/// <summary>
/// Helper function which returns the information contained in the IP header
/// as a tree node.
/// </summary>
/// <param name="ipHeader">Object containing all the IP header fields</param>
/// <returns>TreeNode object returning IP header details</returns>
private TreeNode MakeIPTreeNode(IpHeader ipHeader)
{
TreeNode ipNode = new TreeNode();
ipNode.Text = "IP";
ipNode.Nodes.Add("Ver: " + ipHeader.Version);
ipNode.Nodes.Add("Header Length: " + ipHeader.HeaderLength);
ipNode.Nodes.Add("Differentiated Services: " +
ipHeader.DifferentiatedServices);
ipNode.Nodes.Add("Total Length: " + ipHeader.TotalLength);
ipNode.Nodes.Add("Identification: " + ipHeader.Identification);
ipNode.Nodes.Add("Flags: " + ipHeader.Flags);
ipNode.Nodes.Add("Fragmentation Offset: " + ipHeader.FragmentationOffset);
ipNode.Nodes.Add("Time to live: " + ipHeader.TTL);
switch (ipHeader.ProtocolType)
{
case Protocol.TCP:
ipNode.Nodes.Add("Protocol: " + "TCP");
break;
case Protocol.UDP:
ipNode.Nodes.Add("Protocol: " + "UDP");
break;
case Protocol.Unknown:
ipNode.Nodes.Add("Protocol: " + "Unknown");
break;
}
ipNode.Nodes.Add("Checksum: " + ipHeader.Checksum);
ipNode.Nodes.Add("Source: " + ipHeader.SourceAddress.ToString());
ipNode.Nodes.Add("Destination: " + ipHeader.DestinationAddress.ToString());
return(ipNode);
}
/// <summary>
/// This function parses the incoming packets and extracts the data based upon
/// the protocol being carried by the IP datagram.
/// </summary>
/// <param name="byteData">Incoming bytes</param>
/// <param name="nReceived">The number of bytes received</param>
private void ParseData(byte[] byteData, int nReceived)
{
TreeNode rootNode = new TreeNode();
// Since all protocol packets are encapsulated in the IP datagram
// so we start by parsing the IP header and see what protocol data
// is being carried by it.
IpHeader ipHeader = new IpHeader(byteData, nReceived);
TreeNode ipNode = MakeIPTreeNode(ipHeader);
rootNode.Nodes.Add(ipNode);
// Now according to the protocol being carried by the IP datagram we parse
// the data field of the datagram.
switch (ipHeader.ProtocolType)
{
case Protocol.TCP: TcpHeader tcpHeader = new TcpHeader(ipHeader.Data,
ipHeader.MessageLength);
TreeNode tcpNode = MakeTCPTreeNode(tcpHeader);
rootNode.Nodes.Add(tcpNode);
// If the port is equal to 53 then the underlying protocol is DNS.
// Note: DNS can use either TCP or UDP hence checking is done twice.
if (tcpHeader.DestinationPort == "53" ||
tcpHeader.SourcePort == "53")
{
TreeNode dnsNode = MakeDNSTreeNode(tcpHeader.Data,
(int)tcpHeader.MessageLength);
rootNode.Nodes.Add(dnsNode);
}
break;
case Protocol.UDP: UdpHeader udpHeader = new UdpHeader(ipHeader.Data,
(int)ipHeader.MessageLength);
TreeNode udpNode = MakeUDPTreeNode(udpHeader);
rootNode.Nodes.Add(udpNode);
// If the port is equal to 53 then the underlying protocol is DNS.
// Note: DNS can use either TCP or UDP, thats the reason
// why the checking has been done twice.
if (udpHeader.DestinationPort == "53" ||
udpHeader.SourcePort == "53")
{
TreeNode dnsNode = MakeDNSTreeNode(udpHeader.Data,
Convert.ToInt32(udpHeader.Length) - 8);
rootNode.Nodes.Add(dnsNode);
}
break;
case Protocol.Unknown:
break;
}
AddTreeNode addTreeNode = new AddTreeNode(OnAddTreeNode);
rootNode.Text = ipHeader.SourceAddress.ToString() + "-" +
ipHeader.DestinationAddress.ToString();
// Thread safe adding of the nodes.
treeView.Invoke(addTreeNode, new object[] { rootNode });
}
private void OnReceive(IAsyncResult asyncResult)
{
try
{
int nReceived = MainSocket.EndReceive(asyncResult);
IpHeader ipHeader = new IpHeader(ByteData, nReceived);
headers.ip = ipHeader;
switch (ipHeader.ProtocolType)
{
case Protocol.TCP:
TcpHeader tcpHeader = new TcpHeader(ipHeader.Data, ipHeader.MessageLength);
headers.tcpProtocol = tcpHeader;
headers.ProtocolType = 1;
break;
case Protocol.UDP:
UdpHeader udpHeader = new UdpHeader(ipHeader.Data, (int)ipHeader.MessageLength);
headers.udpProtocol = udpHeader;
headers.ProtocolType = 0;
break;
case Protocol.Unknown:
headers.ProtocolType = -1;
break;
}
//ParseData(ByteData, nReceived);
/* if (ContinueCapturing)
* {
* ByteData = new byte[2048];
* MainSocket.BeginReceive(ByteData, 0, ByteData.Length, SocketFlags.None, new AsyncCallback(OnReceive), null);
* }*/
}
catch (ObjectDisposedException) { }
catch (Exception exception)
{
MessageBox.Show(exception.Message, "Network Sniffer", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}