internal PacketHandlerWrapper(NetworkMinerForm parentForm, System.IO.DirectoryInfo outputDirectory, List <PacketParser.Fingerprints.IOsFingerprinter> preloadedFingerprints)
{
this.parentForm = parentForm;
this.pcapWriter = null;
string exePath = System.IO.Path.GetFullPath(System.Windows.Forms.Application.ExecutablePath);
this.packetHandler = new PacketParser.PacketHandler(exePath, outputDirectory.FullName, preloadedFingerprints, false);
this.PacketHandler.AnomalyDetected += new PacketParser.AnomalyEventHandler(AnomalyDetected);
this.PacketHandler.BufferUsageChanged += new PacketParser.BufferUsageEventHandler(BufferUsageChanged);
this.packetHandler.CleartextWordsDetected += new PacketParser.CleartextWordsEventHandler(CleartextWordsDetected);
this.packetHandler.CredentialDetected += new PacketParser.CredentialEventHandler(CredentialDetected);
this.packetHandler.DnsRecordDetected += new PacketParser.DnsRecordEventHandler(packetHandler_DnsRecordDetected);
this.packetHandler.FileReconstructed += new PacketParser.FileEventHandler(packetHandler_FileReconstructed);
this.packetHandler.FrameDetected += new PacketParser.FrameEventHandler(packetHandler_FrameDetected);
this.packetHandler.KeywordDetected += new PacketParser.KeywordEventHandler(packetHandler_KeywordDetected);
this.packetHandler.NetworkHostDetected += new PacketParser.NetworkHostEventHandler(packetHandler_NetworkHostDetected);
this.packetHandler.HttpTransactionDetected += new PacketParser.HttpClientEventHandler(packetHandler_HttpTransactionDetected);
this.packetHandler.ParametersDetected += new PacketParser.ParameterEventHandler(packetHandler_ParametersDetected);
//this.packetHandler.ParametersDetected += new PacketParser.ParameterEventHandler()
//this.packetHandler.ParametersDetected += (s, pe) => parentForm.ParametersQueue.Enqueue(pe);
this.packetHandler.SessionDetected += new PacketParser.SessionEventHandler(packetHandler_SessionDetected);
this.packetHandler.MessageDetected += new PacketParser.MessageEventHandler(packetHandler_MessageDetected);
this.packetHandler.MessageAttachmentDetected += new PacketParser.FileTransfer.FileStreamAssembler.FileReconsructedEventHandler(parentForm.ShowMessageAttachment);
this.packetHandler.InsufficientWritePermissionsDetected += delegate(string path) {
parentForm.BeginInvoke((System.Windows.Forms.MethodInvoker) delegate {
System.Windows.Forms.MessageBox.Show(parentForm, "User is unauthorized to access the following file:" + System.Environment.NewLine + path + System.Environment.NewLine + System.Environment.NewLine + "File(s) will not be extracted!", "Insufficient Write Permissions");
});
};
}
internal void ResetCapturedData()
{
if (this.pcapWriter != null && this.pcapWriter.IsOpen)
{
this.pcapWriter.Close();
}
this.pcapWriter = null;
packetHandler.ResetCapturedData();
}
internal PacketHandlerWrapper(NetworkMinerForm parentForm, System.IO.DirectoryInfo outputDirectory)
{
this.parentForm = parentForm;
this.pcapWriter = null;
string exePath = System.IO.Path.GetFullPath(System.Windows.Forms.Application.ExecutablePath);
this.packetHandler = new PacketParser.PacketHandler(exePath, outputDirectory.FullName);
this.PacketHandler.AnomalyDetected += new PacketParser.AnomalyEventHandler(AnomalyDetected);
this.PacketHandler.BufferUsageChanged += new PacketParser.BufferUsageEventHandler(BufferUsageChanged);
this.packetHandler.CleartextWordsDetected += new PacketParser.CleartextWordsEventHandler(CleartextWordsDetected);
this.packetHandler.CredentialDetected += new PacketParser.CredentialEventHandler(CredentialDetected);
this.packetHandler.DnsRecordDetected += new PacketParser.DnsRecordEventHandler(packetHandler_DnsRecordDetected);
this.packetHandler.FileReconstructed += new PacketParser.FileEventHandler(packetHandler_FileReconstructed);
this.packetHandler.FrameDetected += new PacketParser.FrameEventHandler(packetHandler_FrameDetected);
this.packetHandler.KeywordDetected += new PacketParser.KeywordEventHandler(packetHandler_KeywordDetected);
this.packetHandler.NetworkHostDetected += new PacketParser.NetworkHostEventHandler(packetHandler_NetworkHostDetected);
this.packetHandler.ParametersDetected += new PacketParser.ParameterEventHandler(packetHandler_ParametersDetected);
this.packetHandler.SessionDetected += new PacketParser.SessionEventHandler(packetHandler_SessionDetected);
this.packetHandler.MessageDetected += new PacketParser.MessageEventHandler(packetHandler_MessageDetected);
}
void pcapOverIpReceiver_DoWork(object sender, DoWorkEventArgs e)
{
this.receivedFrames = 0;
DateTime lastGuiUpdateTime = DateTime.Now;
TimeSpan updateRate = new TimeSpan(2000000);
DateTime firstFrameTimestamp = DateTime.MinValue;
DateTime lastFrameTimestamp = DateTime.MinValue;
string filename = PcapFileHandler.Tools.GenerateCaptureFileName(DateTime.Now);
string fileFullPath = this.packetHandler.OutputDirectory + "Captures" + System.IO.Path.DirectorySeparatorChar + filename;
//string fileFullPath = System.IO.Path.GetDirectoryName(System.IO.Path.GetFullPath(System.Windows.Forms.Application.ExecutablePath)) + System.IO.Path.DirectorySeparatorChar + "Captures" + System.IO.Path.DirectorySeparatorChar + filename;
PcapFileHandler.PcapFileWriter pcapFileWriter = new PcapFileHandler.PcapFileWriter(fileFullPath, this.pcapStreamReader.FileDataLinkType[0]);
//this.caseFileLoadedCallback(
this.addCaseFileCallback(fileFullPath, filename);
using (pcapFileWriter) {
//foreach (PcapFileHandler.PcapPacket pcapPacket in this.pcapStreamReader.PacketEnumerator(delegate() { Application.DoEvents(); }, null)) {
foreach (PcapFileHandler.PcapFrame pcapPacket in this.pcapStreamReader.PacketEnumerator())
{
this.receivedFrames++;
if (this.pcapTcpStream.SocketState == PcapTcpStream.TcpSocketState.Connected)
{
this.pcapTcpStream.SocketState = PcapTcpStream.TcpSocketState.Receiving;
}
pcapFileWriter.WriteFrame(pcapPacket);
if (firstFrameTimestamp == DateTime.MinValue)
{
firstFrameTimestamp = pcapPacket.Timestamp;
}
lastFrameTimestamp = pcapPacket.Timestamp;
int millisecondsToSleep = 1;
while (this.packetHandler.FramesInQueue > 100) //This can become a for-ever loop if packetHandler chokes and hangs might might be a good idea to do a this.pcapStreamReader.AbortFileRead() and throw an exception?
{
System.Threading.Thread.Sleep(millisecondsToSleep);
if (millisecondsToSleep < 200)
{
millisecondsToSleep *= 2;
}
//Application.DoEvents();//REMOVED 2014-06-24
}
PacketParser.Frame frame = packetHandler.GetFrame(pcapPacket.Timestamp, pcapPacket.Data, pcapPacket.DataLinkType);
packetHandler.AddFrameToFrameParsingQueue(frame);
if (DateTime.Now > lastGuiUpdateTime.Add(updateRate))
{
//we need to update the GUI
this.UpdateGui();
lastGuiUpdateTime = DateTime.Now;
}
if (this.pcapOverIpReceiver.CancellationPending)
{
break;
}
}
}
this.UpdateGui();
this.caseFileLoadedCallback(fileFullPath, this.receivedFrames, firstFrameTimestamp, lastFrameTimestamp);
}
