public void ProcessPcap(string filePath)
{
try
{
RaiseFileProcessingStatusChangedEvent(FileProcessingStatus.Started, filePath);
_tcpSessionsBuilder.Clear();
_udpStreamBuilder.Clear();
ReadPcapFile(filePath);
// Raise event for each Tcp session that was built.
// TODO: think about detecting complete sessions on the fly and raising
// events accordingly.
foreach (var session in this._tcpSessionsBuilder.Sessions)
{
TcpSessionArrived?.Invoke(this, new TcpSessionArivedEventArgs()
{
TcpSession = session
});
}
foreach (var session in this._udpStreamBuilder.Sessions)
{
UdpSessionArrived?.Invoke(this, new UdpSessionArrivedEventArgs()
{
UdpSession = session
});
}
_processingPrecentsPredicator.NotifyAboutProcessedFile(new FileInfo(filePath));
RaiseFileProcessingStatusChangedEvent(FileProcessingStatus.Finished, filePath);
}
catch (Exception ex)
{
RaiseFileProcessingStatusChangedEvent(FileProcessingStatus.Faild, filePath);
}
}
private void HandleUnfinishedSessions()
{
_tcpSessionsBuilder.Sessions.AsParallel().ForAll(session => TcpSessionArrived?.Invoke(this, new TcpSessionArivedEventArgs()
{
TcpSession = session
}));
_udpStreamBuilder.Sessions.AsParallel().ForAll(session => UdpSessionArrived?.Invoke(this, new UdpSessionArrivedEventArgs()
{
UdpSession = session
}));
}
public void ProcessPcap(string filePath)
{
try
{
FileProcessingStarted?.Invoke(this, new FileProcessingStartedEventArgs()
{
FilePath = filePath
});
_tcpSessionsBuilder.Clear();
_udpStreamBuilder.Clear();
// Get an offline device, handle packets registering for the Packet
// Arrival event and start capturing from that file.
// NOTE: the capture function is blocking.
ICaptureDevice device = new CaptureFileReaderDevice(filePath);
device.OnPacketArrival += new PacketArrivalEventHandler(ProcessPacket);
device.Open();
device.Capture();
// Raise event for each Tcp session that was built.
// TODO: think about detecting complete sesions on the fly and raising
// events accordingly.
foreach (var session in this._tcpSessionsBuilder.Sessions)
{
TcpSessionArrived?.Invoke(this, new TcpSessionArivedEventArgs()
{
TcpSession = session
});
}
foreach (var session in this._udpStreamBuilder.Sessions)
{
UdpSessionArrived?.Invoke(this, new UdpSessionArrivedEventArgs()
{
UdpSession = session
});
}
_processingPrecentsPredicator.NotifyAboutProcessedFile(new FileInfo(filePath));
FileProcessingEnded?.Invoke(this, new FileProcessingEndedEventArgs()
{
FilePath = filePath
});
}
catch (Exception ex)
{
//throw new PcapFileProcessingException(filePath);
}
}
private void ProcessPacket(PacketDotNet.Packet packet)
{
try
{
var tcpPacket = packet.Extract <PacketDotNet.TcpPacket>();
var udpPacket = packet.Extract <PacketDotNet.UdpPacket>();
if (udpPacket != null)
{
var ipPacket = (PacketDotNet.IPPacket)udpPacket.ParentPacket;
UdpPacketArived?.Invoke(this, new UdpPacketArivedEventArgs
{
Packet = new UdpPacket
{
SourcePort = udpPacket.SourcePort,
DestinationPort = udpPacket.DestinationPort,
SourceIp = ipPacket.SourceAddress.ToString(),
DestinationIp = ipPacket.DestinationAddress.ToString(),
Data = udpPacket.PayloadData ?? new byte[] { }
}
});
if (this.BuildUdpSessions)
{
this._udpStreamBuilder.HandlePacket(udpPacket);
}
}
else if (tcpPacket != null)
{
var ipPacket = (PacketDotNet.IPPacket)tcpPacket.ParentPacket;
// Raise event Tcp packet arived event.
TcpPacketArived?.Invoke(this, new TcpPacketArivedEventArgs
{
Packet = new TcpPacket
{
SourcePort = tcpPacket.SourcePort,
DestinationPort = tcpPacket.DestinationPort,
SourceIp = ipPacket.SourceAddress.ToString(),
DestinationIp = ipPacket.DestinationAddress.ToString(),
Data = tcpPacket.PayloadData ?? new byte[] { }
}
});
if (this.BuildTcpSessions)
{
this._tcpSessionsBuilder.HandlePacket(tcpPacket);
_tcpSessionsBuilder.completedSessions.AsParallel().ForAll((session) =>
{
TcpSessionArrived?.Invoke(this, new TcpSessionArivedEventArgs()
{
TcpSession = session
});
_tcpSessionsBuilder.completedSessions.Remove(session);
});
}
}
}
catch (Exception ex)
{
// TODO: handle or throw this
//Console.WriteLine(ex);
}
}
