public void ProcessPcap(string filePath) { try { RaiseFileProcessingStatusChangedEvent(FileProcessingStatus.Started, filePath); _tcpSessionsBuilder.Clear(); _udpStreamBuilder.Clear(); ReadPcapFile(filePath); // Raise event for each Tcp session that was built. // TODO: think about detecting complete sessions on the fly and raising // events accordingly. foreach (var session in this._tcpSessionsBuilder.Sessions) { TcpSessionArrived?.Invoke(this, new TcpSessionArivedEventArgs() { TcpSession = session }); } foreach (var session in this._udpStreamBuilder.Sessions) { UdpSessionArrived?.Invoke(this, new UdpSessionArrivedEventArgs() { UdpSession = session }); } _processingPrecentsPredicator.NotifyAboutProcessedFile(new FileInfo(filePath)); RaiseFileProcessingStatusChangedEvent(FileProcessingStatus.Finished, filePath); } catch (Exception ex) { RaiseFileProcessingStatusChangedEvent(FileProcessingStatus.Faild, filePath); } }
private void HandleUnfinishedSessions() { _tcpSessionsBuilder.Sessions.AsParallel().ForAll(session => TcpSessionArrived?.Invoke(this, new TcpSessionArivedEventArgs() { TcpSession = session })); _udpStreamBuilder.Sessions.AsParallel().ForAll(session => UdpSessionArrived?.Invoke(this, new UdpSessionArrivedEventArgs() { UdpSession = session })); }
public void ProcessPcap(string filePath) { try { FileProcessingStarted?.Invoke(this, new FileProcessingStartedEventArgs() { FilePath = filePath }); _tcpSessionsBuilder.Clear(); _udpStreamBuilder.Clear(); // Get an offline device, handle packets registering for the Packet // Arrival event and start capturing from that file. // NOTE: the capture function is blocking. ICaptureDevice device = new CaptureFileReaderDevice(filePath); device.OnPacketArrival += new PacketArrivalEventHandler(ProcessPacket); device.Open(); device.Capture(); // Raise event for each Tcp session that was built. // TODO: think about detecting complete sesions on the fly and raising // events accordingly. foreach (var session in this._tcpSessionsBuilder.Sessions) { TcpSessionArrived?.Invoke(this, new TcpSessionArivedEventArgs() { TcpSession = session }); } foreach (var session in this._udpStreamBuilder.Sessions) { UdpSessionArrived?.Invoke(this, new UdpSessionArrivedEventArgs() { UdpSession = session }); } _processingPrecentsPredicator.NotifyAboutProcessedFile(new FileInfo(filePath)); FileProcessingEnded?.Invoke(this, new FileProcessingEndedEventArgs() { FilePath = filePath }); } catch (Exception ex) { //throw new PcapFileProcessingException(filePath); } }
private void ProcessPacket(PacketDotNet.Packet packet) { try { var tcpPacket = packet.Extract <PacketDotNet.TcpPacket>(); var udpPacket = packet.Extract <PacketDotNet.UdpPacket>(); if (udpPacket != null) { var ipPacket = (PacketDotNet.IPPacket)udpPacket.ParentPacket; UdpPacketArived?.Invoke(this, new UdpPacketArivedEventArgs { Packet = new UdpPacket { SourcePort = udpPacket.SourcePort, DestinationPort = udpPacket.DestinationPort, SourceIp = ipPacket.SourceAddress.ToString(), DestinationIp = ipPacket.DestinationAddress.ToString(), Data = udpPacket.PayloadData ?? new byte[] { } } }); if (this.BuildUdpSessions) { this._udpStreamBuilder.HandlePacket(udpPacket); } } else if (tcpPacket != null) { var ipPacket = (PacketDotNet.IPPacket)tcpPacket.ParentPacket; // Raise event Tcp packet arived event. TcpPacketArived?.Invoke(this, new TcpPacketArivedEventArgs { Packet = new TcpPacket { SourcePort = tcpPacket.SourcePort, DestinationPort = tcpPacket.DestinationPort, SourceIp = ipPacket.SourceAddress.ToString(), DestinationIp = ipPacket.DestinationAddress.ToString(), Data = tcpPacket.PayloadData ?? new byte[] { } } }); if (this.BuildTcpSessions) { this._tcpSessionsBuilder.HandlePacket(tcpPacket); _tcpSessionsBuilder.completedSessions.AsParallel().ForAll((session) => { TcpSessionArrived?.Invoke(this, new TcpSessionArivedEventArgs() { TcpSession = session }); _tcpSessionsBuilder.completedSessions.Remove(session); }); } } } catch (Exception ex) { // TODO: handle or throw this //Console.WriteLine(ex); } }