// tcp public void VerifyPacket1(Packet p, RawCapture rawCapture) { Console.WriteLine(p.ToString()); EthernetPacket e = (EthernetPacket)p; Assert.AreEqual("0016CFC91E29", e.SourceHwAddress.ToString()); Assert.AreEqual("0014BFF2EF0A", e.DestinationHwAddress.ToString()); IpPacket ip = (IpPacket)p.PayloadPacket; Assert.AreEqual(System.Net.IPAddress.Parse("192.168.1.104"), ip.SourceAddress); Assert.AreEqual(System.Net.IPAddress.Parse("86.42.196.13"), ip.DestinationAddress); Assert.AreEqual(64, ip.TimeToLive); Assert.AreEqual(0x2ff4, ((IPv4Packet)ip).CalculateIPChecksum()); Assert.AreEqual(1171483600, rawCapture.Timeval.Seconds); Assert.AreEqual(125234.000, rawCapture.Timeval.MicroSeconds); TcpPacket tcp = (TcpPacket)ip.PayloadPacket; Assert.AreEqual(56925, tcp.SourcePort); Assert.AreEqual(50199, tcp.DestinationPort); Assert.IsTrue(tcp.Ack); Assert.IsTrue(tcp.Psh); Assert.AreEqual(16666, tcp.WindowSize); Assert.AreEqual(0x9b02, tcp.CalculateTCPChecksum()); Assert.AreEqual(0x9b02, tcp.Checksum); Assert.IsTrue(tcp.ValidTCPChecksum); }
// tcp public void VerifyPacket0(Packet p, RawCapture rawCapture) { Console.WriteLine(p.ToString()); EthernetPacket e = (EthernetPacket)p; Assert.AreEqual(PhysicalAddress.Parse("00-13-10-03-71-47"), e.SourceHwAddress); Assert.AreEqual(PhysicalAddress.Parse("00-E0-4C-E5-73-AD"), e.DestinationHwAddress); IpPacket ip = (IpPacket)e.PayloadPacket; Assert.AreEqual(System.Net.IPAddress.Parse("82.165.240.134"), ip.SourceAddress); Assert.AreEqual(System.Net.IPAddress.Parse("192.168.1.221"), ip.DestinationAddress); Assert.AreEqual(IpVersion.IPv4, ip.Version); Assert.AreEqual(IPProtocolType.TCP, ip.Protocol); Assert.AreEqual(254, ip.TimeToLive); Assert.AreEqual(0x0df8, ((IPv4Packet)ip).CalculateIPChecksum()); Assert.AreEqual(1176685346, rawCapture.Timeval.Seconds); Assert.AreEqual(885259.000, rawCapture.Timeval.MicroSeconds); TcpPacket tcp = (TcpPacket)ip.PayloadPacket; Assert.AreEqual(80, tcp.SourcePort); Assert.AreEqual(4324, tcp.DestinationPort); Assert.IsTrue(tcp.Ack); Assert.AreEqual(3536, tcp.WindowSize); Assert.AreEqual(0xc835, tcp.CalculateTCPChecksum()); Console.WriteLine("tcp.Checksum is {0}", tcp.Checksum); Assert.AreEqual(0xc835, tcp.Checksum, "tcp.Checksum mismatch"); Assert.IsTrue(tcp.ValidTCPChecksum); }
//handles how packets are processed for connectivity check. if there are packts, sets flag to true. same logic as PacketHandler private static void DeviceConnectivityHandler(object sender, CaptureEventArgs e) { PacketDotNet.Packet packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data); string details = string.Format("{0}", packet.ToString()); if ((!string.IsNullOrEmpty(details)) && (!string.IsNullOrWhiteSpace(details))) { isDeviceActive = true; } }
// icmpv6 public void VerifyPacket0(Packet p, RawCapture rawCapture) { Assert.IsNotNull(p); Console.WriteLine(p.ToString()); EthernetPacket e = (EthernetPacket)p; Assert.AreEqual(PhysicalAddress.Parse("00-A0-CC-D9-41-75"), e.SourceHwAddress); Assert.AreEqual(PhysicalAddress.Parse("33-33-00-00-00-02"), e.DestinationHwAddress); var ip = IpPacket.GetEncapsulated(p); Console.WriteLine("ip {0}", ip.ToString()); Assert.AreEqual(System.Net.IPAddress.Parse("fe80::2a0:ccff:fed9:4175"), ip.SourceAddress); Assert.AreEqual(System.Net.IPAddress.Parse("ff02::2"), ip.DestinationAddress); Assert.AreEqual(IpVersion.IPv6, ip.Version); Assert.AreEqual(IPProtocolType.ICMPV6, ip.Protocol); Assert.AreEqual(16, ip.PayloadPacket.Bytes.Length, "ip.PayloadPacket.Bytes.Length mismatch"); Assert.AreEqual(255, ip.HopLimit); Assert.AreEqual(255, ip.TimeToLive); Assert.AreEqual(0x3a, (byte)ip.NextHeader); Console.WriteLine("Failed: ip.ComputeIPChecksum() not implemented."); Assert.AreEqual(1221145299, rawCapture.Timeval.Seconds); Assert.AreEqual(453568.000, rawCapture.Timeval.MicroSeconds); }
// udp public void VerifyPacket2(Packet p, RawCapture rawCapture) { Console.WriteLine(p.ToString()); EthernetPacket e = (EthernetPacket)p; Assert.AreEqual("0014BFF2EF0A", e.SourceHwAddress.ToString()); Assert.AreEqual("0016CFC91E29", e.DestinationHwAddress.ToString()); var ip = (IpPacket)p.Extract (typeof(IpPacket)); Assert.AreEqual(System.Net.IPAddress.Parse("172.210.164.56"), ip.SourceAddress); Assert.AreEqual(System.Net.IPAddress.Parse("192.168.1.104"), ip.DestinationAddress); Assert.AreEqual(IpVersion.IPv4, ip.Version); Assert.AreEqual(IPProtocolType.UDP, ip.Protocol); Assert.AreEqual(112, ip.TimeToLive); Assert.AreEqual(0xe0a2, ((IPv4Packet)ip).CalculateIPChecksum()); Assert.AreEqual(1171483602, rawCapture.Timeval.Seconds); Assert.AreEqual(578641.000, rawCapture.Timeval.MicroSeconds); var udp = (UdpPacket)p.Extract(typeof(UdpPacket)); Assert.AreEqual(52886, udp.SourcePort); Assert.AreEqual(56924, udp.DestinationPort); Assert.AreEqual(71, udp.Length); Assert.AreEqual(0xc8b8, udp.Checksum); }
// icmp public void VerifyPacket5(Packet p, RawCapture rawCapture) { Console.WriteLine(p.ToString()); EthernetPacket e = (EthernetPacket)p; Assert.AreEqual("0016CFC91E29", e.SourceHwAddress.ToString()); Assert.AreEqual("0014BFF2EF0A", e.DestinationHwAddress.ToString()); var ip = (IpPacket)p.Extract (typeof(IpPacket)); Assert.AreEqual(System.Net.IPAddress.Parse("192.168.1.104"), ip.SourceAddress); Assert.AreEqual(System.Net.IPAddress.Parse("85.195.52.22"), ip.DestinationAddress); }
// arp public void VerifyPacket4(Packet p, RawCapture rawCapture) { Console.WriteLine(p.ToString()); EthernetPacket e = (EthernetPacket)p; Assert.AreEqual("0018F84B17A0", e.SourceHwAddress.ToString()); Assert.AreEqual("FFFFFFFFFFFF", e.DestinationHwAddress.ToString()); }
// dns public void VerifyPacket3(Packet p, RawCapture rawCapture) { Console.WriteLine(p.ToString()); EthernetPacket e = (EthernetPacket)p; Assert.AreEqual("0016CFC91E29", e.SourceHwAddress.ToString()); Assert.AreEqual("0014BFF2EF0A", e.DestinationHwAddress.ToString()); var ip = (IpPacket)p.Extract (typeof(IpPacket)); Assert.AreEqual(System.Net.IPAddress.Parse("192.168.1.172"), ip.SourceAddress); Assert.AreEqual(System.Net.IPAddress.Parse("66.189.0.29"), ip.DestinationAddress); Assert.AreEqual(IPProtocolType.UDP, ip.Protocol); Assert.AreEqual(0x7988, ((IPv4Packet)ip).CalculateIPChecksum()); var udp = (UdpPacket)p.Extract (typeof(UdpPacket)); Assert.AreEqual(3619, udp.SourcePort); Assert.AreEqual(53, udp.DestinationPort); Assert.AreEqual(47, udp.Length); Assert.AreEqual(0xbe2d, udp.Checksum); }
/* * handles how packets are processed. prints off timestamp, length of packet, and readable packet information * saves each packet to a queue for later processing. email admin if there are any issues */ private static void PacketHandler(object sender, CaptureEventArgs e) { try { PacketDotNet.Packet packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data); DateTime time = e.Packet.Timeval.Date; int length = e.Packet.Data.Length; string details = string.Format("{0} Length={1}\n{2}\n\n", DateTime.Now, length, packet.ToString()); Console.WriteLine(details); currentDetailsQueue.AppendLine(details); IPv4Packet ipv4Packet = packet.PayloadPacket as IPv4Packet; if ((currentTrafficQueue.Contains(ipv4Packet.SourceAddress) == false) && (ipv4Packet.SourceAddress.ToString().Contains("192.168") == false)) { currentTrafficQueue.Add(ipv4Packet.SourceAddress); } } catch (Exception exception) { Security.CheckInternetConnection(); Security.EmailAdmin(exception.ToString(), "PacketHandler"); } }
/// <summary> /// 从一个数据包中读取并填充需要的参数 /// </summary> /// <param name="packet"></param> /// <param name="src"></param> /// <param name="dest"></param> /// <param name="protocol"></param> /// <param name="description"></param> internal static void getInfoFromPacket(Packet packet, ref string src, ref string dest, ref string protocol, ref string description) { if (packet == null) { return; } description = packet.ToString(); if (packet is EthernetPacket) { //这样是为了保护原来的Packet被强制类型转换后无法恢复 Packet tmpPacket = packet; EthernetPacket p = (EthernetPacket)tmpPacket; src = p.SourceHwAddress.ToString(); dest = p.DestinationHwAddress.ToString(); protocol = "0X" + p.Type.ToString("X"); } if (packet is ARPPacket) { Packet tmpPacket = packet; ARPPacket p = (ARPPacket)tmpPacket; src = p.SenderProtocolAddress.ToString(); dest = p.TargetProtocolAddress.ToString(); protocol = "0X" + p.ProtocolAddressType.ToString("X"); } if (packet is IpPacket) { Packet tmpPacket = packet; IpPacket p = (IpPacket)tmpPacket; src = p.SourceAddress.ToString(); dest = p.DestinationAddress.ToString(); protocol = p.Protocol.ToString(); } //采用递归,检查一边包的子包 getInfoFromPacket(packet.PayloadPacket, ref src, ref dest, ref protocol, ref description); }
public void ReportPacketCapture(Packet packet, DateTime arrivalTime) { Console.WriteLine("packet captured" + packet.ToString(StringOutputType.Normal).Substring(0, 40)); }
private void OutputPacket(Packet p, StringOutputType outputType) { Console.WriteLine(currentPacketDescription + " - " + outputType); Console.Write(p.ToString(outputType)); if(outputType == StringOutputType.Verbose || outputType == StringOutputType.VerboseColored) Console.Write(p.PrintHex()); Console.WriteLine(); }