(); // Open the device _communicator = selectedDevice.Open(65536, PacketDeviceOpenAttributes.Promiscuous, 40); Logger.Debug("Listening on " + selectedDevice.Description + " for WoW packets"); // Compile the filter using (var filter = _communicator.CreateFilter("tcp")) { // Set the filter _communicator.SetFilter(filter); } Task.Run(() => ReceivePackets()); }
public void ResolveDestinationMacFor(ScanningOptions options, CancellationToken ct) { using (PacketCommunicator communicator = options.Device.Open(65535, PacketDeviceOpenAttributes.None, 100)) { Packet request = ArpPacketFactory.CreateRequestFor(options); communicator.SetFilter("arp and src " + options.TargetIP + " and dst " + options.SourceIP); communicator.SendPacket(request); while (true) { if (ct.IsCancellationRequested) { return; } Packet responce; PacketCommunicatorReceiveResult result = communicator.ReceivePacket(out responce); switch (result) { case PacketCommunicatorReceiveResult.Timeout: communicator.SendPacket(request); continue; case PacketCommunicatorReceiveResult.Ok: options.TargetMac = ParseSenderMacFrom(responce); return; } } } }
public void GetPacketTest() { const string SourceMac = "11:22:33:44:55:66"; const string DestinationMac = "77:88:99:AA:BB:CC"; const int NumPackets = 10; Packet expectedPacket = _random.NextEthernetPacket(100, SourceMac, DestinationMac); using (PacketCommunicator communicator = OpenOfflineDevice(NumPackets, expectedPacket)) { communicator.SetFilter("ether src " + SourceMac + " and ether dst " + DestinationMac); PacketCommunicatorReceiveResult result; Packet actualPacket; for (int i = 0; i != NumPackets; ++i) { result = communicator.ReceivePacket(out actualPacket); Assert.AreEqual(PacketCommunicatorReceiveResult.Ok, result); Assert.AreEqual(expectedPacket, actualPacket); MoreAssert.IsInRange(expectedPacket.Timestamp.AddSeconds(-0.05), expectedPacket.Timestamp.AddSeconds(0.05), actualPacket.Timestamp); } result = communicator.ReceivePacket(out actualPacket); Assert.AreEqual(PacketCommunicatorReceiveResult.Eof, result); Assert.IsNull(actualPacket); } }
private static void TestGetSomePackets(int numPacketsToSend, int numPacketsToGet, int numPacketsToBreakLoop, PacketCommunicatorReceiveResult expectedResult, int expectedNumPackets, double expectedMinSeconds, double expectedMaxSeconds) { string testDescription = "NumPacketsToSend=" + numPacketsToSend + ". NumPacketsToGet=" + numPacketsToGet + ". NumPacketsToBreakLoop=" + numPacketsToBreakLoop; const string SourceMac = "11:22:33:44:55:66"; const string DestinationMac = "77:88:99:AA:BB:CC"; Packet expectedPacket = _random.NextEthernetPacket(100, SourceMac, DestinationMac); using (PacketCommunicator communicator = OpenOfflineDevice(numPacketsToSend, expectedPacket)) { communicator.SetFilter("ether src " + SourceMac + " and ether dst " + DestinationMac); if (numPacketsToBreakLoop == 0) { communicator.Break(); } PacketHandler handler = new PacketHandler(expectedPacket, expectedMinSeconds, expectedMaxSeconds, communicator, numPacketsToBreakLoop); int numPacketsGot; PacketCommunicatorReceiveResult result = communicator.ReceiveSomePackets(out numPacketsGot, numPacketsToGet, handler.Handle); Assert.AreEqual(expectedResult, result); Assert.AreEqual(expectedNumPackets, numPacketsGot, "NumPacketsGot. Test: " + testDescription); Assert.AreEqual(expectedNumPackets, handler.NumPacketsHandled, "NumPacketsHandled. Test: " + testDescription); } }
public void StartHijack() { Task.Run(delegate { IList <LivePacketDevice> allDevices = LivePacketDevice.AllLocalMachine; if (allDevices.Count == 0) { MessageBox.Show("未找到网卡。请确认已安装WinPcap。"); return; } foreach (var selectedDevice in allDevices) { Task.Run(delegate { PacketCommunicator communicator = selectedDevice.Open(65536, PacketDeviceOpenAttributes.Promiscuous, 1000); if (communicator.DataLink.Kind != DataLinkKind.Ethernet) { return; } using (BerkeleyPacketFilter filter = communicator.CreateFilter("tcp and dst port 80")) { communicator.SetFilter(filter); } communicator.ReceivePackets(0, PacketHandler); }); } this.BeginInvoke(new EventHandler(delegate { lbMsg.Text = "监听已启动"; })); }); }
/// <summary> /// Captures packets via the selected device /// </summary> void ReadPackets(PacketDevice selectedDevice) { // Open the device using (PacketCommunicator communicator = selectedDevice.Open(65536, // portion of the packet to capture // 65536 guarantees that the whole packet will be captured on all the link layers PacketDeviceOpenAttributes.Promiscuous, // promiscuous mode 1000)) // read timeout { // Check the link layer. We support only Ethernet for simplicity. if (communicator.DataLink.Kind != DataLinkKind.Ethernet) { throw new FormatException("This program works only on Ethernet networks."); } // Compile the filter using (BerkeleyPacketFilter filter = communicator.CreateFilter("ip and (tcp or udp)")) { // Set the filter communicator.SetFilter(filter); } // start the capture try { communicator.ReceivePackets(0, PacketHandler); } catch (Exception ex) { Debug.WriteLine("Communicator: " + ex.Message); return; } } }
public void BadFilterErrorTest() { using (PacketCommunicator communicator = LivePacketDeviceTests.OpenLiveDevice()) { communicator.SetFilter("illegal filter string"); } }
private void CapturePacket() { int deviceIndex = 0; try { deviceIndex = Int32.Parse(comboBoxInterfaces.SelectedValue.ToString()); } catch { } // Take the selected adapter PacketDevice selectedDevice = allDevices[deviceIndex - 1]; // Open the device using (PacketCommunicator communicator = selectedDevice.Open(65536, // portion of the packet to capture // 65536 guarantees that the whole packet will be captured on all the link layers PacketDeviceOpenAttributes.Promiscuous, // promiscuous mode 1000)) // read timeout { labelDescription.Text = "Listening on " + InterFaces.Rows[deviceIndex - 1]["Description"] + "..."; using (BerkeleyPacketFilter filter = communicator.CreateFilter("icmp")) { // Set the filter communicator.SetFilter(filter); } // start the capture communicator.ReceivePackets(0, DevicePingHandler); } }
public void Handler() { var devices = GetDevices(); PacketDevice selectedDevice = devices[4]; using (PacketCommunicator communicator = selectedDevice.Open(65536, PacketDeviceOpenAttributes.Promiscuous, // promiscuous mode 1000)) // read timeout { communicator.SetFilter("tcp port 443"); Console.WriteLine("Listening on " + selectedDevice.Description + "..."); Packet packet; do { PacketCommunicatorReceiveResult result = communicator.ReceivePacket(out packet); switch (result) { case PacketCommunicatorReceiveResult.Timeout: continue; case PacketCommunicatorReceiveResult.Ok: Console.WriteLine(packet.Timestamp.ToString("yyyy-MM-dd hh:mm:ss.fff") + " length:" + packet.Length); break; default: throw new InvalidOperationException("The result " + result + " shoudl never be reached here"); } } while (true); } }
public static string GetRouterMacAddress(string thisMachineLocalIp, string routerLocalIp, PacketDevice captureDevice, int maxTries) { using (PacketCommunicator Communicator = captureDevice.Open(65536, PacketDeviceOpenAttributes.None, 1000)) using (PacketCommunicator inputCommunicator = captureDevice.Open(65536, PacketDeviceOpenAttributes.None, 1000)) { inputCommunicator.SetFilter($"ether proto \\arp and dst host \\{thisMachineLocalIp}"); Communicator.SendPacket(BuildArpPacket(thisMachineLocalIp, routerLocalIp)); for (int trie = 0; trie < maxTries; ++trie) { inputCommunicator.ReceivePacket(out var receivedPacket); if (receivedPacket == null) { continue; } var arpDataGram = receivedPacket.Ethernet.Arp; if (arpDataGram.Operation.HasFlag(ArpOperation.Reply)) { return(string.Join(":", (from z in arpDataGram.SenderHardwareAddress select z.ToString("X2")).ToArray())); } } return(null); } }
public void Run() { if (selectedDevice != null) { using (PacketCommunicator communicator = selectedDevice.Open(65536, PacketDeviceOpenAttributes.Promiscuous, 1000)) { // Check the link layer. We support only Ethernet for simplicity. if (communicator.DataLink.Kind != DataLinkKind.Ethernet) { CLI.PrintQueueLog(Channel.Zero, "이더넷 프로토콜에서만 작동합니다..", ConsoleColor.White); return; } // Compile the filter using (BerkeleyPacketFilter filter = communicator.CreateFilter("ip and tcp and (port 80 or portrange 8000-9000)")) { // Set the filter communicator.SetFilter(filter); } CLI.PrintQueueLog(Channel.Zero, "패킷 읽기 시작!", ConsoleColor.Yellow); CLI.ShowToast("PCAP", "통발 블랙박스", "패킷 파싱을 시작합니다.", ""); // start the capture communicator.ReceivePackets(0, PacketHandler); } } else { CLI.PrintQueueLog(Channel.Zero, "장치가 선택되지 않았습니다.", ConsoleColor.White); } }
/// <summary> /// Setup filter and start capture /// Return when an error occurs or StopCapture is called /// </summary> /// <param name="callback">Callback to handle packets</param> /// <param name="ErrorMsg">When return contains the error description</param> public void StartCapture(HandlePacket callback, out string ErrorMsg) { // Check the link layer. We support only Ethernet if (communicator.DataLink.Kind != DataLinkKind.Ethernet) { ErrorMsg = "This program works only on Ethernet networks."; return; } // Compile the filter using (BerkeleyPacketFilter filter = communicator.CreateFilter(SnifferConfig.Filter.FilterString)) { communicator.SetFilter(filter); } using (PacketDumpFile dumpFile = communicator.OpenDump(DumpFileName)) { try { // start the capture communicator.ReceivePackets(0, delegate(Packet packet) { dumpFile.Dump(packet); callback(packet); }); } catch (Exception ex) { ErrorMsg = ex.Message; } } ErrorMsg = null; }
/// <summary> /// Start an off-line capture /// </summary> /// <param name="file">The dump file name to capture</param> /// <param name="callback">Callback to handle packets</param> /// <param name="IsBadDumpFile">Flag indicates whether the dump file is invalid</param> public static void StartOfflineCapture(string file, HandlePacket callback, ref bool IsBadDumpFile) { PacketCommunicator pc = communicator; try { // Create the off-line device OfflinePacketDevice selectedDevice = new OfflinePacketDevice(file); communicator = selectedDevice.Open(65536, // portion of the packet to capture // 65536 guarantees that the whole packet will be captured on all the link layers PacketDeviceOpenAttributes.Promiscuous, // promiscuous mode 1000); // read timeout // Compile the filter using (BerkeleyPacketFilter filter = communicator.CreateFilter(SnifferConfig.Filter.FilterString)) { communicator.SetFilter(filter); } // Read and dispatch packets until EOF is reached communicator.ReceivePackets(0, callback); } catch (Exception) { IsBadDumpFile = true; } finally { if (pc != null) { communicator = pc; } } }
public void ReceiveSomePacketsGcCollectTest() { const string SourceMac = "11:22:33:44:55:66"; const string DestinationMac = "77:88:99:AA:BB:CC"; const int NumPackets = 2; using (PacketCommunicator communicator = OpenLiveDevice()) { communicator.SetFilter("ether src " + SourceMac + " and ether dst " + DestinationMac); Packet sentPacket = _random.NextEthernetPacket(100, SourceMac, DestinationMac); for (int i = 0; i != NumPackets; ++i) { communicator.SendPacket(sentPacket); } int numGot; PacketCommunicatorReceiveResult result = communicator.ReceiveSomePackets(out numGot, NumPackets, delegate { GC.Collect(); }); Assert.AreEqual(PacketCommunicatorReceiveResult.Ok, result); Assert.AreEqual(NumPackets, numGot); } }
public void SetSamplingMethodOneEveryNTest() { const string SourceMac = "11:22:33:44:55:66"; const string DestinationMac = "77:88:99:AA:BB:CC"; using (PacketCommunicator communicator = OpenLiveDevice()) { communicator.SetFilter("ether src " + SourceMac + " and ether dst " + DestinationMac); communicator.SetSamplingMethod(new SamplingMethodOneEveryCount(5)); for (int i = 0; i != 20; ++i) { Packet expectedPacket = _random.NextEthernetPacket(60 * (i + 1), SourceMac, DestinationMac); communicator.SendPacket(expectedPacket); } Packet packet; PacketCommunicatorReceiveResult result; for (int i = 0; i != 4; ++i) { result = communicator.ReceivePacket(out packet); Assert.AreEqual(PacketCommunicatorReceiveResult.Ok, result); Assert.AreEqual(60 * 5 * (i + 1), packet.Length); } result = communicator.ReceivePacket(out packet); Assert.AreEqual(PacketCommunicatorReceiveResult.Timeout, result); Assert.IsNull(packet); } }
private void PaketYakala(String filtre = "ip") { for (int i = 0; i != allDevices.Count; ++i) { LivePacketDevice device = allDevices[i]; } selectedDevice = allDevices[deviceIndex - 1]; using (PacketCommunicator communicator = selectedDevice.Open(65536, // portion of the packet to capture // 65536 guarantees that the whole packet will be captured on all the link layers PacketDeviceOpenAttributes.Promiscuous, // promiscuous mode 1000)) // read timeout { // Check the link layer. We support only Ethernet for simplicity. if (communicator.DataLink.Kind != DataLinkKind.Ethernet) { Console.WriteLine("This program works only on Ethernet networks."); return; } // Compile the filter using (BerkeleyPacketFilter filter = communicator.CreateFilter(filtre)) { // Set the filter communicator.SetFilter(filter); } label2.Text = selectedDevice.Description; // start the capture communicator.ReceivePackets(0, PacketHandler); } }
static void Main(string[] args) { //var hex = ""; if (args.Length != 1) { Console.WriteLine("usage: " + Environment.GetCommandLineArgs()[0] + " <filename>"); return; } // Create the offline device OfflinePacketDevice selectedDevice = new OfflinePacketDevice(args[0]); // Open the capture file using (PacketCommunicator communicator = selectedDevice.Open(65536, PacketDeviceOpenAttributes.Promiscuous, 1000)) { communicator.SetFilter("tcp"); // start the capture var i = 0; communicator.ReceiveSomePackets(out i, 1000, PacketHandler); Console.WriteLine(i); //communicator.ReceivePackets(0, PacketHandler); } /*string docHeader = "25504446"; * string docFooter = "0D0A2525454F460D0A"; * int pFrom = hex.IndexOf(docHeader) + docHeader.Length; * int pTo = hex.LastIndexOf(docFooter); * String result2 = hex.Substring(pFrom, pTo - pFrom);*/ }
private void CreateListener() { IList <LivePacketDevice> allDevices = LivePacketDevice.AllLocalMachine; if (allDevices.Count == 0) { Debug.WriteLine("No Network Interface Found! Please make sure WinPcap is properly installed."); return; } for (int i = 0; i != allDevices.Count; i++) { LivePacketDevice device = allDevices[i]; if (device.Description != null) { Debug.WriteLine(" (" + device.Description + ")"); } else { Debug.WriteLine(" (Unknown)"); } } using (List <LivePacketDevice> .Enumerator enumerator = allDevices.ToList <LivePacketDevice>().GetEnumerator()) { while (enumerator.MoveNext()) { PacketDevice selectedDevice = enumerator.Current; if (selectedDevice.Attributes == DeviceAttributes.Loopback) { continue; } new Thread(delegate() { try { using (PacketCommunicator communicator = selectedDevice.Open(65536, PacketDeviceOpenAttributes.Promiscuous, 1000)) { if (communicator.DataLink.Kind != DataLinkKind.Ethernet) { Debug.WriteLine("This program works only on Ethernet networks."); } else { using (BerkeleyPacketFilter filter = communicator.CreateFilter("ip and udp")) { communicator.SetFilter(filter); } Console.WriteLine("Capturing on " + selectedDevice.Description + "..."); communicator.ReceivePackets(0, new HandlePacket(photonPacketHandler.PacketHandler)); } } } catch (NotSupportedException ex) { Console.WriteLine($"Error listening on {selectedDevice.Description} because of {ex.Message}. Skipping this device. If it still works you can ignore this"); } }).Start(); } } }
static void Main(string[] args) { // Retrieve the device list from the local machine IList <LivePacketDevice> allDevices = LivePacketDevice.AllLocalMachine; if (allDevices.Count == 0) { Console.WriteLine("No interfaces found! Make sure WinPcap is installed."); return; } // Print the list for (int i = 0; i != allDevices.Count; ++i) { LivePacketDevice device = allDevices[i]; Console.Write((i + 1) + ". " + device.Name); if (device.Description != null) { Console.WriteLine(" (" + device.Description + ")"); } else { Console.WriteLine(" (No description available)"); } } int deviceIndex = 0; do { Console.WriteLine("Enter the interface number (1-" + allDevices.Count + "):"); string deviceIndexString = Console.ReadLine(); if (!int.TryParse(deviceIndexString, out deviceIndex) || deviceIndex < 1 || deviceIndex > allDevices.Count) { deviceIndex = 0; } } while (deviceIndex == 0); // Take the selected adapter PacketDevice selectedOutputDevice = allDevices[deviceIndex - 1]; // Open the output adapter using ( PacketCommunicator communicator = selectedOutputDevice.Open(100, PacketDeviceOpenAttributes.Promiscuous, 1000)) { // Compile and set the filter communicator.SetFilter("tcp"); // Put the interface in statstics mode communicator.Mode = PacketCommunicatorMode.Statistics; Console.WriteLine("TCP traffic summary:"); // Start the main loop communicator.ReceiveStatistics(0, StatisticsHandler); } }
public void SetNullFilterTest() { using (PacketCommunicator communicator = OpenLiveDevice()) { communicator.SetFilter(null as BerkeleyPacketFilter); } Assert.Fail(); }
public void listen() { using (PacketCommunicator communicator = this.device.Open(65536, PacketDeviceOpenAttributes.Promiscuous, 1000)) { communicator.SetFilter(this.filter); communicator.ReceivePackets(0, NAEHandler.PacketHandler); } }
public void ReceivePackets() { // Retrieve the device list from the local machine IList <LivePacketDevice> allDevices = LivePacketDevice.AllLocalMachine; // Find the NPF device of the TAP interface PacketDevice selectedDevice = null; for (int i = 0; i != allDevices.Count; ++i) { LivePacketDevice device = allDevices[i]; if (device.Name.Contains(Guid)) { selectedDevice = device; break; } } if (selectedDevice == null) { Initialized.Set(); Global.ShowTrayTip("Byte Counter", "Interface " + Name + " not captured by WinPcap.", System.Windows.Forms.ToolTipIcon.Warning); Global.WriteLog("Byte Counter: Interface " + Name + " not captured by WinPcap."); return; } try { using (communicator = selectedDevice.Open(65536, PacketDeviceOpenAttributes.MaximumResponsiveness, 1000)) { Global.WriteLog("Byte Counter: Listening on " + Name + "..."); communicator.SetFilter("((ether dst " + ifHardwareAddressString + " or ether src " + ifHardwareAddressString + ") and ip and (tcp or udp))"); Initialized.Set(); communicator.ReceivePackets(0, (packet) => { if (!threadActive.IsSet) { communicator.Break(); return; } Table.CheckPacket(packet, ifHardwareAddress); }); } } catch (Exception e) { if (threadActive.IsSet) { threadActive.Reset(); Global.WriteLog("Byte Counter: Could not capture traffic from " + Name); if (Global.Config.Gadget.Debug) { Global.WriteLog(e.ToString()); } Global.ShowTrayTip("Byte Counter", "Could not capture traffic from " + Name, System.Windows.Forms.ToolTipIcon.Warning); } } }
private void createListener() { IList <LivePacketDevice> allDevices = LivePacketDevice.AllLocalMachine; if (allDevices.Count == 0) { MessageBox.Show("No interfaces found! Make sure WinPcap is installed."); return; } // Print the list for (int i = 0; i != allDevices.Count; ++i) { LivePacketDevice device = allDevices[i]; if (device.Description != null) { Console.WriteLine(" (" + device.Description + ")"); } else { Console.WriteLine(" (No description available)"); } } foreach (PacketDevice selectedDevice in allDevices.ToList()) { // Open the device Thread t = new Thread(() => { using (PacketCommunicator communicator = selectedDevice.Open(65536, // portion of the packet to capture // 65536 guarantees that the whole packet will be captured on all the link layers PacketDeviceOpenAttributes.Promiscuous, // promiscuous mode 1000)) // read timeout { // Check the link layer. We support only Ethernet for simplicity. if (communicator.DataLink.Kind != DataLinkKind.Ethernet) { Console.WriteLine("This program works only on Ethernet networks."); return; } // Compile the filter using (BerkeleyPacketFilter filter = communicator.CreateFilter("ip and udp")) { // Set the filter communicator.SetFilter(filter); } Console.WriteLine("Listening on " + selectedDevice.Description + "..."); // start the capture communicator.ReceivePackets(0, photonPacketHandler.PacketHandler); } }); t.Start(); } }
static void Main(string[] args) { // Lista urządzeń IList <LivePacketDevice> allDevices = LivePacketDevice.AllLocalMachine; if (allDevices.Count == 0) { Console.WriteLine("No interfaces found! Make sure WinPcap is installed."); return; } // Wypisuje urządzenia for (int i = 0; i != allDevices.Count; ++i) { LivePacketDevice device = allDevices[i]; Console.WriteLine((i + 1) + ". " + device.Description); if (device.Description == null) { Console.Write((i + 1) + ". " + device.Name); Console.WriteLine(" (No description available)"); } } int deviceIndex = 0; //wprowadzanie numeru urzadzenia do { Console.WriteLine("Enter the interface number (1-" + allDevices.Count + "):"); string deviceIndexString = Console.ReadLine(); if (!int.TryParse(deviceIndexString, out deviceIndex) || deviceIndex < 1 || deviceIndex > allDevices.Count) { deviceIndex = 0; } } while (deviceIndex == 0); PacketDevice selectedDevice = allDevices[deviceIndex - 1]; // Ustawiamy komunikator do przechwytywania z urządzenia using (PacketCommunicator communicator = selectedDevice.Open(65536, // portion of the packet to capture // 65536 guarantees that the whole packet will be captured on all the link layers PacketDeviceOpenAttributes.Promiscuous, // promiscuous mode 1000)) // read timeout { // Filter Console.WriteLine("If you want, you can specify filter now"); using (BerkeleyPacketFilter filter = communicator.CreateFilter(Console.ReadLine())) { communicator.SetFilter(filter); } Console.WriteLine("Listening on " + selectedDevice.Description + "..."); // przechwytywanie communicator.ReceivePackets(0, PacketHandler); } }
private void worker_DoWork(object sender, DoWorkEventArgs e) { IPDict = new Dictionary <IpV4Address, int>(); using (PacketCommunicator communicator = selectedDevice.Open(1024, PacketDeviceOpenAttributes.Promiscuous, 200)) { Packet packet; using (BerkeleyPacketFilter filter = communicator.CreateFilter("ip and udp")) { communicator.SetFilter(filter); } for (int i = 0; i < 10; i++) { if (packetCaptureWorker.CancellationPending) { e.Cancel = true; return; } PacketCommunicatorReceiveResult result = communicator.ReceivePacket(out packet); switch (result) { case PacketCommunicatorReceiveResult.Timeout: continue; case PacketCommunicatorReceiveResult.Ok: IpV4Datagram ip = packet.Ethernet.IpV4; if (ip.Source.ToString() == localIP.ToString()) { if (IPDict.ContainsKey(ip.Destination)) { IPDict[ip.Destination]++; } else { IPDict.Add(ip.Destination, 1); } } else if (ip.Destination.ToString() == localIP.ToString()) { if (IPDict.ContainsKey(ip.Source)) { IPDict[ip.Source]++; } else { IPDict.Add(ip.Source, 1); } } break; default: throw new InvalidOperationException(); } } } }
public void StartCapture() { var dev = LivePacketDevice.AllLocalMachine.FirstOrDefault(d => d.Name.Equals(Device.Name)); if (dev == null) { return; } var token = Cancellation.Token; this.CaptureTask = new Task((state) => { DumpOptions option = (DumpOptions)state; // Open device using (PacketCommunicator communicator = dev.Open( 65535, PacketDeviceOpenAttributes.Promiscuous, 250 )) { if (option.Filter != null) { communicator.SetFilter(option.Filter); } using (PacketDumpFile dumpFile = communicator.OpenDump(option.Path)) { int count = 0; Stopwatch stopwatch = new Stopwatch(); stopwatch.Start(); while (count < option.Count && stopwatch.ElapsedMilliseconds < option.Durance.TotalMilliseconds) { token.ThrowIfCancellationRequested(); Packet packet; var result = communicator.ReceivePacket(out packet); if (result == PacketCommunicatorReceiveResult.Ok) { dumpFile.Dump(packet); count++; if (option.Callback != null) { option.Callback(null, new PacketArrivalEventArgs(packet)); } } } } } }, Options, token, TaskCreationOptions.LongRunning); CaptureTask.Start(); }
private void buttonAgKesfi_Click(object sender, EventArgs e) // Ağda bulunan ciahzların mac adresleri bu fonksiyon yardımıyla arp paketleri gönderilerek elde edilir. { byte altdeger = Convert.ToByte(textBox2.Text); //Ağ keşfi için kullanılacak sınır ipler belirlendi. byte ustdeger = Convert.ToByte(textBox3.Text); //Ağ keşfi için kullanılacak sınır ipler belirlendi. IList <LivePacketDevice> allDevices = LivePacketDevice.AllLocalMachine; PacketDevice selectedDevice = allDevices[2]; //Cihaz seçimi. Manuel olarak atanmıştır. using (PacketCommunicator communicator = selectedDevice.Open(100, PacketDeviceOpenAttributes.Promiscuous, 1000)) { //****************************** Ağ keşfi ****************************** for (byte i = altdeger; i < ustdeger; i++) // Ağdaki istenilen ip aralığına arp paketleri gönderiir. Örn: "192.168.1.i" { EthernetLayer ethernetLayer = new EthernetLayer //Ethernet Katmanı { Source = new MacAddress(MacAdresim()), //Kaynak mac adresi. Fonksiyondan çekildi. Destination = new MacAddress("ff:ff:ff:ff:ff:ff"), //Hedef mac adresi. Broadcast yayın yapıldı. EtherType = EthernetType.None, }; ArpLayer arpLayer = new ArpLayer //Arp Katmanı { ProtocolType = EthernetType.IpV4, Operation = ArpOperation.Request, SenderHardwareAddress = new byte[] { 0x28, 0xd2, 0x44, 0x49, 0x7e, 0x2b }.AsReadOnly(), // Kaynak ac adresi. SenderProtocolAddress = new byte[] { Convert.ToByte(IpParcala(0)), Convert.ToByte(IpParcala(1)), Convert.ToByte(IpParcala(2)), Convert.ToByte(IpParcala(3)) }.AsReadOnly(), // Kaynak Ip adresi IpParcala fonksiyonundan bloklar halinde çekildi. TargetHardwareAddress = new byte[] { 0, 0, 0, 0, 0, 0 }.AsReadOnly(), // Hedef Mac Adresi. Öğrenilmek istenen parametre. Request paketlerinde 00:00:00:00:00:00 TargetProtocolAddress = new byte[] { Convert.ToByte(IpParcala(0)), Convert.ToByte(IpParcala(1)), Convert.ToByte(IpParcala(2)), i }.AsReadOnly(), // Hedef Ip adresi IpParcala fonksiyonundan bulunulan ağın ilk 3 bloğu alındı. Son blok i değeri ile döngüye sokuldu. }; PacketBuilder builder = new PacketBuilder(ethernetLayer, arpLayer); Packet arppacket = builder.Build(DateTime.Now); // Katmanlar paketlendi. communicator.SendPacket(arppacket); // Arp paketi yayınlandı. //****************************** ARP Paket dinleme ****************************** using (BerkeleyPacketFilter filter = communicator.CreateFilter("arp")) // Filtre uygulandı. { communicator.SetFilter(filter); } Packet packet; PacketCommunicatorReceiveResult result = communicator.ReceivePacket(out packet); switch (result) { case PacketCommunicatorReceiveResult.Ok: if (!listBox1.Items.Contains(packet.Ethernet.Source + "\t\t\t@" + packet.Ethernet.Arp.SenderProtocolIpV4Address.ToString())) // Listbox'da oluşabilecek veri tekrarı önlendi. { listBox1.Items.Add(packet.Ethernet.Source + "\t\t\t@" + packet.Ethernet.Arp.SenderProtocolIpV4Address.ToString()); // Gelen Arp Paketlerinin Ethernet Katmanındna Source MAC Addres verisi çekildi. } break; } } } }
//Captures packets while issuing concurrent calls to update the GUI /// <summary> /// Capture packets and stores their information /// </summary> private void CapturePackets() { // Take the selected adapter PacketDevice selectedDevice = allDevices[this.deviceIndex]; int prevInd = 0; // Open the device using (PacketCommunicator communicator = selectedDevice.Open(65536, // portion of the packet to capture // 65536 guarantees that the whole packet will be captured on all the link layers PacketDeviceOpenAttributes.Promiscuous, // promiscuous mode 1000)) // read timeout { communicator.SetFilter(filter); while (captFlag) { PacketCommunicatorReceiveResult result = communicator.ReceivePacket(out Packet packet); byte[] packetInfo; switch (result) { case PacketCommunicatorReceiveResult.Timeout: // Timeout elapsed break; case PacketCommunicatorReceiveResult.Ok: IpV4Datagram ipv4 = packet.Ethernet.IpV4; IpV4Protocol i = ipv4.Protocol; CougarPacket cp = new CougarPacket(packet.Timestamp.ToString("hh:mm:ss.fff"), ++packetNumber, packet.Length, ipv4.Source.ToString(), ipv4.Destination.ToString()); packetInfo = Encoding.ASCII.GetBytes(cp.ToString() + "\n"); packetBytes.Add(packetInfo); this.Invoke((MethodInvoker)(() => { packetView.Items.Add(new ListViewItem(cp.toPropertyArray())); ++prevInd; if (chkAutoScroll.Checked && prevInd > 12) { packetView.Items[packetView.Items.Count - 1].EnsureVisible(); prevInd = 0; } })); break; default: throw new InvalidOperationException("The result " + result + " should never be reached here"); } } } }
private void backgroundWorker1_DoWork(object sender, DoWorkEventArgs e) { using (PacketCommunicator communicator = selectedAdapter.Open(65536, PacketDeviceOpenAttributes.Promiscuous, 1000)) { // Check the link layer. if (communicator.DataLink.Kind != DataLinkKind.Ethernet) { MessageBox.Show("This program works only on Ethernet networks!"); return; } //Deallocation is necessary if (_tcp.Checked && (!_udp.Checked))//just tcp { using (BerkeleyPacketFilter filter = communicator.CreateFilter("tcp")) { // Set the filter communicator.SetFilter(filter); } } else if (_udp.Checked && !(_tcp.Checked))//just udp { using (BerkeleyPacketFilter filter = communicator.CreateFilter("udp")) { // Set the filter communicator.SetFilter(filter); } } else if (_tcp.Checked && (_udp.Checked))//tcp and udp { using (BerkeleyPacketFilter filter = communicator.CreateFilter("ip and udp")) { // Set the filter communicator.SetFilter(filter); } } // Begin the capture communicator.ReceivePackets(0, PacketHandler); } }
public static void Test_NetworkStatistics_01() { // from project GatheringStatisticsOnTheNetworkTraffic _tr.WriteLine("Test_NetworkStatistics_01"); PacketDevice device = SelectDevice(); if (device == null) return; __communicator = null; //_rs.OnAbortExecution += new OnAbortEvent(OnAbortExecution); _rs.OnAbortExecution = OnAbortExecution; try { // Open the device : device.Open() // snapshotLength = 100 ??? // attributes = PacketDeviceOpenAttributes.Promiscuous, promiscuous mode // readTimeout = 1000 using (__communicator = device.Open(100, PacketDeviceOpenAttributes.Promiscuous, 1000)) { _tr.WriteLine("Listening on " + device.Description + "..."); // Compile and set the filter __communicator.SetFilter("tcp"); // Put the interface in statstics mode __communicator.Mode = PacketCommunicatorMode.Statistics; _tr.WriteLine("TCP traffic summary:"); // Start the main loop __communicator.ReceiveStatistics(0, StatisticsHandler); } } catch (Exception ex) { _tr.WriteLine(ex.Message); } finally { //_rs.OnAbortExecution -= new OnAbortEvent(OnAbortExecution); } }
void tsbStart_Click(object sender, EventArgs e) { stop = false; tsbStart.Enabled = tscbNet.Enabled = false; tsbPause.Enabled = tsbStop.Enabled = true; this.Text = "Ostara - Logging"; if (paused) { paused = false; return; } if (Settings.I.ClearOnStart) flvPackets.ClearObjects(); packets = new Queue<PacketClass>(); clientCrypt = new Dictionary<ushort, Cryption.Client>(); serverCrypt = new Dictionary<ushort, Cryption.Server>(); int ni = tscbNet.SelectedIndex; device = LivePacketDevice.AllLocalMachine[ni]; comm = device.Open(65536, PacketDeviceOpenAttributes.None, 500); comm.SetFilter(Ports.I.Filter); foreach (var a in device.Addresses) { if (a.Address.Family == SocketAddressFamily.Internet) { address = ((IpV4SocketAddress)a.Address).Address.ToValue(); break; } } Task.Run(() => { GetPackets(); }); }
private static void TestFilter(PacketCommunicator communicator, BerkeleyPacketFilter filter, Packet expectedPacket, Packet unexpectedPacket) { communicator.SetFilter(filter); for (int i = 0; i != 5; ++i) { communicator.SendPacket(expectedPacket); communicator.SendPacket(unexpectedPacket); } Packet packet; PacketCommunicatorReceiveResult result; for (int i = 0; i != 5; ++i) { result = communicator.ReceivePacket(out packet); Assert.AreEqual(PacketCommunicatorReceiveResult.Ok, result); Assert.AreEqual(expectedPacket, packet); } result = communicator.ReceivePacket(out packet); Assert.AreEqual(PacketCommunicatorReceiveResult.Timeout, result); Assert.IsNull(packet); }
//public Packet CreateDhcpPacket(int optionsSize, byte[] options, bool firstPacket, byte[] clientIp = null) //{ // EthernetLayer ethernetLayer = new EthernetLayer // { // Source = ifHardwareAddress, // Destination = new MacAddress("FF:FF:FF:FF:FF:FF"), // EtherType = EthernetType.None, // }; // IpV4Layer ipV4Layer = new IpV4Layer // { // Source = new IpV4Address("0.0.0.0"), // CurrentDestination = new IpV4Address("255.255.255.255"), // Fragmentation = IpV4Fragmentation.None, // HeaderChecksum = null, // Will be filled automatically. // Identification = ipID, // Options = IpV4Options.None, // Protocol = null, // Ttl = 128, // TypeOfService = 0, // }; // UdpLayer udpLayer = new UdpLayer // { // SourcePort = 68, // DestinationPort = 67, // Checksum = null, // Will be filled automatically. // CalculateChecksumValue = true, // }; // Dhcp dhcpLayer = new Dhcp(optionsSize); // if (firstPacket) // dhcpId = dhcpLayer.Id; // else // dhcpLayer.Id = dhcpId; // if (clientIp != null) // dhcpLayer.ClientIp = clientIp; // dhcpLayer.ClientHardwareAddress = ifHardwareAddressByte; // dhcpLayer.Options = options; // PayloadLayer payloadLayer = new PayloadLayer // { // Data = new Datagram(dhcpLayer.toByteArray()), // }; // PacketBuilder builder = new PacketBuilder(ethernetLayer, ipV4Layer, udpLayer, payloadLayer); // return builder.Build(DateTime.Now); //} //public void SendArp() //{ // EthernetLayer ethernetLayer = new EthernetLayer // { // Source = ifHardwareAddress, // Destination = new MacAddress("FF:FF:FF:FF:FF:FF"), // EtherType = EthernetType.None, // }; // ArpLayer arpLayer = new ArpLayer // { // ProtocolType = EthernetType.IpV4, // Operation = ArpOperation.Request, // SenderHardwareAddress = ifHardwareAddressByte.AsReadOnly(), // SenderProtocolAddress = ownProtocolAddressByte.AsReadOnly(), // TargetHardwareAddress = new byte[] { 0, 0, 0, 0, 0, 0 }.AsReadOnly(), // TargetProtocolAddress = gatewayProtocolAddressByte.AsReadOnly(), // }; // PacketBuilder builder = new PacketBuilder(ethernetLayer, arpLayer); // SendPacket(builder.Build(DateTime.Now)); //} //public void ReceiveIpAddress() //{ // int retries = 0; // int timewait = 0; // dhcpState = 0; // arpState = 0; // byte[] options; // while (true) // { // if (dhcpState == 1 && retries > 1 || // dhcpState == 3 && retries > 1) // { // dhcpState = 6; // offeredIp = BitConverter.GetBytes(ifProtocolAddress.ToValue() & ifProtocolMask.ToValue() + 1).Reverse().ToArray(); // } // if (dhcpState == 0 || dhcpState == 1 && timewait > 10) // { // options = new byte[] // { // 53, 1, 1, // 61, 7, 1, 0x0A, 0x03, 0x03, 0x03, 0x03, (byte)dhcpClientId, // 12, 4, 78, 77, 76, 66, // 60, 8, 0x4d, 0x53, 0x46, 0x54, 0x20, 0x35, 0x2e, 0x30, // 255, // 0, 0, 0, // }; // SendPacket(CreateDhcpPacket(32, options, true)); // if (dhcpState == 0) // retries = 0; // else // retries++; // timewait = 0; // dhcpState = 1; // } // else if (dhcpState == 2 || dhcpState == 3 && timewait > 10) // { // options = new byte[] // { // 53, 1, 3, // 61, 7, 1, 0x0A, 0x03, 0x03, 0x03, 0x03, (byte)dhcpClientId, // 12, 4, 78, 77, 76, 66, // 50, 4, offeredIp[0], offeredIp[1], offeredIp[2], offeredIp[3], // 54, 4, dhcpServer[0], dhcpServer[1], dhcpServer[2], dhcpServer[3], // 60, 8, 0x4d, 0x53, 0x46, 0x54, 0x20, 0x35, 0x2e, 0x30, // 255, // 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // }; // SendPacket(CreateDhcpPacket(60, options, false)); // if (dhcpState == 2) // retries = 0; // else // retries++; // timewait = 0; // dhcpState = 3; // } // else if (dhcpState == 4 && arpState == 1 && retries > 1) // { // if ((BitConverter.ToUInt32(offeredIp.Reverse().ToArray(), 0) + 1 & ifProtocolMask.ToValue()) != // (ifProtocolAddress.ToValue() & ifProtocolMask.ToValue())) // { // Global.WriteLog("DHCP: IP " + offeredIp.SequenceToString(".") + " is in a different network!"); // offeredIp = BitConverter.GetBytes(ifProtocolAddress.ToValue() & ifProtocolMask.ToValue() + 1).Reverse().ToArray(); // dhcpState = 6; // arpState = 0; // continue; // } // dhcpState = 5; // arpState = 0; // Global.WriteLog("DHCP: IP " + offeredIp.SequenceToString(".") + " OK!"); // dhcpClientId++; // ownProtocolAddressByte = offeredIp; // ownProtocolAddressString = ownProtocolAddressByte.SequenceToString("."); // ownProtocolAddress = new IpV4Address(ownProtocolAddressString); // SendArp(); // break; // } // else if (dhcpState == 4 && arpState == 0 || dhcpState == 4 && arpState == 1 && timewait > 10) // { // EthernetLayer ethernetLayer = new EthernetLayer // { // Source = ifHardwareAddress, // Destination = new MacAddress("FF:FF:FF:FF:FF:FF"), // EtherType = EthernetType.None, // }; // ArpLayer arpLayer = new ArpLayer // { // ProtocolType = EthernetType.IpV4, // Operation = ArpOperation.Request, // SenderHardwareAddress = ifHardwareAddressByte.AsReadOnly(), // SenderProtocolAddress = new byte[] { 0, 0, 0, 0 }.AsReadOnly(), // TargetHardwareAddress = new byte[] { 0, 0, 0, 0, 0, 0 }.AsReadOnly(), // TargetProtocolAddress = offeredIp.AsReadOnly(), // }; // PacketBuilder builder = new PacketBuilder(ethernetLayer, arpLayer); // SendPacket(builder.Build(DateTime.Now)); // if (arpState == 0) // retries = 0; // else // retries++; // timewait = 0; // arpState = 1; // } // else if (dhcpState == 4 && arpState == 2) // { // Global.WriteLog("DHCP: IP " + offeredIp.SequenceToString(".") + " is already used!"); // options = new byte[] // { // 53, 1, 4, // 61, 7, 1, 0x0A, 0x03, 0x03, 0x03, 0x03, (byte)dhcpClientId, // 50, 4, offeredIp[0], offeredIp[1], offeredIp[2], offeredIp[3], // 54, 4, dhcpServer[0], dhcpServer[1], dhcpServer[2], dhcpServer[3], // 255, // //0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 // }; // SendPacket(CreateDhcpPacket(25, options, false, offeredIp)); // arpState = 0; // dhcpState = 0; // } // else if (dhcpState == 6 && arpState == 1 && retries > 1) // { // dhcpState = 5; // arpState = 0; // Global.WriteLog("IPAlloc: IP " + offeredIp.SequenceToString(".") + " OK!"); // dhcpClientId++; // ownProtocolAddressByte = offeredIp; // ownProtocolAddressString = ownProtocolAddressByte.SequenceToString("."); // ownProtocolAddress = new IpV4Address(ownProtocolAddressString); // SendArp(); // break; // } // else if (dhcpState == 6 && arpState == 0 || dhcpState == 6 && arpState == 1 && timewait > 10) // { // EthernetLayer ethernetLayer = new EthernetLayer // { // Source = ifHardwareAddress, // Destination = new MacAddress("FF:FF:FF:FF:FF:FF"), // EtherType = EthernetType.None, // }; // ArpLayer arpLayer = new ArpLayer // { // ProtocolType = EthernetType.IpV4, // Operation = ArpOperation.Request, // SenderHardwareAddress = ifHardwareAddressByte.AsReadOnly(), // SenderProtocolAddress = new byte[] { 0, 0, 0, 0 }.AsReadOnly(), // TargetHardwareAddress = new byte[] { 0, 0, 0, 0, 0, 0 }.AsReadOnly(), // TargetProtocolAddress = offeredIp.AsReadOnly(), // }; // PacketBuilder builder = new PacketBuilder(ethernetLayer, arpLayer); // SendPacket(builder.Build(DateTime.Now)); // if (arpState == 0) // retries = 0; // else // retries++; // timewait = 0; // arpState = 1; // } // else if (dhcpState == 6 && arpState == 2) // { // if ((BitConverter.ToUInt32(offeredIp.Reverse().ToArray(), 0) + 1 & ifProtocolMask.ToValue()) != // (ifProtocolAddress.ToValue() & ifProtocolMask.ToValue())) // { // Global.WriteLog("IPAlloc: Couldn't allocate IP address!"); // break; // } // Global.WriteLog("IPAlloc: IP " + offeredIp.SequenceToString(".") + " is already used!"); // offeredIp = BitConverter.GetBytes((BitConverter.ToUInt32(offeredIp.Reverse().ToArray(), 0) + 1)).Reverse().ToArray(); // arpState = 0; // } // Thread.Sleep(100); // timewait++; // } //} public void ReceivePackets() { // Retrieve the device list from the local machine IList<LivePacketDevice> allDevices = LivePacketDevice.AllLocalMachine; // Find the NPF device of the interface PacketDevice selectedDevice = null; for (int i = 0; i != allDevices.Count; ++i) { LivePacketDevice device = allDevices[i]; if (device.Name.ToUpper().Contains(Guid.ToString().ToUpper())) { selectedDevice = device; break; } } if (selectedDevice == null) { Initialized.Set(); Global.ShowTrayTip("Load Balancer", "Interface " + Name + " not captured by WinPcap.", System.Windows.Forms.ToolTipIcon.Warning); Global.WriteLog("Load Balancer: Interface " + Name + " not captured by WinPcap."); return; } try { using (communicator = selectedDevice.Open(65536, PacketDeviceOpenAttributes.MaximumResponsiveness, 1000)) { Global.WriteLog("Load Balancer: Listening on " + Name + "..."); //communicator.SetFilter("(ether dst " + ifHardwareAddressString + " and (ip or arp)) or (ether dst FF:FF:FF:FF:FF:FF and arp)"); communicator.SetFilter("(ether dst " + ifHardwareAddressString + " and ip and (udp or icmp))"); Initialized.Set(); communicator.ReceivePackets(0, (packet) => { if (!ThreadActive.IsSet) { communicator.Break(); return; } //if (ownProtocolAddressString == null) //{ // if (packet.Ethernet.IpV4.Udp.SourcePort == 67 && packet.Ethernet.IpV4.Udp.DestinationPort == 68 && (PublicVars.dhcpState == 1 || PublicVars.dhcpState == 3)) // { // Dhcp dhcpReply = new Dhcp(packet.Ethernet.IpV4.Udp.Payload.ToArray()); // if (PublicVars.dhcpId == dhcpReply.Id && dhcpReply.MessageType == 2) // { // if (dhcpReply.getOption((int)DhcpOptionCode.DhcpMsgType)[0] == 2) // { // PublicVars.offeredIp = dhcpReply.YourIp; // PublicVars.dhcpServer = dhcpReply.getOption((int)DhcpOptionCode.DhcpServerId); // PublicVars.dhcpState = 2; // } // else if (dhcpReply.getOption((int)DhcpOptionCode.DhcpMsgType)[0] == 5) // { // PublicVars.dhcpState = 4; // } // else if (dhcpReply.getOption((int)DhcpOptionCode.DhcpMsgType)[0] == 6) // { // PublicVars.offeredIp = null; // PublicVars.dhcpState = 0; // PublicVars.dhcpId = 0; // } // } // } // else if (packet.Ethernet.EtherType == EthernetType.Arp && PublicVars.arpState == 1) // { // if (packet.Ethernet.Arp.SenderProtocolAddress.SequenceEqual(PublicVars.offeredIp)) // PublicVars.arpState = 2; // } //} //if (packet.Ethernet.EtherType == EthernetType.Arp) //{ // if (packet.Ethernet.Arp.TargetProtocolAddress.SequenceEqual(ownProtocolAddressByte) && // packet.Ethernet.Arp.Operation == ArpOperation.Request) // { // EthernetLayer ethernetLayer = new EthernetLayer // { // Source = ifHardwareAddress, // Destination = packet.Ethernet.Source, // EtherType = EthernetType.None, // }; // ArpLayer arpLayer = new ArpLayer // { // ProtocolType = EthernetType.IpV4, // Operation = ArpOperation.Reply, // SenderHardwareAddress = ifHardwareAddressByte.AsReadOnly(), // SenderProtocolAddress = packet.Ethernet.Arp.TargetProtocolAddress, // TargetHardwareAddress = packet.Ethernet.Arp.SenderHardwareAddress, // TargetProtocolAddress = packet.Ethernet.Arp.SenderProtocolAddress, // }; // PacketBuilder builder = new PacketBuilder(ethernetLayer, arpLayer); // communicator.SendPacket(builder.Build(DateTime.Now)); // } //} if (tapWorker.Initialized.IsSet) { if (packet.Ethernet.IpV4.Length > MTU) // only UDP and ICMP { EthernetLayer ethernetLayer = new EthernetLayer { Source = ifHardwareAddress, Destination = packet.Ethernet.Source, EtherType = EthernetType.None, }; IpV4Layer ipV4Layer = new IpV4Layer { Source = packet.Ethernet.IpV4.Destination, CurrentDestination = packet.Ethernet.IpV4.Source, Fragmentation = packet.Ethernet.IpV4.Fragmentation, HeaderChecksum = null, // Will be filled automatically. Identification = 123, Options = packet.Ethernet.IpV4.Options, Protocol = packet.Ethernet.IpV4.Protocol, Ttl = packet.Ethernet.IpV4.Ttl, TypeOfService = packet.Ethernet.IpV4.TypeOfService, }; IcmpDestinationUnreachableLayer icmpLayer = new IcmpDestinationUnreachableLayer { Code = IcmpCodeDestinationUnreachable.FragmentationNeededAndDoNotFragmentSet, NextHopMaximumTransmissionUnit = (ushort)MTU, }; PacketBuilder builder = new PacketBuilder(ethernetLayer, ipV4Layer, icmpLayer); SendPacket(builder.Build(DateTime.Now)); // TODO: fix warning spam if (Global.Config.LoadBalancer.ShowTrayTipsWarnings) Global.ShowTrayTip("Load Balancer", "IP packet larger than the MTU detected on " + Name + ".\n\nIP fragmentation is not supported.", ToolTipIcon.Warning); Global.WriteLog("Load Balancer: IP packet larger than the MTU detected on " + Name); return; } if (packet.Ethernet.IpV4.Fragmentation.Options == IpV4FragmentationOptions.DoNotFragment || packet.Ethernet.IpV4.Fragmentation.Options == IpV4FragmentationOptions.None && packet.Ethernet.IpV4.Fragmentation.Offset == 0) { if (packet.Ethernet.IpV4.Protocol == IpV4Protocol.InternetControlMessageProtocol) { if (packet.Ethernet.IpV4.Destination == ifProtocolAddress) if ((packet.Ethernet.IpV4.Icmp.MessageType == IcmpMessageType.EchoReply || packet.Ethernet.IpV4.Fragmentation.Offset > 0)) { EthernetLayer ethernetLayer = new EthernetLayer { Source = tapWorker.ownHardwareAddress, Destination = tapWorker.ifHardwareAddress, EtherType = EthernetType.None, }; IpV4Layer ipV4Layer = new IpV4Layer { Source = packet.Ethernet.IpV4.Source, CurrentDestination = tapWorker.ifProtocolAddress, Fragmentation = packet.Ethernet.IpV4.Fragmentation, HeaderChecksum = null, // Will be filled automatically. Identification = packet.Ethernet.IpV4.Identification, Options = packet.Ethernet.IpV4.Options, Protocol = packet.Ethernet.IpV4.Protocol, Ttl = packet.Ethernet.IpV4.Ttl, TypeOfService = packet.Ethernet.IpV4.TypeOfService, }; PayloadLayer payloadLayer = new PayloadLayer { Data = new Datagram(packet.Ethernet.IpV4.Payload.ToArray()), }; PacketBuilder builder = new PacketBuilder(ethernetLayer, ipV4Layer, payloadLayer); tapWorker.SendPacket(builder.Build(DateTime.Now)); } } //else if (packet.Ethernet.IpV4.Protocol == IpV4Protocol.Tcp) //{ // if (packet.Ethernet.IpV4.Destination == ifProtocolAddress) // { // lock (RoutingTable.lockObj) // routingObject = RoutingTable.TranslateBack(packet); // if (routingObject.ifIndex == -1) // return; // EthernetLayer ethernetLayer = new EthernetLayer // { // Source = TapWorker.ownHardwareAddress, // Destination = TapWorker.ifHardwareAddress, // EtherType = packet.Ethernet.EtherType, // }; // IpV4Layer ipV4Layer = new IpV4Layer // { // Source = packet.Ethernet.IpV4.Source, // CurrentDestination = TapWorker.ifProtocolAddress, // Fragmentation = packet.Ethernet.IpV4.Fragmentation, // HeaderChecksum = null, // Will be filled automatically. // Identification = packet.Ethernet.IpV4.Identification, // Options = packet.Ethernet.IpV4.Options, // Protocol = packet.Ethernet.IpV4.Protocol, // Ttl = packet.Ethernet.IpV4.Ttl, // TypeOfService = packet.Ethernet.IpV4.TypeOfService, // }; // TcpLayer tcpLayer = new TcpLayer // { // SourcePort = packet.Ethernet.IpV4.Tcp.SourcePort, // DestinationPort = routingObject.localPort, // Checksum = null, // Will be filled automatically. // SequenceNumber = packet.Ethernet.IpV4.Tcp.SequenceNumber, // AcknowledgmentNumber = routingObject.ack, // ControlBits = packet.Ethernet.IpV4.Tcp.ControlBits, // Window = packet.Ethernet.IpV4.Tcp.Window, // UrgentPointer = packet.Ethernet.IpV4.Tcp.UrgentPointer, // Options = packet.Ethernet.IpV4.Tcp.Options, // }; // PayloadLayer payloadLayer = new PayloadLayer // { // Data = new Datagram(packet.Ethernet.IpV4.Tcp.Payload.ToArray()), // }; // PacketBuilder builder = new PacketBuilder(ethernetLayer, ipV4Layer, tcpLayer, payloadLayer); // MainThread.tapWorker.SendPacket(builder.Build(DateTime.Now)); // } //} else if (packet.Ethernet.IpV4.Protocol == IpV4Protocol.Udp) { if (packet.Ethernet.IpV4.Destination == ifProtocolAddress) { phyRoutingObject = RoutingTable.IsUdpConn(packet); if (phyRoutingObject.ifIndex == -1) return; EthernetLayer ethernetLayer = new EthernetLayer { Source = tapWorker.ownHardwareAddress, Destination = tapWorker.ifHardwareAddress, EtherType = packet.Ethernet.EtherType, }; IpV4Layer ipV4Layer = new IpV4Layer { Source = packet.Ethernet.IpV4.Source, CurrentDestination = tapWorker.ifProtocolAddress, Fragmentation = packet.Ethernet.IpV4.Fragmentation, HeaderChecksum = null, // Will be filled automatically. Identification = packet.Ethernet.IpV4.Identification, Options = packet.Ethernet.IpV4.Options, Protocol = packet.Ethernet.IpV4.Protocol, Ttl = packet.Ethernet.IpV4.Ttl, TypeOfService = packet.Ethernet.IpV4.TypeOfService, }; UdpLayer udpLayer = new UdpLayer { SourcePort = packet.Ethernet.IpV4.Udp.SourcePort, DestinationPort = packet.Ethernet.IpV4.Udp.DestinationPort, Checksum = null, // Will be filled automatically. CalculateChecksumValue = packet.Ethernet.IpV4.Udp.IsChecksumOptional, }; PayloadLayer payloadLayer = new PayloadLayer { Data = new Datagram(packet.Ethernet.IpV4.Udp.Payload.ToArray()), }; PacketBuilder builder = new PacketBuilder(ethernetLayer, ipV4Layer, udpLayer, payloadLayer); tapWorker.SendPacket(builder.Build(DateTime.Now)); } } } else if (packet.Ethernet.IpV4.Fragmentation.Options == IpV4FragmentationOptions.MoreFragments || packet.Ethernet.IpV4.Fragmentation.Options == IpV4FragmentationOptions.None && packet.Ethernet.IpV4.Fragmentation.Offset > 0) { // TODO: fix warning spam if (Global.Config.LoadBalancer.ShowTrayTipsWarnings) Global.ShowTrayTip("Load Balancer", "IP fragmentation detected on " + Name + ".\n\nIP fragmentation is not supported.", ToolTipIcon.Warning); Global.WriteLog("Load Balancer: IP fragmentation detected on " + Name); //fragments = fragBuffer.Add(packet); //if (fragments != null) // for (int i = 0; i < fragments.Count; i++) // { // IpV4Handler(fragments[i], fragments); // } } } }); } } catch (Exception e) { if (ThreadActive.IsSet) { ThreadActive.Reset(); Global.WriteLog("Load Balancer: " + Name + " has disconnected"); if (Global.Config.Gadget.Debug) Global.WriteLog(e.ToString()); Global.ShowTrayTip("Load Balancer", Name + " has disconnected", System.Windows.Forms.ToolTipIcon.Warning); } } }
public static void Test_InterpretingThePackets_01() { // from project InterpretingThePackets _tr.WriteLine("Test_InterpretingThePackets_01"); PacketDevice device = SelectDevice(); if (device == null) return; __communicator = null; //_rs.OnAbortExecution += new OnAbortEvent(OnAbortExecution); _rs.OnAbortExecution = OnAbortExecution; try { // Open the device : device.Open() // snapshotLength = 65536, portion of the packet to capture 65536 guarantees that the whole packet will be captured on all the link layers // attributes = PacketDeviceOpenAttributes.Promiscuous, promiscuous mode // readTimeout = 1000 using (__communicator = device.Open(65536, PacketDeviceOpenAttributes.Promiscuous, 1000)) { // Check the link layer. We support only Ethernet for simplicity. if (__communicator.DataLink.Kind != DataLinkKind.Ethernet) { _tr.WriteLine("This program works only on Ethernet networks."); return; } // Compile the filter using (BerkeleyPacketFilter filter = __communicator.CreateFilter("ip and udp")) { // Set the filter __communicator.SetFilter(filter); } _tr.WriteLine("Listening on " + device.Description + "..."); // start the capture __communicator.ReceivePackets(0, InterpretingPacketHandler); } } catch (Exception ex) { _tr.WriteLine(ex.Message); } finally { //_rs.OnAbortExecution -= new OnAbortEvent(OnAbortExecution); } }
/// <summary> /// Start an off-line capture /// </summary> /// <param name="file">The dump file name to capture</param> /// <param name="callback">Callback to handle packets</param> /// <param name="IsBadDumpFile">Flag indicates whether the dump file is invalid</param> public static void StartOfflineCapture(string file, HandlePacket callback, ref bool IsBadDumpFile) { PacketCommunicator pc = communicator; try { // Create the off-line device OfflinePacketDevice selectedDevice = new OfflinePacketDevice(file); communicator = selectedDevice.Open(65536, // portion of the packet to capture // 65536 guarantees that the whole packet will be captured on all the link layers PacketDeviceOpenAttributes.Promiscuous, // promiscuous mode 1000); // read timeout // Compile the filter using (BerkeleyPacketFilter filter = communicator.CreateFilter(SnifferConfig.Filter.FilterString)) { communicator.SetFilter(filter); } // Read and dispatch packets until EOF is reached communicator.ReceivePackets(0, callback); } catch (Exception) { IsBadDumpFile = true; } finally { if (pc != null) communicator = pc; } }