public static void Trace(Packet packet) { IpPacket ipPacket = null; TcpPacket tcpPacket = null; try { ipPacket = PacketDotNet.IPv4Packet.GetEncapsulated(packet); if (ipPacket == null) { return; } tcpPacket = PacketDotNet.TcpPacket.GetEncapsulated(packet); if (tcpPacket == null) { return; } } catch { Console.WriteLine(); return; } bool _isSend; if (isMailPort(tcpPacket, out _isSend)) { // analyze whether the mail session is exist. if (!MailList.ContainsKey(tcpPacket.SourcePort + tcpPacket.DestinationPort)) { MailTrace _MailTrace = new MailTrace(ipPacket.SourceAddress, ipPacket.DestinationAddress, tcpPacket.SourcePort, tcpPacket.DestinationPort, _isSend); _MailTrace.PcapFileWriter.Write(packet.Bytes); MailList.Add(tcpPacket.SourcePort + tcpPacket.DestinationPort, _MailTrace); return; } // the mail session has exist and write it into pcap file. MailList[tcpPacket.SourcePort + tcpPacket.DestinationPort].PcapFileWriter.Write(packet.Bytes); if (MailList[tcpPacket.SourcePort + tcpPacket.DestinationPort].MailEnd == true) { MailList.Remove(tcpPacket.SourcePort + tcpPacket.DestinationPort); } if (tcpPacket.Fin == true) // the fin flag means the session will be disconnected. First is from Server and Second is from client. { MailList[tcpPacket.SourcePort + tcpPacket.DestinationPort].PacketFlagFinCount++; if (MailList[tcpPacket.SourcePort + tcpPacket.DestinationPort].PacketFlagFinCount == 2) { MailList[tcpPacket.SourcePort + tcpPacket.DestinationPort].MailEnd = true; } } } }
// Analyze the Packet whether need reassemble. private static bool isReassembledPacketOfPostRequest(IpPacket ipPacket, TcpPacket tcpPacket) { return(MailList.ContainsKey(ipPacket.SourceAddress.Address + tcpPacket.SourcePort + tcpPacket.AcknowledgmentNumber)); }