public static bool ComputeTCPChecksum(IPHeader ipHeader, TCPHeader tcpHeader) { ComputeIPChecksum(ipHeader); int ipData_len = ipHeader.getDataLength(); if (ipData_len < 0) { return(false); } long sum = getsum(ipHeader.mData, ipHeader.mOffset + IPHeader.offset_src_ip, 8); sum += ipHeader.getProtocol() & 0xFF; sum += ipData_len; short oldCrc = tcpHeader.getCrc(); tcpHeader.setCrc(0); short newCrc = checksum(sum, tcpHeader.mData, tcpHeader.mOffset, ipData_len); tcpHeader.setCrc(newCrc); return(oldCrc == newCrc); }
private void processFIN(TCB tcb, TCPHeader tcpHeader, ByteBuffer responseBuffer) { lock (tcb) { Packet referencePacket = tcb.referencePacket; tcb.myAcknowledgementNum = tcpHeader.sequenceNumber + 1; tcb.theirAcknowledgementNum = tcpHeader.acknowledgementNumber; if (tcb.waitingForNetworkData) { tcb.status = TCB.TCBStatus.CLOSE_WAIT; referencePacket.updateTCPBuffer(responseBuffer, (byte)TCPHeader.ACK, tcb.mySequenceNum, tcb.myAcknowledgementNum, 0); } else { tcb.status = TCB.TCBStatus.LAST_ACK; referencePacket.updateTCPBuffer(responseBuffer, (byte)(TCPHeader.FIN | TCPHeader.ACK), tcb.mySequenceNum, tcb.myAcknowledgementNum, 0); tcb.mySequenceNum++; // FIN counts as a byte } } outputQueue.Offer(responseBuffer); }
/// <summary> /// Função que varre todos os pacotes recebidos em busca de pacotes que /// pertençam a mesma conexão do pacote fornecido /// </summary> /// <param name="InitialPack"></param> public void FindConnectionPacks(IPHeader InitialPack) { if (InitialPack.ProtocolType == Protocol.TCP) { userControlDiagrama1.ClearConnectionData(); TCPHeader th1 = new TCPHeader(InitialPack.Data, InitialPack.MessageLength); string SourceSockIni = InitialPack.SourceAddress.ToString() + ":" + th1.SourcePort; string DestinSockIni = InitialPack.DestinationAddress.ToString() + ":" + th1.DestinationPort; for (int i = 0; i < ListaPacotesRecebidos.Count; i++) { if (ListaPacotesRecebidos[i].ProtocolType == Protocol.TCP) { TCPHeader th2 = new TCPHeader(ListaPacotesRecebidos[i].Data, ListaPacotesRecebidos[i].MessageLength); string SourceSock = ListaPacotesRecebidos[i].SourceAddress.ToString() + ":" + th2.SourcePort; string DestinSock = ListaPacotesRecebidos[i].DestinationAddress.ToString() + ":" + th2.DestinationPort; if ((SourceSock == SourceSockIni && DestinSock == DestinSockIni) || SourceSock == DestinSockIni && DestinSock == SourceSockIni) { userControlDiagrama1.AdicionaFrameTCP(ListaPacotesRecebidos[i]); } } } userControlDiagrama1.Visible = true; } else if (InitialPack.ProtocolType == Protocol.UDP) { MessageBox.Show("O protocolo UDP não é orientado a conexão!"); } }
//Helper function which returns the information contained in the TCP header as a //tree node private TreeNode MakeTCPTreeNode(TCPHeader tcpHeader) { TreeNode tcpNode = new TreeNode("TCP Data: (" + tcpHeader.MessageLength + ")"); tcpNode.Nodes.Add("Sequence Number: " + tcpHeader.SequenceNumber); if (tcpHeader.AcknowledgementNumber != "") { tcpNode.Nodes.Add("Acknowledgement Number: " + tcpHeader.AcknowledgementNumber); } tcpNode.Nodes.Add("Header Length: " + tcpHeader.HeaderLength); tcpNode.Nodes.Add("Flags: " + tcpHeader.Flags); tcpNode.Nodes.Add("Window Size: " + tcpHeader.WindowSize); tcpNode.Nodes.Add("Checksum: " + tcpHeader.Checksum); if (tcpHeader.UrgentPointer != "") { tcpNode.Nodes.Add("Urgent Pointer: " + tcpHeader.UrgentPointer); } TreeNode dataNode = new TreeNode("MessageLength: " + tcpHeader.MessageLength); dataNode.ForeColor = System.Drawing.Color.Blue; dataNode.Tag = tcpHeader.Data; tcpNode.Nodes.Add(dataNode); return(tcpNode); }
private void ParseTcpIPData(byte[] byteData, int nReceived) { //Since all protocol packets are encapsulated in the IP datagram //so we start by parsing the IP header and see what protocol data //is being carried by it and filter source and destination address. IPHeader ipHeader = new IPHeader(byteData, nReceived); if (ipHeader.SourceAddress.ToString().Equals(TcpClient.Address) || ipHeader.DestinationAddress.ToString().Equals(TcpClient.Address)) { //Now according to the protocol being carried by the IP datagram we parse //the data field of the datagram if it carries TCP protocol if ((ipHeader.ProtocolType == Protocol.TCP) && (ipHeader.MessageLength > 0)) { TCPHeader tcpHeader = new TCPHeader(ipHeader.Data, ipHeader.MessageLength); //Now filter only on our Denon (or Marantz) receiver if (tcpHeader.SourcePort == TcpClient.Port.ToString() || tcpHeader.DestinationPort == TcpClient.Port.ToString()) { if (tcpHeader.MessageLength > 1) { ParseAvrData(tcpHeader.Data, tcpHeader.MessageLength); } } } } }
public void Start() { using (FileStream stream = new FileStream("D:\\work\\Snipper.txt", FileMode.Append, FileAccess.Write)) { using (StreamWriter sw = new StreamWriter(stream)) { while (true) { int nReceived = base.Receive(byteData, SocketFlags.None); IPHeader ipheader = new IPHeader(byteData, nReceived); sw.WriteLine("-----------------------------------------------------------------------------------"); sw.Write(ipheader.ToString()); sw.WriteLine(); switch (ipheader.ProtocolType) { case 6: TCPHeader tcpHeader = new TCPHeader(ipheader.Data, ipheader.MessageLength); Console.WriteLine(ipheader.SourceAddress.ToString() + "-" + ipheader.DestinationAddress.ToString()); sw.Write(tcpHeader.ToString()); break; case 7: UDPHeader udpHeader = new UDPHeader(ipheader.Data, ipheader.MessageLength); Console.WriteLine(ipheader.SourceAddress.ToString() + "-" + ipheader.DestinationAddress.ToString()); sw.Write(udpHeader.ToString()); break; } sw.WriteLine("-----------------------------------------------------------------------------------"); sw.WriteLine(); sw.Flush(); } } } }
//Helper function which returns the information contained in the TCP header as a //tree node public static TreeNode MakeTCPTreeNode(TCPHeader tcpHeader) { TreeNode tcpNode = new TreeNode(); tcpNode.Text = "TCP"; tcpNode.Nodes.Add("Source Port: " + tcpHeader.SourcePort); tcpNode.Nodes.Add("Destination Port: " + tcpHeader.DestinationPort); tcpNode.Nodes.Add("Sequence Number: " + tcpHeader.SequenceNumber); if (tcpHeader.AcknowledgementNumber != "") { tcpNode.Nodes.Add("Acknowledgement Number: " + tcpHeader.AcknowledgementNumber); } tcpNode.Nodes.Add("Header Length: " + tcpHeader.HeaderLength); tcpNode.Nodes.Add("Flags: " + tcpHeader.Flags); tcpNode.Nodes.Add("Window Size: " + tcpHeader.WindowSize); tcpNode.Nodes.Add("Checksum: " + tcpHeader.Checksum); if (tcpHeader.UrgentPointer != "") { tcpNode.Nodes.Add("Urgent Pointer: " + tcpHeader.UrgentPointer); } return(tcpNode); }
public void SetData(IPHeader ip, TCPHeader tcp) { label1FlagsIP.Text = ip.Flags; label1OffsetFragmIP.Text = ip.FragmentationOffset; labelCSIP.Text = ip.Checksum; labelCSTCP.Text = tcp.Checksum; labelEndDestIP.Text = ip.DestinationAddress.ToString(); labelEndOrgIP.Text = ip.SourceAddress.ToString(); labelIDIP.Text = ip.Identification; labelIHLIP.Text = "???"; labelFlagsTCP.Text = tcp.Flags; labelJanelaTCP.Text = tcp.WindowSize; labelNroConfirmTCP.Text = tcp.AcknowledgementNumber; labelNroSeqTCP.Text = tcp.SequenceNumber; labelOffsetTCP.Text = "??"; labelPonteiroTCP.Text = tcp.UrgentPointer; labelPortaDestinoTCP.Text = tcp.DestinationPort; labelPortaOrigmTCP.Text = tcp.SourcePort; labelProtocolIP.Text = ip.ProtocolType.ToString(); labelTamanhoTotalIP.Text = ip.TotalLength; labelResTCP.Text = "-"; labelTipoServicoIP.Text = "?"; labelTTLIP.Text = ip.TTL; labelVersaoIP.Text = ip.Version; }
private void ParseData(byte[] byteData, int nReceived) { IPHeader ipHeader = new IPHeader(byteData, nReceived); switch (ipHeader.ProtocolType) { case Protocol.TCP: TCPHeader tcpHeader = new TCPHeader(ipHeader.Data, ipHeader.MessageLength); //Length of the data field if (tcpHeader.SourcePort == "4988") { lock (((ICollection)_queue).SyncRoot) { _queue.Enqueue(byteData); _syncEvents.NewItemEvent.Set(); } } break; case Protocol.UDP: break; case Protocol.Unknown: break; } }
private void ParseData(byte[] byteData, int nReceived) { try { //Since all protocol packets are encapsulated in the IP datagram //so we start by parsing the IP header and see what protocol data //is being carried by it IPHeader ipHeader = new IPHeader(byteData, nReceived); //Now according to the protocol being carried by the IP datagram we parse //the data field of the datagram switch (ipHeader.ProtocolType) { case pinger_csharp.Protocol.TCP: TCPHeader tcpHeader = new TCPHeader(ipHeader.Data, //IPHeader.Data stores the data being //carried by the IP datagram ipHeader.MessageLength); //Length of the data field //If the port is equal to 53 then the underlying protocol is DNS //Note: DNS can use either TCP or UDP thats why the check is done twice if (tcpHeader.DestinationPort == "53" || tcpHeader.SourcePort == "53") { } newPacketParse(new Packet(ipHeader, tcpHeader)); break; case pinger_csharp.Protocol.UDP: UDPHeader udpHeader = new UDPHeader(ipHeader.Data, //IPHeader.Data stores the data being //carried by the IP datagram (int)ipHeader.MessageLength); //Length of the data field //If the port is equal to 53 then the underlying protocol is DNS //Note: DNS can use either TCP or UDP thats why the check is done twice if (udpHeader.DestinationPort == "53" || udpHeader.SourcePort == "53") { //Length of UDP header is always eight bytes so we subtract that out of the total //length to find the length of the data } newPacketParse(new Packet(ipHeader, udpHeader)); break; case pinger_csharp.Protocol.Unknown: break; //Thread safe adding of the packets!! } } catch (Exception ex) { MessageBox.Show(ex.Message, "parseData", MessageBoxButtons.OK, MessageBoxIcon.Error); } }
private void OnPacketSent(IPHeader ipHeader) { if (IpPacketSent != null) { IpPacketSent(ipHeader, EventArgs.Empty); } TCPHeader tcpHeader = new TCPHeader(ipHeader.Data, ipHeader.MessageLength); if (TcpPacketSent != null) { TcpPacketSent(tcpHeader, EventArgs.Empty); } }
private void processDuplicateSYN(TCB tcb, TCPHeader tcpHeader, ByteBuffer responseBuffer) { lock (tcb) { if (tcb.status == TCB.TCBStatus.SYN_SENT) { tcb.myAcknowledgementNum = tcpHeader.sequenceNumber + 1; return; } } SendRST(tcb, 1, responseBuffer); }
private void InitializeConnection(Java.Lang.String ipAndPort, InetAddress destinationAddress, int destinationPort, Packet currentPacket, TCPHeader tcpHeader, ByteBuffer responseBuffer) { currentPacket.SwapSourceAndDestination(); if (tcpHeader.isSYN()) { SocketChannel outputChannel = SocketChannel.Open(); outputChannel.ConfigureBlocking(false); vpnService.Protect(outputChannel.Socket()); TCB tcb = new TCB(ipAndPort, random.NextInt(Short.MaxValue + 1), tcpHeader.sequenceNumber, tcpHeader.sequenceNumber + 1, tcpHeader.acknowledgementNumber, outputChannel, currentPacket); TCB.PutTCB(ipAndPort, tcb); try { outputChannel.Connect(new InetSocketAddress(destinationAddress, destinationPort)); if (outputChannel.FinishConnect()) { tcb.status = TCB.TCBStatus.SYN_RECEIVED; // TODO: Set MSS for receiving larger packets from the device currentPacket.updateTCPBuffer(responseBuffer, (byte)(TCPHeader.SYN | TCPHeader.ACK), tcb.mySequenceNum, tcb.myAcknowledgementNum, 0); tcb.mySequenceNum++; // SYN counts as a byte } else { tcb.status = TCB.TCBStatus.SYN_SENT; selector.Wakeup(); tcb.selectionKey = outputChannel.Register(selector, SelectionKey.OpConnect, tcb); return; } } catch (IOException e) { Log.Error(TAG, "Connection error: " + ipAndPort, e); currentPacket.updateTCPBuffer(responseBuffer, (byte)TCPHeader.RST, 0, tcb.myAcknowledgementNum, 0); TCB.CloseTCB(tcb); } } else { currentPacket.updateTCPBuffer(responseBuffer, (byte)TCPHeader.RST, 0, tcpHeader.sequenceNumber + 1, 0); } outputQueue.Offer(responseBuffer); }
public override void OnPacket(RichTextBox rtfedit, IPHeader ipHdr, TCPHeader tcpHdr, UDPHeader udpHdr) { ushort datalen = 0; Font savefont = new Font(rtfedit.SelectionFont, FontStyle.Regular); Font ipfont = new Font(savefont, FontStyle.Underline | FontStyle.Bold); // rtfedit.SelectionFont = ipfont; //rtfedit.SelectionColor = Color.Cyan; //rtfedit.AppendText(String.Format("{0,5} ", ipHdr.Protocol.ToString())); if (tcpHdr != null) { byte[] data = (tcpHdr == null) ? udpHdr.Data : tcpHdr.Data; datalen = (ushort)((data == null) ? 0 : data.Length); if (datalen != 0) { return; } rtfedit.SelectionColor = Color.Cyan; rtfedit.AppendText(String.Format("{0,-8} ", recvnum++)); ushort srcport = (tcpHdr == null) ? udpHdr.SourcePort : tcpHdr.SourcePort; ushort destport = (tcpHdr == null) ? udpHdr.DestinationPort : tcpHdr.DestinationPort; // rtfedit.SelectionColor = Color.Green; rtfedit.AppendText(String.Format("[{0,-15}:{1,-5}]", ipHdr.SourceAddress, srcport)); // rtfedit.SelectionFont = ipfont; rtfedit.SelectionColor = Color.Blue; rtfedit.AppendText(String.Format(" [{0,-15}:{1,-5}]", ipHdr.DestinationAddress, destport)); // rtfedit.SelectionColor = Color.DarkOrange; rtfedit.AppendText(String.Format(" [{0,-3}]\r\n", tcpHdr.FlagsString)); return; } }
internal static TCPpacket CreateTCPpacket(TCPHeader tcpHeader) { TCPpacket tcp = new TCPpacket(); tcp.AckNumber = tcpHeader.AcknowledgementNumber; tcp.Checksum = tcpHeader.RawChecksum; tcp.Flags = tcpHeader.Flags_con; tcp.DataOffset = tcpHeader.DataOffset; tcp.DesPort = tcpHeader.DestinationPort; tcp.HeaderLength = tcpHeader.HeaderLength; tcp.MessageLength = tcpHeader.MessageLength.ToString(); tcp.SeqNumber = tcpHeader.SequenceNumber; tcp.SrcPort = tcpHeader.SourcePort; tcp.UrgentPointer = tcp.UrgentPointer; tcp.Window = tcpHeader.WindowSize; return(tcp); }
private unsafe byte[] ConstructTCPPacket( ushort source_port, ushort dest_port, uint seq_no, uint ack_no, byte flags, byte[] data ) { byte[] ret = new byte[data.Length + sizeof(TCPHeader)]; TCPHeader header = new TCPHeader(); header.source_port = Utility.htons(source_port); header.destination_port = Utility.htons(dest_port); header.sequence_number = Utility.htonl(seq_no); header.ack_number = Utility.htonl(ack_no); header.dataoffset_ns = (byte)((sizeof(TCPHeader) / 4) << 4); header.flags = flags; header.windowsize = 0; header.checksum = 0; header.urgent = 0; // todo: what about custom options? IntPtr ptr = IntPtr.Zero; try { ptr = Marshal.AllocHGlobal(sizeof(TCPHeader)); Marshal.StructureToPtr(header, ptr, true); Marshal.Copy(ptr, ret, 0, sizeof(TCPHeader)); } finally { if (ptr != IntPtr.Zero) { Marshal.FreeHGlobal(ptr); } } if ((data?.Length ?? 0) > 0) { Array.Copy(data, 0, ret, sizeof(TCPHeader), data.Length); } return(ret); }
public string GetIpLog(Protocol type, TCPHeader tcp) { string body = ""; body += Identification + " . From " + SourceAddress + " to " + DestinationAddress + "\n"; body += "Protocol: " + (type == Protocol.TCP ? "TCP" : "UDP") + " from " + "\n"; if (type == Protocol.TCP && tcp != null) { body += "Window size: " + tcp.WindowSize + (tcp.UrgentPointer != "" ? " ,Urgent Pointer: " + tcp.UrgentPointer : "") + "\n"; body += "Sequence Number: " + tcp.SequenceNumber + " ,Acknowledgement Number: " + tcp.AcknowledgementNumber + " ,Flags: " + tcp.Flags + "\n"; } body += " TTL: " + TTL + " ,Checksum: " + Checksum + " ,DiffServ: " + DifferentiatedServices + " ,Fragmentation: " + FragmentationOffset + Flags + "\n"; body += " Total Length: " + TotalLength + " Header length: " + HeaderLength + " Message Length: " + MessageLength + "\n"; body += "\n"; return(body); }
static void Main(string[] args) { Console.CancelKeyPress += delegate { _running = false; }; // open handle using (var handle = Diversion.WinDivertOpen("true", WinDivertLayer.Network, 100, 0)) { if (handle.IsInvalid) { Console.WriteLine("Unable to open handle. Error: " + Marshal.GetLastWin32Error()); return; } // prepare headers var ipHeader = new IPHeader(); var ipv6Header = new IPv6Header(); var icmpHeader = new ICMPHeader(); var icmpv6Header = new ICMPv6Header(); var tcpHeader = new TCPHeader(); var udpHeader = new UDPHeader(); var address = new Address(); byte[] buffer = new byte[65535]; uint receiveLength = 0; uint sendLength = 0; string processName; uint pid = 0; // loop while (_running) { pid = 0; } receiveLength = 0; sendLength = 0; fixed(byte *data = buffer) { Diversion.WinDivertHelperParsePacket(data, receiveLength, ipHeader, ipv6Header, icmpHeader, icmpv6Header, tcpHeader, udpHeader, null, null); } } }
public void SetIPData(IPHeader iph) { IPData = iph; SourceAdd = IPData.SourceAddress.ToString(); DestAdd = IPData.DestinationAddress.ToString(); labelIndex.Text = iph.ListIndex.ToString(); switch (iph.ProtocolType) { case Protocol.TCP: labelProtocol.Text = "TCP"; TCPData = new TCPHeader(IPData.Data, IPData.MessageLength); SourcePort = TCPData.SourcePort; DestPort = TCPData.DestinationPort; //If the port is equal to 53 then the underlying protocol is DNS //Note: DNS can use either TCP or UDP thats why the check is done twice if (TCPData.DestinationPort == "53" || TCPData.SourcePort == "53") { //TreeNode dnsNode = MakeDNSTreeNode(tcpHeader.Data, (int)tcpHeader.MessageLength); } break; case Protocol.UDP: labelProtocol.Text = "UDP"; UDPData = new UDPHeader(IPData.Data, (int)IPData.MessageLength); SourcePort = UDPData.SourcePort; DestPort = UDPData.DestinationPort; //If the port is equal to 53 then the underlying protocol is DNS //Note: DNS can use either TCP or UDP thats why the check is done twice if (UDPData.DestinationPort == "53" || UDPData.SourcePort == "53") { //TreeNode dnsNode = MakeDNSTreeNode(udpHeader.Data, Convert.ToInt32(udpHeader.Length) - 8); } break; case Protocol.Unknown: break; default: break; } labelSource.Text = SourceAdd + ":" + SourcePort; labelDestination.Text = DestAdd + ":" + DestPort; }
public UserControlFrame(TCPHeader FrameTCP, int index) { InitializeComponent(); label1.Text = FrameTCP.Flags; labelIndex.Text = index.ToString(); string data = Encoding.UTF8.GetString(FrameTCP.Data); data = data.Replace('\0', ' '); data = data.Trim(); if (data.Length > 0) { toolTip1.SetToolTip(pictureBox2, data); pictureBox2.Visible = true; } else { pictureBox2.Visible = false; } }
private void OnPacketSync(IAsyncResult ars) { if (m_socket == null) { return; } Socket s = m_socket; int nbytes = s.EndReceive(ars); if (nbytes > 0) { IPHeader ipHdr = new IPHeader(m_buffer, nbytes); TCPHeader tcpHdr = null; UDPHeader udpHdr = null; if (ipHdr.Protocol == ProtocolType.Tcp) { tcpHdr = new TCPHeader(ipHdr.Data, ipHdr.MessageLength); } else if (ipHdr.Protocol == ProtocolType.Udp) { udpHdr = new UDPHeader(ipHdr.Data, ipHdr.MessageLength); } else { //todo } if (CheckWithFilter(ipHdr, tcpHdr, udpHdr)) { if (m_parser != null) { m_parser.OnPacket(richTextBox1, ipHdr, tcpHdr, udpHdr); } } s.BeginReceive(m_buffer, 0, m_buffer.Length, 0, new AsyncCallback(OnPacket), null); } else { richTextBox1.AppendText("Socket出错"); } }
public Packet(ByteBuffer buffer) { try { this.ip4Header = new IP4Header(buffer); if (this.ip4Header.protocol == IP4Header.TransportProtocol.TCP) { this.tcpHeader = new TCPHeader(buffer); this.IsTCP = true; } else if (ip4Header.protocol == IP4Header.TransportProtocol.UDP) { this.udpHeader = new UDPHeader(buffer); this.IsUDP = true; } this.backingBuffer = buffer; } catch (Exception ex) { throw new UnknownHostException(); } }
private void ParseData(byte[] byteData, int nReceived) { IPHeader ipHeader = new IPHeader(byteData, nReceived); switch (ipHeader.ProtocolType) { case Protocol.TCP: TCPHeader tcpHeader = new TCPHeader(ipHeader.Data, ipHeader.MessageLength); //Length of the data field if (tcpHeader.SourcePort == "4988") { Thread thread = new Thread(() => Krosmaga(0, byteData)); thread.Start(); } break; case Protocol.UDP: break; case Protocol.Unknown: break; } }
private unsafe string FindPrintableTcpStream(byte *fragment, int fragmentSize, int maxLength, bool oneLine = false) { if (fragmentSize < 16) { return(null); } byte *fragmentEnd = fragment + fragmentSize; if (!IsPrintable(fragment, fragment + 16)) { byte *ipStart = FindIPHeader(fragment, fragmentEnd); if (ipStart == null) { return(null); } IPHeader ip = new IPHeader(ipStart); if (ip.Protocol != 6) // TCP { return(null); } TCPHeader tcp = new TCPHeader(ipStart + ip.IPHeaderSize); var streamStart = tcp.TCPHeaderSize + ip.IPHeaderSize + ipStart; if (fragmentEnd - streamStart < 16) { return(null); } if (!IsPrintable(streamStart, streamStart + 16)) { return(null); } fragment = streamStart; } StringBuilder sb = new StringBuilder(); if (maxLength < fragmentEnd - fragment) { fragmentEnd = fragment + maxLength; } // As this point the fragment points at printable characters. Keep going until it becomes unprintable while (fragment < fragmentEnd) { byte b = *fragment; if (!((byte)'\n' <= b && b < 128)) { break; } if (oneLine && (b == '\r' || b == '\n')) { break; } sb.Append((char)b); fragment++; } return(sb.ToString()); }
public void Packet(byte[] datagram, NetworkInterface a) { try { OnRecievedPacket.Invoke(datagram, a); } catch { } IPv4Header Data; try { Data = new IPv4Header(datagram); } catch (Exception e) { OnCorruptPacket.BeginInvoke(datagram, a, null, null); return; } if (a.LocalIP != null) { if (Data.DestinationAddress == a.LocalIP) { } else if (a.SubnetMask != null) { if ((Data.DestinationAddress & ~a.SubnetMask) == (a.LocalIP & ~a.SubnetMask)) { OnNotForMe?.Invoke(Data, a); return; } } } switch (Data.Protocol) { case IPv4Header.ProtocolType.ICMP: handleICMPPacket(Data, a); break; case IPv4Header.ProtocolType.TCP: TCPHeader TCP; try { TCP = new TCPHeader(Data.Datagram); } catch (Exception e) { OnCorruptPacket?.Invoke(datagram, a); break; } OnTCPPacket?.Invoke(Data, TCP, TCP.DestinationPort, a); break; case IPv4Header.ProtocolType.UDP: UDPHeader UDP; try { UDP = new UDPHeader(Data.Datagram); } catch (Exception e) { OnCorruptPacket?.Invoke(datagram, a); break; } OnUDPPacket?.Invoke(Data, UDP, UDP.DestinationPort, a); break; default: break; } }
public override void OnPacket(RichTextBox rtfedit, IPHeader ipHdr, TCPHeader tcpHdr, UDPHeader udpHdr) { }
static void Main(string[] args) { // This is not really like the netdump example in the native WinDivert examples. Since we are // pulling the names of processes behind packet flows, we need to fully intercept/divert packets, // make the process query, then reinject. If we just sniff, the process will either be closed or // no longer bound to the local port the packet is associated with, and the process query will // be hit or miss (probably fail). So, by fully diverting rather than sniffing, we force // the process to hang open waiting for the packet while we check the process identity, then // hand the packet over untouched. // // Ideally you do not want to be querying the process on every single packet. Rather, you would // create a stucture that keeps track of a network flow, identify the process (protocol, whatever // else) one time, then only re-check when the flow has ended and a new flow has begun. This is // just for basic demonstration though, so we don't create and track any flows. // // Note also that the process identification is still not 100%. Many system processes run under // PID 4. I'm not satisfied with just getting SYSTEM for these processes, and I'd like to // ideally be able to identify exactly which processes they are. Still working on that. Console.WindowWidth = Console.LargestWindowWidth; bool running = true; Console.CancelKeyPress += delegate { running = false; }; Diversion diversion; string filter = "true"; try { diversion = Diversion.Open(filter, DivertLayer.Network, 100, 0); } catch(Exception e) { Console.WriteLine(e.Message); return; } if(!diversion.Handle.Valid) { Console.WriteLine("Failed to open divert handle with error {0}", System.Runtime.InteropServices.Marshal.GetLastWin32Error()); return; } IPHeader ipHeader = new IPHeader(); IPv6Header ipv6Header = new IPv6Header(); ICMPHeader icmpHeader = new ICMPHeader(); ICMPv6Header icmpv6Header = new ICMPv6Header(); TCPHeader tcpHeader = new TCPHeader(); UDPHeader udpHeader = new UDPHeader(); Address address = new Address(); byte[] buffer = new byte[65535]; uint receiveLength = 0; uint sendLength = 0; string processName; uint pid = 0; while (running) { pid = 0; receiveLength = 0; sendLength = 0; if (!diversion.Receive(buffer, address, ref receiveLength)) { Console.WriteLine("Failed to receive packet with error {0}", System.Runtime.InteropServices.Marshal.GetLastWin32Error()); continue; } diversion.ParsePacket(buffer, receiveLength, ipHeader, ipv6Header, icmpHeader, icmpv6Header, tcpHeader, udpHeader); if (ipHeader.Valid && tcpHeader.Valid) { Diversion.GetPacketProcess(address, tcpHeader, ipHeader, ref pid, out processName); if (processName.Equals("SYSTEM", StringComparison.OrdinalIgnoreCase)) { Console.WriteLine("ERROR {0} and PID is {1}", System.Runtime.InteropServices.Marshal.GetLastWin32Error(), pid); } Console.WriteLine( "{0} IPv4 TCP packet captured destined for {1}:{2} from {3}:{4} {5}.", address.Direction == DivertDirection.Inbound ? "Inbound" : "Outbound", ipHeader.DestinationAddress.ToString(), tcpHeader.DestinationPort.ToString(), ipHeader.SourceAddress.ToString(), tcpHeader.SourcePort.ToString(), address.Direction == DivertDirection.Inbound ? string.Format("to process {0}", processName) : string.Format("from process {0}", processName) ); Console.WriteLine(string.Format("ack: {0}, syn: {1}, len: {2}, seq: {3}", tcpHeader.Ack, tcpHeader.Syn, ipHeader.Length, tcpHeader.SequenceNumber)); } else if(ipHeader.Valid && udpHeader.Valid) { Diversion.GetPacketProcess(address, udpHeader, ipHeader, ref pid, out processName); if (processName.Equals("SYSTEM", StringComparison.OrdinalIgnoreCase)) { Console.WriteLine("ERROR {0} and PID is {1}", System.Runtime.InteropServices.Marshal.GetLastWin32Error(), pid); } Console.WriteLine( "{0} IPv4 UDP packet captured destined for {1}:{2} from {3}:{4} {5}.", address.Direction == DivertDirection.Inbound ? "Inbound" : "Outbound", ipHeader.DestinationAddress.ToString(), tcpHeader.DestinationPort.ToString(), ipHeader.SourceAddress.ToString(), tcpHeader.SourcePort.ToString(), address.Direction == DivertDirection.Inbound ? string.Format("to process {0}", processName) : string.Format("from process {0}", processName) ); } else if(ipv6Header.Valid && tcpHeader.Valid) { Diversion.GetPacketProcess(address, tcpHeader, ipv6Header, ref pid, out processName); if (processName.Equals("SYSTEM", StringComparison.OrdinalIgnoreCase)) { Console.WriteLine("ERROR {0} and PID is {1}", System.Runtime.InteropServices.Marshal.GetLastWin32Error(), pid); } Console.WriteLine( "{0} IPv6 TCP packet captured destined for {1}:{2} from {3}:{4} {5}.", address.Direction == DivertDirection.Inbound ? "Inbound" : "Outbound", ipHeader.DestinationAddress.ToString(), tcpHeader.DestinationPort.ToString(), ipHeader.SourceAddress.ToString(), tcpHeader.SourcePort.ToString(), address.Direction == DivertDirection.Inbound ? string.Format("to process {0}", processName) : string.Format("from process {0}", processName) ); Console.WriteLine(string.Format("ack: {0}, syn: {1}, len: {2}, seq: {3}", tcpHeader.Ack, tcpHeader.Syn, ipv6Header.Length, tcpHeader.SequenceNumber)); } else if (ipv6Header.Valid && udpHeader.Valid) { Diversion.GetPacketProcess(address, udpHeader, ipv6Header, ref pid, out processName); if (processName.Equals("SYSTEM", StringComparison.OrdinalIgnoreCase)) { Console.WriteLine("ERROR {0} and PID is {1}", System.Runtime.InteropServices.Marshal.GetLastWin32Error(), pid); } Console.WriteLine( "{0} IPv6 UDP packet captured destined for {1}:{2} from {3}:{4} {5}.", address.Direction == DivertDirection.Inbound ? "Inbound" : "Outbound", ipHeader.DestinationAddress.ToString(), tcpHeader.DestinationPort.ToString(), ipHeader.SourceAddress.ToString(), tcpHeader.SourcePort.ToString(), address.Direction == DivertDirection.Inbound ? string.Format("to process {0}", processName) : string.Format("from process {0}", processName) ); } if(address.Direction == DivertDirection.Outbound) { diversion.CalculateChecksums(buffer, receiveLength, 0); } diversion.SendAsync(buffer, receiveLength, address, ref sendLength); } diversion.Close(); }
private void ReadPacket(IPPacket packet) { switch (packet.Protocol) { case ProtocolType.IPv6HopByHopOptions: break; case ProtocolType.Icmp: break; case ProtocolType.Igmp: var igmpPacket = packet.Extract <IgmpV2Packet>(); if (igmpPacket != null) { } break; case ProtocolType.Gpg: break; case ProtocolType.IPv4: break; case ProtocolType.Tcp: var tcpPacket = packet.Extract <TcpPacket>(); if (tcpPacket != null) { var tcpHeader = new TCPHeader(tcpPacket); } break; case ProtocolType.Egp: break; case ProtocolType.Pup: break; case ProtocolType.Udp: var udpPacket = packet.Extract <UdpPacket>(); if (udpPacket != null) { var udpHeader = new UDPHeader(udpPacket); } break; case ProtocolType.Idp: break; case ProtocolType.TP: break; case ProtocolType.IPv6: break; case ProtocolType.IPv6RoutingHeader: break; case ProtocolType.IPv6FragmentHeader: break; case ProtocolType.Rsvp: break; case ProtocolType.Gre: break; case ProtocolType.IPSecEncapsulatingSecurityPayload: break; case ProtocolType.IPSecAuthenticationHeader: break; case ProtocolType.IcmpV6: var icmpv6Packet = packet.Extract <IcmpV6Packet>(); if (icmpv6Packet != null) { //MakeInformationUDP(udpHeader); } break; case ProtocolType.IPv6NoNextHeader: break; case ProtocolType.IPv6DestinationOptions: break; case ProtocolType.Ospf: break; case ProtocolType.Mtp: break; case ProtocolType.Encapsulation: break; case ProtocolType.Pim: break; case ProtocolType.CompressionHeader: break; case ProtocolType.MobilityHeader: break; case ProtocolType.HostIdentity: break; case ProtocolType.Shim6: break; case ProtocolType.Reserved253: break; case ProtocolType.Reserved254: break; case ProtocolType.Raw: break; default: break; } }
public void Run() { Log.Info(TAG, "Started"); try { Thread currentThread = Thread.CurrentThread(); while (true) { Packet currentPacket; // TODO: Block when not connected do { currentPacket = (Packet)inputQueue.Poll(); if (currentPacket != null) { break; } Thread.Sleep(10); } while (!currentThread.IsInterrupted); if (currentThread.IsInterrupted) { break; } ByteBuffer payloadBuffer = currentPacket.backingBuffer; currentPacket.backingBuffer = null; ByteBuffer responseBuffer = ByteBufferPool.acquire(); InetAddress destinationAddress = currentPacket.ip4Header.destinationAddress; TCPHeader tcpHeader = currentPacket.tcpHeader; int destinationPort = tcpHeader.destinationPort; int sourcePort = tcpHeader.sourcePort; Java.Lang.String ipAndPort = new Java.Lang.String(destinationAddress.HostAddress + ":" + destinationPort + ":" + sourcePort); System.Console.WriteLine("TCP Out: " + ipAndPort); TCB tcb = TCB.GetTCB(ipAndPort); if (tcb == null) { InitializeConnection(ipAndPort, destinationAddress, destinationPort, currentPacket, tcpHeader, responseBuffer); } else if (tcpHeader.isSYN()) { processDuplicateSYN(tcb, tcpHeader, responseBuffer); } else if (tcpHeader.isRST()) { CloseCleanly(tcb, responseBuffer); } else if (tcpHeader.isFIN()) { processFIN(tcb, tcpHeader, responseBuffer); } else if (tcpHeader.isACK()) { processACK(tcb, tcpHeader, payloadBuffer, responseBuffer); } // XXX: cleanup later if (responseBuffer.Position() == 0) { ByteBufferPool.Release(responseBuffer); } ByteBufferPool.Release(payloadBuffer); } } catch (InterruptedException e) { Log.Info(TAG, "Stopping"); } catch (IOException e) { Log.Error(TAG, e.ToString(), e); } finally { TCB.CloseAll(); } }
private void processACK(TCB tcb, TCPHeader tcpHeader, ByteBuffer payloadBuffer, ByteBuffer responseBuffer) { try { int payloadSize = payloadBuffer.Limit() - payloadBuffer.Position(); lock (tcb) { SocketChannel outputChannel = tcb.channel; if (tcb.status == TCB.TCBStatus.SYN_RECEIVED) { tcb.status = TCB.TCBStatus.ESTABLISHED; selector.Wakeup(); tcb.selectionKey = outputChannel.Register(selector, SelectionKey.OpRead, tcb); tcb.waitingForNetworkData = true; } else if (tcb.status == TCB.TCBStatus.LAST_ACK) { CloseCleanly(tcb, responseBuffer); return; } if (payloadSize == 0) { return; // Empty ACK, ignore } if (!tcb.waitingForNetworkData) { selector.Wakeup(); // tcb.selectionKey.InterestOps(SelectionKey.OpRead); tcb.selectionKey.InterestOps(); tcb.waitingForNetworkData = true; } // Forward to remote server try { while (payloadBuffer.HasRemaining) { outputChannel.Write(payloadBuffer); } } catch (IOException e) { Log.Error(TAG, "Network write error: " + tcb.ipAndPort, e); SendRST(tcb, payloadSize, responseBuffer); return; } // TODO: We don't expect out-of-order packets, but verify tcb.myAcknowledgementNum = tcpHeader.sequenceNumber + payloadSize; tcb.theirAcknowledgementNum = tcpHeader.acknowledgementNumber; Packet referencePacket = tcb.referencePacket; referencePacket.updateTCPBuffer(responseBuffer, (byte)TCPHeader.ACK, tcb.mySequenceNum, tcb.myAcknowledgementNum, 0); } outputQueue.Offer(responseBuffer); } catch (Exception ex) { System.Console.WriteLine(ex.Message); } }
public void AdicionaFrameTCP(IPHeader iph) { IPData = iph; switch (iph.ProtocolType) { case Protocol.TCP: TCPData = new TCPHeader(IPData.Data, IPData.MessageLength); if (labelIPEsquerda.Text == "") { labelIPEsquerda.Text = IPData.SourceAddress + ":" + TCPData.SourcePort; labellabelIPDireita.Text = IPData.DestinationAddress + ":" + TCPData.DestinationPort; } //FrameTCP.Flags = "SYN"; UserControlFrame u = new UserControlFrame(TCPData, iph.ListIndex); u.Location = new Point(0, panel1.Controls.Count * u.Height); ToolTip t = new ToolTip(); t.SetToolTip(u, "Ola, este é o dado Recebido..."); panel1.Controls.Add(u); if (labelIPEsquerda.Text == IPData.SourceAddress + ":" + TCPData.SourcePort) { u.SetDirection(0); } else { u.SetDirection(1); } break; case Protocol.UDP: break; case Protocol.Unknown: break; default: break; } }