void _PcapDevice_PcapOnPacketArrival(object sender, Packet packet) { if (!(packet is TCPPacket)) return; TCPPacket _TCPPacket = (TCPPacket)packet; //_SortedList.Add(_TCPPacket.SequenceNumber, _TCPPacket); byte[] _data = _TCPPacket.TCPData; if ((_data.Length == 0 || _data.Length == 6) && !_TCPPacket.Fin) return; Direction _Direction; int port; string ip; int[] remoteport = new[] { 80 }; if (remoteport.Contains(_TCPPacket.DestinationPort)) { _Direction = Direction.Sended; port = _TCPPacket.SourcePort; ip = _TCPPacket.DestinationAddress; } else if (remoteport.Contains(_TCPPacket.SourcePort)) { _Direction = Direction.Received; port = _TCPPacket.DestinationPort; ip = _TCPPacket.SourceAddress; } else return; Client _Client = (from c in _List where c.Port == port select c).FirstOrDefault(); if (_TCPPacket.Fin) { if (_Client != null) { _List.Remove(_Client); } return; } if (_Client == null) { _Client = new Client { ip = ip, Port = port }; i++; _Client.i = i; _List.Add(_Client); } if (_Direction == Direction.Sended) { Save(_TCPPacket, _Direction, _Client, _Client._SendStream); } else { Save(_TCPPacket, _Direction, _Client, _Client._ReceiveStream); } }
private static void device_PcapOnPacketArrival(object sender, Tamir.IPLib.Packets.Packet packet) { if (packet is EthernetPacket) { EthernetPacket eth = ((EthernetPacket)packet); Console.WriteLine("Original packet: " + eth.ToColoredString(false)); //Manipulate ethernet parameters eth.SourceHwAddress = "00:11:22:33:44:55"; eth.DestinationHwAddress = "00:99:88:77:66:55"; if (packet is IPPacket) { IPPacket ip = ((IPPacket)packet); //manipulate IP parameters ip.SourceAddress = "1.2.3.4"; ip.DestinationAddress = "44.33.22.11"; ip.TimeToLive = 11; //Recalculate the IP checksum ip.ComputeIPChecksum(); if (ip is TCPPacket) { TCPPacket tcp = ((TCPPacket)ip); //manipulate TCP parameters tcp.SourcePort = 9999; tcp.DestinationPort = 8888; tcp.Syn = !tcp.Syn; tcp.Fin = !tcp.Fin; tcp.Ack = !tcp.Ack; tcp.WindowSize = 500; tcp.AcknowledgementNumber = 800; tcp.SequenceNumber = 800; //Recalculate the TCP checksum tcp.ComputeTCPChecksum(); } if (ip is UDPPacket) { UDPPacket udp = ((UDPPacket)ip); //manipulate UDP parameters udp.SourcePort = 9999; udp.DestinationPort = 8888; //Recalculate the UDP checksum udp.ComputeUDPChecksum(); } } Console.WriteLine("Manipulated packet: " + eth.ToColoredString(false)); } }
/// <summary> /// Prints the source and dest MAC addresses of each received Ethernet frame /// </summary> private static void device_PcapOnPacketArrival(object sender, Packet packet) { if( packet is EthernetPacket ) { EthernetPacket etherFrame = (EthernetPacket)packet; Console.WriteLine("At: {0}:{1}: MAC:{2} -> MAC:{3}", etherFrame.PcapHeader.Date.ToString(), etherFrame.PcapHeader.Date.Millisecond, etherFrame.SourceHwAddress, etherFrame.DestinationHwAddress); } }
void dev_PcapOnPacketArrival(object sender, Packet packet) { lock (packets) { packets.Add(packet); newpackets.Add(packet); } if (dev.PcapDumpOpened) { dev.PcapDump(packet); } this.Invoke(updater); }
private void device_PcapOnPacketArrival(object sender, Packet packet) { if (!(packet is TCPPacket)) return; TCPPacket tcpPacket = (TCPPacket)packet; // Creates a key for the dictionary TCPConnection c = new TCPConnection(tcpPacket); // Todo: gescheiter Filter if (!(c.DestinationPort == port || c.SourcePort == port)) return; // create a new entry if the key does not exists if (!sharpPcapDict.ContainsKey(c) && !this.gotLock) { TcpRecon.TcpRecon tcpRecon = new TcpRecon.TcpRecon(this.serverStr, this.clientStr); sharpPcapDict.Add(c, tcpRecon); this.gotLock = true; } // Use the TcpRecon class to reconstruct the session if (this.sharpPcapDict.ContainsKey(c)) { sharpPcapDict[c].ReassemblePacket(tcpPacket); } L2Packet l2packet = null; while (this.clientStr.MorePackets()) { l2packet = this.gameSniffer.handlePacket(this.clientStr.ReadPacket(), false); if (l2packet != null) { this.packetContainer.AddPacket(l2packet); l2packet.PacketNo = this.count++; } } while (this.serverStr.MorePackets()) { l2packet = this.gameSniffer.handlePacket(this.serverStr.ReadPacket(), true); if (l2packet != null) { this.packetContainer.AddPacket(l2packet); l2packet.PacketNo = this.count++; } } }
// The callback function for the SharpPcap library private static void device_PcapOnPacketArrival(object sender, Packet packet) { if (!(packet is TCPPacket)) return; TCPPacket tcpPacket = (TCPPacket)packet; // Creates a key for the dictionary Connection c = new Connection(tcpPacket); // create a new entry if the key does not exists if (!sharpPcapDict.ContainsKey(c)) { string fileName = c.getFileName(path); TcpRecon tcpRecon = new TcpRecon(fileName); sharpPcapDict.Add(c, tcpRecon); } // Use the TcpRecon class to reconstruct the session sharpPcapDict[c].ReassemblePacket(tcpPacket); }
/// <summary> /// Prints the time and length of each received packet /// </summary> private static void device_PcapOnPacketArrival(object sender, Packet packet) { DateTime time = packet.PcapHeader.Date; int len = packet.PcapHeader.PacketLength; Console.WriteLine("{0}:{1}:{2},{3} Len={4}", time.Hour, time.Minute, time.Second, time.Millisecond, len); }
internal PcapStatistics(Packets.Packet p) { this.m_pktHdr = p.PcapHeader.m_pcap_pkthdr; this.m_pktData = p.Bytes; }
private void device_PcapOnPacketArrival(object sender, Packet packet) { try { Global.PacketCapturedEvent packetCapturedEvent = new Global.PacketCapturedEvent(OnPacketCaptured); this.BeginInvoke(packetCapturedEvent, new object[] { packet }); } catch (Exception e) { Console.WriteLine(e.Message); } }
private void SendPacketArrivalEvent(Packet p) { //If mode is MODE_CAP: if(PcapMode==PcapMode.Capture) { if(PcapOnPacketArrival != null ) { //Invoke the packet arrival event PcapOnPacketArrival(this, p); } } //else mode is MODE_STAT else if(PcapMode==PcapMode.Statistics) { if(PcapOnPcapStatistics != null) { //Invoke the pcap statistics event PcapOnPcapStatistics(this, new PcapStatistics(p)); } } }
/// <summary> /// Sends a raw packet throgh this device /// </summary> /// <param name="p">The packet to send</param> public void PcapSendPacket(Packet p) { PcapSendPacket(p.Bytes); }
private void device_PcapOnPacketArrival(object sender, Packet packet) { if (!(packet is TCPPacket)) return; TCPPacket tcpPacket = (TCPPacket)packet; // Creates a key for the dictionary TCPConnection connection = new TCPConnection(tcpPacket); // create a new entry if the key does not exists and its a new Connection if (!sharpPcapDict.ContainsKey(connection) && tcpPacket.Syn && (tcpPacket.DestinationPort == this.dst_port)) { TcpRecon tcpRecon = new TcpRecon(this.ServerStr, this.ClientStr); sharpPcapDict.Add(connection, tcpRecon); this.connection = tcpRecon; // (((ip.src == 192.168.100.150) && (tcp.dstport == 7777) ) || ((ip.src == 78.46.33.43) && (tcp.dstport == 52784))) string filter = string.Format("(((ip.src == {0}) && (tcp.dstport == {1})) || ((ip.src == {2}) && (tcp.dstport == {3})))" , tcpPacket.SourceAddress, tcpPacket.DestinationPort, tcpPacket.DestinationAddress, tcpPacket.SourcePort); this.tcpDumpFilter = filter; // Geht oder geht nicht??? das is die große Frage ;) this.device.PcapSetFilter(filter); } // Use the TcpRecon class to reconstruct the session if (this.sharpPcapDict.ContainsKey(connection)) { sharpPcapDict[connection].ReassemblePacket(tcpPacket); } }
private void device_PcapOnPacketArrival(object sender, Packet packet) { if (!(packet is TCPPacket)) return; TCPPacket tcpPacket = (TCPPacket)packet; // Creates a key for the dictionary TCPConnection c = new TCPConnection(tcpPacket); // create a new entry if the key does not exists if (!sharpPcapDict.ContainsKey(c) && !this.gotLock) { TcpRecon.TcpRecon tcpRecon = new TcpRecon.TcpRecon(this.serverStr, this.clientStr); sharpPcapDict.Add(c, tcpRecon); this.gotLock = true; this.connection = tcpRecon; } // Use the TcpRecon class to reconstruct the session if (this.sharpPcapDict.ContainsKey(c)) { // Events if (tcpPacket.Syn && tcpPacket.Ack) this.OnSynRecived(this); else if (tcpPacket.Fin && tcpPacket.Ack) this.OnFinRecived(this); sharpPcapDict[c].ReassemblePacket(tcpPacket); } this.processPackets(); }
private void OnPacketCaptured(Packet packet) { ListViewItem listViewItem = packetCaptureList.Items.Add(packetCaptureList.Items.Count.ToString()); listViewItem.SubItems.Add(packet.Timeval.Date.ToString()); listViewItem.SubItems.Add(((EthernetPacket)packet).SourceHwAddress.ToUpper()); listViewItem.SubItems.Add(((EthernetPacket)packet).DestinationHwAddress.ToUpper()); if (packet is IPPacket) { listViewItem.SubItems.Add(((IPPacket)packet).IPProtocol.ToString()); listViewItem.SubItems.Add(((IPPacket)packet).SourceAddress.ToString()); listViewItem.SubItems.Add(((IPPacket)packet).DestinationAddress.ToString()); } else { listViewItem.SubItems.Add("--"); listViewItem.SubItems.Add("--"); listViewItem.SubItems.Add("--"); } if (packet is TCPPacket) { listViewItem.SubItems.Add(((TCPPacket)packet).SourcePort.ToString()); listViewItem.SubItems.Add(((TCPPacket)packet).DestinationPort.ToString()); } else if (packet is UDPPacket) { listViewItem.SubItems.Add(((UDPPacket)packet).SourcePort.ToString()); listViewItem.SubItems.Add(((UDPPacket)packet).DestinationPort.ToString()); } else { listViewItem.SubItems.Add("--"); listViewItem.SubItems.Add("--"); } // Add this captured packet to the list. Global.CapturedPackets.Add(packet); // Update the packet list. packetsInBufferStatus.Text = "Captured Packets: " + Global.CapturedPackets.Count; // Scroll if autoscroll is enabled. if (Settings.Default.AutoScrollPacketList == true) { //lvi.Selected = true; listViewItem.EnsureVisible(); } }
/// <summary> /// Writes a packet to the pcap dump file associated with this device. /// </summary> /// <param name="p">The packet to write</param> public void PcapDump(Packet p) { PcapDump(p.Bytes, p.PcapHeader); }
/// <summary> /// Gets the next packet captured on this device /// </summary> /// <param name="p">A packet reference</param> /// <returns>A reference to a packet object</returns public virtual int PcapGetNextPacket(out Packet p) { //Pointer to a packet info struct IntPtr header = IntPtr.Zero; //Pointer to a packet struct IntPtr data = IntPtr.Zero; int res = 0; //Get a packet from winpcap res = SharpPcap.pcap_next_ex( PcapHandle, ref header, ref data); p=null; if(res>0) { //Marshal the packet if ( (header != IntPtr.Zero) && (data != IntPtr.Zero) ) { SharpPcap.PCAP_PKTHDR pkt_header = (SharpPcap.PCAP_PKTHDR)Marshal.PtrToStructure( header, typeof(SharpPcap.PCAP_PKTHDR) ); //SharpPcap.PCAP_PKTDATA pkt_data = (SharpPcap.PCAP_PKTDATA)Marshal.PtrToStructure( data, typeof(SharpPcap.PCAP_PKTDATA) ); byte[] pkt_data = new byte[pkt_header.caplen]; Marshal.Copy(data, pkt_data, 0, pkt_header.caplen); p = Packets.PacketFactory.dataToPacket(PcapDataLink, pkt_data, new Packets.Util.Timeval(pkt_header.tv_sec, pkt_header.tv_usec)); p.PcapHeader = new PcapHeader( pkt_header ); } } return res; }
/// <summary> /// Prints the time, length, src ip, src port, dst ip and dst port /// for each TCP/IP packet received on the network /// </summary> private static void device_PcapOnPacketArrival(object sender, Packet packet) { if(packet is TCPPacket) { DateTime time = packet.PcapHeader.Date; int len = packet.PcapHeader.PacketLength; TCPPacket tcp = (TCPPacket)packet; string srcIp = tcp.SourceAddress; string dstIp = tcp.DestinationAddress; int srcPort = tcp.SourcePort; int dstPort = tcp.DestinationPort; Console.WriteLine("{0}:{1}:{2},{3} Len={4} {5}:{6} -> {7}:{8}", time.Hour, time.Minute, time.Second, time.Millisecond, len, srcIp, srcPort, dstIp, dstPort); } }
/// <summary> /// Sends a raw packet throgh this device /// </summary> /// <param name="p">The packet to send</param> /// <param name="size">The number of bytes to send</param> public void PcapSendPacket(Packet p, int size) { PcapSendPacket(p.Bytes, size); }
/// <summary> /// Add a packet to this send queue. /// </summary> /// <param name="packet">The packet to add</param> /// <returns>True if success, else false</returns> public bool Add( Packet packet ) { return this.Add( packet.Bytes, packet.PcapHeader.m_pcap_pkthdr ); }
public void AddPacket(Packet p) { // Stream zu ende, sofort return if (this.finRecived) { return; } // is es überhaupt ein TCPPacket? if (!(p is TCPPacket)) { return; } TCPPacket tcpP = (TCPPacket)p; // gehört das Packet zu unserem TCP-Stream?? // wenn ja, und es ist ein SYN, ACK merken wir uns des Zielport und setzen synRecived auf true if (tcpP.SourcePort == this.sourcePort && !this.synRecived) { if (tcpP.Syn && tcpP.Ack) { this.destinationPort = tcpP.DestinationPort; this.synRecived = true; this.lastSeqNr = tcpP.AcknowledgmentNumber; // merken } return; } // gehört das Packet zu unserem TCP-Stream?? if (tcpP.SourcePort != this.sourcePort || tcpP.DestinationPort != this.destinationPort) { return; } // Stream zu ende? FIN, ACK vorhanden? if (tcpP.Fin && tcpP.Ack) { this.finRecived = true; return; } // haben wir überhaupt Daten? if (tcpP.Data.Length == 0) { return; } // packet einsortieren, wenn schon vorhanden > verwerfen if (this.map.ContainsKey(tcpP.SequenceNumber)) { return; } // wenn seqNr <= currentSeqnr, packet verwerfen, >> Retransmit if (this.currentSeqNr <= tcpP.SequenceNumber) { return; } this.map.Add(tcpP.SequenceNumber, tcpP); this.currentSeqNr = tcpP.SequenceNumber; // Count total size this.totalRecivedBytes += tcpP.Data.Length; // Wenn Ack && Psh > daten zusammensetzen und memorystream der Queue hinzufügen if (tcpP.Ack && tcpP.Psh) { long nextSeqNr = this.lastSeqNr; while (this.map.ContainsKey(nextSeqNr)) { TCPPacket packet = (TCPPacket)this.map[nextSeqNr]; foreach (byte b in packet.Data) { this.tmpBuffer.WriteByte(b); } nextSeqNr += packet.Data.Length; } this.dataBuffer.Enqueue(this.tmpBuffer); this.tmpBuffer = new MemoryStream(); this.lastSeqNr = nextSeqNr; } }
/// <summary> /// Dumps each received packet to a pcap file /// </summary> private static void device_PcapOnPacketArrival(object sender, Packet packet) { PcapDevice device = (PcapDevice)sender; //if device has a dump file opened if( device.PcapDumpOpened ) { //dump the packet to the file device.PcapDump( packet ); Console.WriteLine("Packet dumped to file."); } }