public ResourceRecord(DnsPacket parentPacket, int startIndex) { this.parentPacket = parentPacket; int typeStartOffset; List <NameLabel> nameLabelList = GetNameLabelList(parentPacket.ParentFrame.Data, parentPacket.PacketStartIndex, startIndex - parentPacket.PacketStartIndex, out typeStartOffset); this.answerRequestedNameDecoded = new string[nameLabelList.Count]; for (int i = 0; i < nameLabelList.Count; i++) { this.answerRequestedNameDecoded[i] = nameLabelList[i].ToString(); } /* * this.answerType=ByteConverter.ToUInt16(parentPacket.ParentFrame.Data, startIndex+2); * this.answerClass=ByteConverter.ToUInt16(parentPacket.ParentFrame.Data, startIndex+4); * this.answerTimeToLive=ByteConverter.ToUInt32(parentPacket.ParentFrame.Data, startIndex+6); * this.answerDataLength=ByteConverter.ToUInt16(parentPacket.ParentFrame.Data, startIndex+10); */ this.answerType = Utils.ByteConverter.ToUInt16(parentPacket.ParentFrame.Data, parentPacket.PacketStartIndex + typeStartOffset); this.answerClass = Utils.ByteConverter.ToUInt16(parentPacket.ParentFrame.Data, parentPacket.PacketStartIndex + typeStartOffset + 2); this.answerTimeToLive = Utils.ByteConverter.ToUInt32(parentPacket.ParentFrame.Data, parentPacket.PacketStartIndex + typeStartOffset + 4); this.answerDataLength = Utils.ByteConverter.ToUInt16(parentPacket.ParentFrame.Data, parentPacket.PacketStartIndex + typeStartOffset + 8); //this.recordByteCount=12+answerDataLength; this.recordByteCount = typeStartOffset - startIndex + parentPacket.PacketStartIndex + 10 + answerDataLength; //kolla.... if (parentPacket.Flags.OperationCode == (byte)HeaderFlags.OperationCodes.Query && this.answerType != (ushort)RRTypes.CNAME) { this.answerRepliedNameDecoded = new string[answerDataLength]; for (int i = 0; i < answerDataLength; i++) { this.answerRepliedNameDecoded[i] = parentPacket.ParentFrame.Data[startIndex + 12 + i].ToString(); } } else if (parentPacket.Flags.OperationCode == (byte)HeaderFlags.OperationCodes.Query && this.answerType == (ushort)RRTypes.CNAME) { List <NameLabel> answerRepliedName = GetNameLabelList(parentPacket.ParentFrame.Data, parentPacket.PacketStartIndex, startIndex + 12 - parentPacket.PacketStartIndex, out typeStartOffset); this.answerRepliedNameDecoded = new string[answerRepliedName.Count]; for (int i = 0; i < answerRepliedName.Count; i++) { this.answerRepliedNameDecoded[i] = answerRepliedName[i].ToString(); } } else if (parentPacket.Flags.OperationCode == (byte)HeaderFlags.OperationCodes.InverseQuery) { //nameLabelList=GetNameLabelList(parentPacket.ParentFrame.Data, startIndex+12); nameLabelList = GetNameLabelList(parentPacket.ParentFrame.Data, parentPacket.PacketStartIndex, startIndex + 12 - parentPacket.PacketStartIndex, out typeStartOffset); this.answerRepliedNameDecoded = new string[nameLabelList.Count]; for (int i = 0; i < nameLabelList.Count; i++) { this.answerRepliedNameDecoded[i] = nameLabelList[i].ToString(); } } }
//answer //authority //additional public static bool TryParse(Frame parentFrame, int packetStartIndex, int packetEndIndex, bool lengthPrefix, out DnsPacket dnsPacket) { //const int MAX_LENGTH = ushort.MaxValue;//64 kB dnsPacket = null; if (lengthPrefix) { ushort packetLength = Utils.ByteConverter.ToUInt16(parentFrame.Data, packetStartIndex); if (packetLength < 4) { return(false); } else if (packetStartIndex + packetLength + 1 > packetEndIndex) { return(false); } } try { dnsPacket = new DnsPacket(parentFrame, packetStartIndex, packetEndIndex, lengthPrefix); return(true); } catch { return(false); } }
public ResponseWithErrorCode(DnsPacket parentPacket) { this.parentPacket = parentPacket; }
private AbstractPacket GetProtocolPacket(ApplicationLayerProtocol protocol, bool clientToServer) { AbstractPacket packet = null; if (protocol == ApplicationLayerProtocol.Dns) { if (DnsPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, true, out DnsPacket dnsPacket)) { return(dnsPacket); } } else if (protocol == ApplicationLayerProtocol.FtpControl) { if (FtpPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, clientToServer, out packet)) { return(packet); } } else if (protocol == ApplicationLayerProtocol.Http) { if (HttpPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, out packet)) { return(packet); } } else if (protocol == ApplicationLayerProtocol.Http2) { if (Http2Packet.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, out packet)) { return(packet); } } else if (protocol == ApplicationLayerProtocol.Irc) { if (IrcPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, out packet)) { return(packet); } } else if (protocol == ApplicationLayerProtocol.IEC_104) { if (IEC_60870_5_104Packet.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, out packet)) { return(packet); } } else if (protocol == ApplicationLayerProtocol.Imap) { return(new ImapPacket(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, clientToServer)); } else if (protocol == ApplicationLayerProtocol.Kerberos) { return(new KerberosPacket(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, true)); } else if (protocol == ApplicationLayerProtocol.Lpd) { if (LpdPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, clientToServer, out packet)) { return(packet); } } else if (protocol == ApplicationLayerProtocol.ModbusTCP) { if (ModbusTcpPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, this.sourcePort, this.destinationPort, out packet)) { return(packet); } } else if (protocol == ApplicationLayerProtocol.NetBiosNameService) { return(new NetBiosNameServicePacket(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex)); } else if (protocol == ApplicationLayerProtocol.NetBiosSessionService) { if (NetBiosSessionService.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, this.sourcePort, this.destinationPort, out packet, this.IsVirtualPacketFromTrailingDataInTcpSegment)) { return(packet); } } else if (protocol == ApplicationLayerProtocol.OpenFlow) { if (OpenFlowPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, out packet)) { return(packet); } } else if (protocol == ApplicationLayerProtocol.Oscar) { if (OscarPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, out packet)) { return(packet); } } else if (protocol == ApplicationLayerProtocol.OscarFileTransfer) { if (OscarFileTransferPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, out packet)) { return(packet); } } else if (protocol == ApplicationLayerProtocol.Pop3) { return(new Pop3Packet(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, clientToServer)); } else if (protocol == ApplicationLayerProtocol.Sip) { return(new SipPacket(this.ParentFrame, this.PacketStartIndex + this.DataOffsetByteCount, this.PacketEndIndex)); } else if (protocol == ApplicationLayerProtocol.Smtp) { return(new SmtpPacket(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, clientToServer)); } else if (protocol == ApplicationLayerProtocol.Socks) { if (SocksPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, clientToServer, out packet)) { return(packet); } } else if (protocol == ApplicationLayerProtocol.SpotifyServerProtocol) { if (SpotifyKeyExchangePacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, clientToServer, out packet)) { return(packet); } } else if (protocol == ApplicationLayerProtocol.Ssh) { if (SshPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, out packet)) { return(packet); } } else if (protocol == ApplicationLayerProtocol.Ssl) { if (SslPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, out packet)) { return(packet); } } else if (protocol == ApplicationLayerProtocol.TabularDataStream) { return(new TabularDataStreamPacket(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex)); } else if (protocol == ApplicationLayerProtocol.Tpkt) { if (TpktPacket.TryParse(ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, this, out packet)) { return(packet); } } return(packet); }
public override IEnumerable <AbstractPacket> GetSubPackets(bool includeSelfReference) { if (includeSelfReference) { yield return(this); } //List<Packet> subPackets=new List<Packet>(); if (PacketStartIndex + 8 < PacketEndIndex) { AbstractPacket packet; ApplicationLayerProtocol l7Protocol = UdpPortProtocolFinder.Instance.GetApplicationLayerProtocol(FiveTuple.TransportProtocol.UDP, sourcePort, destinationPort); if (l7Protocol == ApplicationLayerProtocol.Unknown && UdpPortProtocolFinder.PipiInstance != null) { l7Protocol = UdpPortProtocolFinder.PipiInstance.GetApplicationLayerProtocol(this);//do a second attempt using PIPI (NM Pro only) } if (l7Protocol == ApplicationLayerProtocol.Dns) //DNS or Multicast DNS http://www.multicastdns.org/ { try { packet = new DnsPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex); } catch (Exception e) { if (!this.ParentFrame.QuickParse) { ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse DNS packet (" + e.Message + ")")); } packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex); } } else if (l7Protocol == ApplicationLayerProtocol.Dhcp) { try { packet = new DhcpPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex); } catch (Exception e) { if (!this.ParentFrame.QuickParse) { ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse DHCP (or BOOTP) protocol: " + e.Message)); } packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex); } } else if (l7Protocol == ApplicationLayerProtocol.Tftp) { try { packet = new TftpPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex); } catch (Exception e) { if (!this.ParentFrame.QuickParse) { ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse NetBiosNameServicePacket packet (" + e.Message + ")")); } packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex); } } else if (l7Protocol == ApplicationLayerProtocol.NetBiosNameService) { try { packet = new NetBiosNameServicePacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex); } catch (Exception e) { if (!this.ParentFrame.QuickParse) { ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse NetBiosNameServicePacket packet (" + e.Message + ")")); } packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex); } } else if (l7Protocol == ApplicationLayerProtocol.NetBiosDatagramService) { try { packet = new NetBiosDatagramServicePacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex); } catch (Exception e) { if (!this.ParentFrame.QuickParse) { ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse NetBiosDatagramServicePacket packet (" + e.Message + ")")); } packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex); } } else if (l7Protocol == ApplicationLayerProtocol.Snmp) { try { packet = new SnmpPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex); } catch (Exception e) { if (!this.ParentFrame.QuickParse) { ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse SNMP packet (" + e.Message + ")")); } packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex); } } else if (l7Protocol == ApplicationLayerProtocol.Syslog) { try { packet = new SyslogPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex); } catch (Exception e) { if (!this.ParentFrame.QuickParse) { ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse Syslog packet (" + e.Message + ")")); } packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex); } } else if (l7Protocol == ApplicationLayerProtocol.Upnp) { try { packet = new UpnpPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex); } catch (Exception e) { if (!this.ParentFrame.QuickParse) { ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse UPnP packet (" + e.Message + ")")); } packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex); } } else if (l7Protocol == ApplicationLayerProtocol.Sip) { try { packet = new SipPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex); } catch (Exception e) { if (!this.ParentFrame.QuickParse) { ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse SIP packet (" + e.Message + ")")); } packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex); } } else if (l7Protocol == ApplicationLayerProtocol.Rtp) { try { packet = new RtpPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex); } catch (Exception e) { if (!this.ParentFrame.QuickParse) { ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse RTP packet (" + e.Message + ")")); } packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex); } } else if (l7Protocol == ApplicationLayerProtocol.VXLAN) { try { packet = new VxlanPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex); } catch (Exception e) { if (!this.ParentFrame.QuickParse) { ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse VXLAN packet (" + e.Message + ")")); } packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex); } } else { packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex); } yield return(packet); foreach (AbstractPacket subPacket in packet.GetSubPackets(false)) { yield return(subPacket); } } }
//answer //authority //additional public static bool TryParse(Frame parentFrame, int packetStartIndex, int packetEndIndex, bool lengthPrefix, out DnsPacket dnsPacket) { const ushort INSANE_MAX_LENGTH = 0x8000;//32 kB dnsPacket = null; if (lengthPrefix) { ushort packetLength = Utils.ByteConverter.ToUInt16(parentFrame.Data, packetStartIndex); if (packetLength < 4) { return(false); } else if (packetLength > INSANE_MAX_LENGTH) { return(false); } } try { dnsPacket = new DnsPacket(parentFrame, packetStartIndex, packetEndIndex, lengthPrefix); return(true); } catch { return(false); } }
public override IEnumerable <AbstractPacket> GetSubPackets(bool includeSelfReference) { if (includeSelfReference) { yield return(this); } //List<Packet> subPackets=new List<Packet>(); if (PacketStartIndex + 8 < PacketEndIndex) { AbstractPacket packet; /* * if(destinationPort==53 || sourcePort==53 || destinationPort==5353 || sourcePort==5353) {//DNS or Multicast DNS http://www.multicastdns.org/ * try { * packet=new DnsPacket(ParentFrame, PacketStartIndex+8, PacketEndIndex); * } * catch(Exception e) { * if (!this.ParentFrame.QuickParse) * ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex+8, PacketEndIndex, "Cannot parse DNS packet ("+e.Message+")")); * packet=new RawPacket(ParentFrame, PacketStartIndex+8, PacketEndIndex); * } * } * else if(destinationPort==67 || destinationPort==68 || sourcePort==67 || sourcePort==68) { * try { * packet=new DhcpPacket(ParentFrame, PacketStartIndex+8, PacketEndIndex); * } * catch(Exception e) { * if (!this.ParentFrame.QuickParse) * ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex+8, PacketEndIndex, "Cannot parse DHCP (or BOOTP) protocol: "+e.Message)); * packet=new RawPacket(ParentFrame, PacketStartIndex+8, PacketEndIndex); * } * * } * else if(destinationPort==69 || sourcePort==69) { * try { * packet=new TftpPacket(ParentFrame, PacketStartIndex+8, PacketEndIndex); * } * catch(Exception e) { * if (!this.ParentFrame.QuickParse) * ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex+8, PacketEndIndex, "Cannot parse NetBiosNameServicePacket packet ("+e.Message+")")); * packet=new RawPacket(ParentFrame, PacketStartIndex+8, PacketEndIndex); * } * } * else if(destinationPort==137 || sourcePort==137) { * try { * packet=new NetBiosNameServicePacket(ParentFrame, PacketStartIndex+8, PacketEndIndex); * } * catch(Exception e) { * if (!this.ParentFrame.QuickParse) * ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex+8, PacketEndIndex, "Cannot parse NetBiosNameServicePacket packet ("+e.Message+")")); * packet=new RawPacket(ParentFrame, PacketStartIndex+8, PacketEndIndex); * } * } * else if(destinationPort==138 || sourcePort==138) { * try { * packet=new NetBiosDatagramServicePacket(ParentFrame, PacketStartIndex+8, PacketEndIndex); * } * catch(Exception e) { * if (!this.ParentFrame.QuickParse) * ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex+8, PacketEndIndex, "Cannot parse NetBiosDatagramServicePacket packet ("+e.Message+")")); * packet=new RawPacket(ParentFrame, PacketStartIndex+8, PacketEndIndex); * } * } * else if (destinationPort == 514 || sourcePort == 514) { * try { * packet = new SyslogPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex); * } * catch (Exception e) { * if (!this.ParentFrame.QuickParse) * ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse Syslog packet (" + e.Message + ")")); * packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex); * } * } * else if(destinationPort==1900 || sourcePort==1900) { * try { * packet=new UpnpPacket(ParentFrame, PacketStartIndex+8, PacketEndIndex); * } * catch(Exception e) { * if (!this.ParentFrame.QuickParse) * ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex+8, PacketEndIndex, "Cannot parse UPnP packet ("+e.Message+")")); * packet=new RawPacket(ParentFrame, PacketStartIndex+8, PacketEndIndex); * } * } * else if(destinationPort==5060 || sourcePort==5060) { * try { * packet=new SipPacket(ParentFrame, PacketStartIndex+8, PacketEndIndex); * } * catch(Exception e) { * if (!this.ParentFrame.QuickParse) * ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex+8, PacketEndIndex, "Cannot parse SIP packet ("+e.Message+")")); * packet=new RawPacket(ParentFrame, PacketStartIndex+8, PacketEndIndex); * } * } * else { * packet=new RawPacket(ParentFrame, PacketStartIndex+8, PacketEndIndex); * } * */ ApplicationLayerProtocol l7Protocol = UdpPortProtocolFinder.Instance.GetApplicationLayerProtocol(FiveTuple.TransportProtocol.UDP, sourcePort, destinationPort); if (l7Protocol == ApplicationLayerProtocol.Dns) //DNS or Multicast DNS http://www.multicastdns.org/ { try { packet = new DnsPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex); } catch (Exception e) { if (!this.ParentFrame.QuickParse) { ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse DNS packet (" + e.Message + ")")); } packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex); } } else if (l7Protocol == ApplicationLayerProtocol.Dhcp) { try { packet = new DhcpPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex); } catch (Exception e) { if (!this.ParentFrame.QuickParse) { ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse DHCP (or BOOTP) protocol: " + e.Message)); } packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex); } } else if (l7Protocol == ApplicationLayerProtocol.Tftp) { try { packet = new TftpPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex); } catch (Exception e) { if (!this.ParentFrame.QuickParse) { ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse NetBiosNameServicePacket packet (" + e.Message + ")")); } packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex); } } else if (l7Protocol == ApplicationLayerProtocol.NetBiosNameService) { try { packet = new NetBiosNameServicePacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex); } catch (Exception e) { if (!this.ParentFrame.QuickParse) { ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse NetBiosNameServicePacket packet (" + e.Message + ")")); } packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex); } } else if (l7Protocol == ApplicationLayerProtocol.NetBiosDatagramService) { try { packet = new NetBiosDatagramServicePacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex); } catch (Exception e) { if (!this.ParentFrame.QuickParse) { ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse NetBiosDatagramServicePacket packet (" + e.Message + ")")); } packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex); } } else if (l7Protocol == ApplicationLayerProtocol.Syslog) { try { packet = new SyslogPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex); } catch (Exception e) { if (!this.ParentFrame.QuickParse) { ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse Syslog packet (" + e.Message + ")")); } packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex); } } else if (l7Protocol == ApplicationLayerProtocol.Upnp) { try { packet = new UpnpPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex); } catch (Exception e) { if (!this.ParentFrame.QuickParse) { ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse UPnP packet (" + e.Message + ")")); } packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex); } } else if (l7Protocol == ApplicationLayerProtocol.Sip) { try { packet = new SipPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex); } catch (Exception e) { if (!this.ParentFrame.QuickParse) { ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse SIP packet (" + e.Message + ")")); } packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex); } } else if (l7Protocol == ApplicationLayerProtocol.VXLAN) { try { packet = new VxlanPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex); } catch (Exception e) { if (!this.ParentFrame.QuickParse) { ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse VXLAN packet (" + e.Message + ")")); } packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex); } } else { packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex); } yield return(packet); foreach (AbstractPacket subPacket in packet.GetSubPackets(false)) { yield return(subPacket); } } }
internal IEnumerable <AbstractPacket> GetSubPackets(bool includeSelfReference, ISessionProtocolFinder protocolFinder, bool clientToServer) { if (includeSelfReference) { yield return(this); } if (PacketStartIndex + dataOffsetByteCount < PacketEndIndex) { AbstractPacket packet = null; foreach (ApplicationLayerProtocol protocol in protocolFinder.GetProbableApplicationLayerProtocols()) { try{ if (protocol == ApplicationLayerProtocol.Dns) { packet = new DnsPacket(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex); protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Dns; break; } else if (protocol == ApplicationLayerProtocol.FtpControl) { if (FtpPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, clientToServer, out packet)) { protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.FtpControl; break; } } else if (protocol == ApplicationLayerProtocol.Http) { if (HttpPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet)) { protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Http; break; } } else if (protocol == ApplicationLayerProtocol.Irc) { if (IrcPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet)) { protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Irc; break; } } else if (protocol == ApplicationLayerProtocol.IEC_104) { if (IEC_60870_5_104Packet.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet)) { protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.IEC_104; break; } } else if (protocol == ApplicationLayerProtocol.NetBiosNameService) { packet = new NetBiosNameServicePacket(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex); protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.NetBiosNameService; break; } else if (protocol == ApplicationLayerProtocol.NetBiosSessionService) { if (NetBiosSessionService.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet)) { //packet = new NetBiosSessionService(ParentFrame, PacketStartIndex+dataOffsetByteCount, PacketEndIndex, false); protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.NetBiosSessionService; break; } } else if (protocol == ApplicationLayerProtocol.Oscar) { if (OscarPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet)) { protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Oscar; break; } } else if (protocol == ApplicationLayerProtocol.OscarFileTransfer) { if (OscarFileTransferPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet)) { protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.OscarFileTransfer; break; } } else if (protocol == ApplicationLayerProtocol.Smtp) { packet = new SmtpPacket(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, clientToServer); protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Smtp; break; } else if (protocol == ApplicationLayerProtocol.SpotifyServerProtocol) { if (SpotifyKeyExchangePacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, clientToServer, out packet)) { protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.SpotifyServerProtocol; break; } } else if (protocol == ApplicationLayerProtocol.Ssh) { if (SshPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet)) { protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Ssh; break; } } else if (protocol == ApplicationLayerProtocol.Ssl) { if (SslPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet)) { protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Ssl; break; } } else if (protocol == ApplicationLayerProtocol.TabularDataStream) { packet = new TabularDataStreamPacket(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex); protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.TabularDataStream; break; } } catch (Exception) { packet = null; } } if (packet == null) { packet = new RawPacket(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex); } yield return(packet); foreach (AbstractPacket subPacket in packet.GetSubPackets(false)) { yield return(subPacket); } } }
public ResourceRecord(DnsPacket parentPacket, int startIndex) { this.ParentPacket = parentPacket; int typeStartOffset; List <NameLabel> nameLabelList = GetNameLabelList(parentPacket.ParentFrame.Data, parentPacket.PacketStartIndex, startIndex - parentPacket.PacketStartIndex, out typeStartOffset); this.answerRequestedNameDecoded = new string[nameLabelList.Count]; for (int i = 0; i < nameLabelList.Count; i++) { this.answerRequestedNameDecoded[i] = nameLabelList[i].ToString(); } this.Type = Utils.ByteConverter.ToUInt16(parentPacket.ParentFrame.Data, parentPacket.PacketStartIndex + typeStartOffset); this.answerClass = Utils.ByteConverter.ToUInt16(parentPacket.ParentFrame.Data, parentPacket.PacketStartIndex + typeStartOffset + 2); this.answerTimeToLive = Utils.ByteConverter.ToUInt32(parentPacket.ParentFrame.Data, parentPacket.PacketStartIndex + typeStartOffset + 4); this.answerDataLength = Utils.ByteConverter.ToUInt16(parentPacket.ParentFrame.Data, parentPacket.PacketStartIndex + typeStartOffset + 8); this.ByteCount = typeStartOffset - startIndex + parentPacket.PacketStartIndex + 10 + this.answerDataLength; if (parentPacket.Flags.OperationCode == (byte)HeaderFlags.OperationCodes.Query) { if (this.Type == (ushort)RRTypes.CNAME) { List <NameLabel> answerRepliedName = GetNameLabelList(parentPacket.ParentFrame.Data, parentPacket.PacketStartIndex, startIndex + this.ByteCount - this.answerDataLength - parentPacket.PacketStartIndex, out typeStartOffset); this.answerRepliedNameDecoded = new string[answerRepliedName.Count]; for (int i = 0; i < answerRepliedName.Count; i++) { this.answerRepliedNameDecoded[i] = answerRepliedName[i].ToString(); } } else if (this.Type == (ushort)RRTypes.TXT) { List <string> txtStrings = new List <string>(); for (int i = 0; i < this.answerDataLength; i++) { //byte txtLength = parentPacket.ParentFrame.Data[parentPacket.PacketStartIndex + typeStartOffset + 10 + i]; byte txtLength = parentPacket.ParentFrame.Data[startIndex + this.ByteCount - this.answerDataLength + i]; string txtData = ASCIIEncoding.ASCII.GetString(parentPacket.ParentFrame.Data, parentPacket.PacketStartIndex + typeStartOffset + 10 + i + 1, txtLength); txtStrings.Add(txtData); i += txtLength; } this.answerRepliedNameDecoded = txtStrings.ToArray(); //TODO a series(?) of 1 byte length, then data TXT records //List<NameLabel> txtData = GetNameLabelList(parentPacket.ParentFrame.Data, parentPacket.PacketStartIndex, startIndex + this.ByteCount - this.answerDataLength - parentPacket.PacketStartIndex, out typeStartOffset); /* * for (int i = 0; i < this.answerDataLength; i++) { * byte length = parentPacket.ParentFrame.Data[startIndex + this.ByteCount - this.answerDataLength - parentPacket.PacketStartIndex]; * string txtData = * } */ } else if (this.Type == (ushort)RRTypes.SRV) { //https://datatracker.ietf.org/doc/html/rfc2782 ushort priority = Utils.ByteConverter.ToUInt16(parentPacket.ParentFrame.Data, startIndex + this.ByteCount - this.answerDataLength); ushort weight = Utils.ByteConverter.ToUInt16(parentPacket.ParentFrame.Data, startIndex + this.ByteCount - this.answerDataLength + 2); ushort port = Utils.ByteConverter.ToUInt16(parentPacket.ParentFrame.Data, startIndex + this.ByteCount - this.answerDataLength + 4); var target = GetNameLabelList(parentPacket.ParentFrame.Data, parentPacket.PacketStartIndex, startIndex + this.ByteCount - this.answerDataLength + 6 - parentPacket.PacketStartIndex, out _); this.answerRepliedNameDecoded = new string[target.Count]; for (int i = 0; i < target.Count; i++) { this.answerRepliedNameDecoded[i] = target[i].ToString(); } } else { this.answerRepliedNameDecoded = new string[this.answerDataLength]; for (int i = 0; i < this.answerDataLength; i++) { this.answerRepliedNameDecoded[i] = parentPacket.ParentFrame.Data[startIndex + this.ByteCount - this.answerDataLength + i].ToString();//the answer is at the end } } } else if (parentPacket.Flags.OperationCode == (byte)HeaderFlags.OperationCodes.InverseQuery) { nameLabelList = GetNameLabelList(parentPacket.ParentFrame.Data, parentPacket.PacketStartIndex, startIndex + 12 - parentPacket.PacketStartIndex, out typeStartOffset); this.answerRepliedNameDecoded = new string[nameLabelList.Count]; for (int i = 0; i < nameLabelList.Count; i++) { this.answerRepliedNameDecoded[i] = nameLabelList[i].ToString(); } } }