// Callback function invoked by Pcap.Net for every incoming packet private static void PacketHandler(Packet packet) { string packSource = packet.Ethernet.Source.ToString(); if (myDevices[0].IPAddress != packet.IpV4.Source.ToString() && myDevices[0].MacAddress != packSource && myDevices[1].MacAddress != packSource) { //Console.WriteLine(packet.Timestamp.ToString("yyyy-MM-dd hh:mm:ss.fff") + " length:" + packet.Length + "IP:" + packet.IpV4); int threadID = System.Threading.Thread.CurrentThread.ManagedThreadId; //fetch current thread ID MyDevice devObj = GetDevice(threadID, "mine"); EthernetDatagram ed = packet.Ethernet; if (ed.EtherType == EthernetType.Arp)//Checking if the packet type is arp { Console.WriteLine("ARP packet MAC src=" + packet.Ethernet.Source.ToString()); //Console.WriteLine("ARP Packet"); //Console.WriteLine("TARGET ADDRESS: " + packet.Ethernet.Arp.TargetProtocolIpV4Address); //Console.WriteLine("DEST: " + packet.IpV4.Destination); //IPAddress ipSrc = IPAddress.Parse(packet.Ethernet.Arp.TargetProtocolIpV4Address); //Console.WriteLine("ipSrc: " + packet.Ethernet.Arp.TargetProtocolIpV4Address.ToString()); ////if (CheckAddress(packet, "Arp")) ////{ // ArpPoison(packet, devObj); ////} Console.WriteLine("A=" + RemoveDots(packet.Ethernet.Source.ToString())); Console.WriteLine("B=" + devObj.MacAddress); Console.WriteLine("C=" + GetDevice(threadID, "other").MacAddress); if (!(RemoveDots(packet.Ethernet.Source.ToString()).Equals(devObj.MacAddress) || RemoveDots(packet.Ethernet.Source.ToString()).Equals(GetDevice(threadID, "other").MacAddress))) { ArpPoison(packet, devObj); } } else//packet type is icmp { if (ed.IpV4.Protocol == IpV4Protocol.InternetControlMessageProtocol) { Console.WriteLine("ICMP packet IP DEST=" + packet.Ethernet.IpV4.Destination.ToString()); HandleIcmp(packet, threadID); } else { if (packet.Ethernet.IpV4.Protocol == IpV4Protocol.Tcp) { Console.WriteLine("TCP packet"); HandleTcp(packet, threadID); } //else //{ // Console.WriteLine("Packet not recognized"); //} } } } }
private static void HandleIcmp(Packet packet, int threadID) { //Console.WriteLine("ICMP Packet: " + packet.Length); MyDevice newDev = GetDevice(threadID, "other"); CheckAddress(packet, "Icmp"); if (!packet.IpV4.Source.ToString().Equals("0.0.0.0") || !packet.IpV4.Destination.ToString().Equals("0.0.0.0")) { //Console.WriteLine("Device: " + newDev.ID + "ICMP Addresses list count: " + newDev.ComputerAddresses.Count); Address addr = GetTargetAddress(packet, newDev); IpV4Layer ipLayer = (IpV4Layer)packet.Ethernet.IpV4.ExtractLayer(); string packetType = "REQUEST"; try { IcmpEchoLayer test = (IcmpEchoLayer)packet.Ethernet.IpV4.Icmp.ExtractLayer(); } catch { packetType = "REPLY"; } // PayloadLayer payload = (PayloadLayer)packet.Ethernet.Payload.ExtractLayer(); //IcmpEchoLayer icmpLayer = (IcmpEchoLayer)packet.Ethernet.IpV4.Icmp.ExtractLayer(); //Console.Write(payload.Data); //Console.WriteLine("ETHER LAYER DESTINATION: " + ethLayer.Destination); Console.WriteLine("ICMP MessageTYPE: " + packet.IpV4.Icmp.MessageType.ToString()); Console.WriteLine("ICMP TYPE: " + packet.IpV4.Icmp.GetType().ToString()); Console.WriteLine("ICMP CODE: " + packet.IpV4.Icmp.Code); Console.WriteLine("PACKET LENGTH: " + packet.Length); if (addr != null && ipLayer != null && packet.Length != 70) { Packet newPacket = BuildIcmpPacket(new MacAddress(newDev.MacAddressWithDots()), new MacAddress(addr.Mac), packet.Ethernet.IpV4.Source, packet.Ethernet.IpV4.Destination, packetType); //Packet newPacket = PacketBuilder.Build(DateTime.Now, ethLayer, ipLayer, icmpLayer); if (newPacket.IsValid) { if (newPacket.Ethernet.Source != newPacket.Ethernet.Destination) { newDev.Communicator.SendPacket(newPacket); Console.WriteLine("Icmp Packet Sent"); } } else { Console.WriteLine("ICMP Packet Is Not Valid :("); } } } }
private static EthernetLayer BuildEthernetLayer(MyDevice newDev, Address addr) { EthernetLayer ethLayer = null; if (addr != null) { //Console.WriteLine("ADDR: " + addr.Mac.ToString()); ethLayer = new EthernetLayer { Source = new MacAddress(newDev.MacAddressWithDots()), Destination = new MacAddress(addr.Mac) }; //Console.WriteLine("%%%%Src: " + newDev.MacAddressWithDots() + " Dst: " + addr.Mac); } return(ethLayer); }
private static Address GetTargetAddress(Packet packet, MyDevice newDev) //get ping target address { Address addr = null; foreach (Address address in newDev.ComputerAddresses) { //Console.WriteLine("IP: " + address.Ip + " ARP: " + address.Mac + " packet ip: " + packet.Ethernet.IpV4.Destination + " Packet source: " + packet.Ethernet.IpV4.Source); //Console.WriteLine("IP:" + address.Ip); //Console.WriteLine("packet IP:" + packet.Ethernet.IpV4.Destination); if (address.Ip.Equals(packet.Ethernet.IpV4.Destination.ToString())) { Console.WriteLine("EQUALSS :>"); addr = address; } } return(addr); }
private static void ArpPoison(Packet packet, MyDevice devObj) //bridge pretends to be target computer { string SrcMac = packet.Ethernet.Source.ToString(); PhysicalAddress pySrc = PhysicalAddress.Parse(devObj.MacAddress); PhysicalAddress pyDest = PhysicalAddress.Parse(RemoveDots(SrcMac)); //IPAddress ipSrc = IPAddress.Parse(devObj.IPAddress); IPAddress ipSrc = null; IPAddress ipDest = IPAddress.Parse(packet.IpV4.Source.ToString()); try { ipSrc = IPAddress.Parse(packet.Ethernet.Arp.TargetProtocolIpV4Address.ToString()); } catch (Exception e) { } //Console.WriteLine("PY-SRC: " + pySrc + ", PY-DST: " + pyDest + ", iP-SRC: " + ipSrc + ", IP-DST: " + ipDest); SendResponse(pySrc, pyDest, ipDest, ipSrc); }
private static MyDevice GetDevice(int threadID, string type) //מחזיר את הרגל המתאימה לפי סוג הבקשה { MyDevice newDev = null; foreach (MyDevice dev in myDevices) { if (type.Equals("mine")) { if (dev.ID == threadID) { newDev = dev; } } else { if (dev.ID != threadID) { newDev = dev; } } } return(newDev); }
//adds parameters to device objects and start capture function //Capture thread public static void CaptureStarter() { // Take the selected adapter PacketDevice selectedDevice = allDevices[deviceNumber]; int threadID = System.Threading.Thread.CurrentThread.ManagedThreadId; //fetch current thread ID CaptureDeviceList devices = CaptureDeviceList.Instance; string dName = selectedDevice.Name; dName = dName.Substring(dName.IndexOf('{') + 1, (dName.IndexOf('}') - dName.IndexOf('{') - 1)); string dAddress = ""; ICaptureDevice capDevice = null; foreach (ICaptureDevice dev in devices) { dev.Open(); string name = dev.Name; name = name.Substring(name.IndexOf('{') + 1, (name.IndexOf('}') - name.IndexOf('{') - 1)); if (dName.Equals(name)) { dAddress = dev.MacAddress.ToString(); capDevice = dev; } } string deviceIP = selectedDevice.Addresses[1].Address.ToString(); deviceIP = deviceIP.Split(' ')[1]; Console.WriteLine("DEVICE IP: " + deviceIP); // Open the device using (PacketCommunicator communicator = selectedDevice.Open(65536, // portion of the packet to capture // 65536 guarantees that the whole packet will be captured on all the link layers PacketDeviceOpenAttributes.Promiscuous, // promiscuous mode 1000)) // read timeout { MyDevice device = new MyDevice(selectedDevice, dAddress, deviceIP, threadID, capDevice, communicator); myDevices.Add(device); //Console.WriteLine("Dev ID:" + device.ID); //Console.WriteLine("Dev Name:" + device.Device.Name); //Console.WriteLine("Dev MAC: " + device.MacAddress); //using (BerkeleyPacketFilter filter = communicator.CreateFilter("icmp or arp")) //{ // //Set the filter // communicator.SetFilter(filter); //} Console.WriteLine("Listening on device " + (deviceNumber + 1) + " out of " + allDevices.Count + " : " + selectedDevice.Description + "..."); // Start the capture communicator.ReceivePackets(0, PacketHandler); } }
//get ping target address private static Address GetTargetAddress(Packet packet, MyDevice newDev) { Address addr = null; foreach (Address address in newDev.ComputerAddresses) { //Console.WriteLine("IP: " + address.Ip + " ARP: " + address.Mac + " packet ip: " + packet.Ethernet.IpV4.Destination + " Packet source: " + packet.Ethernet.IpV4.Source); //Console.WriteLine("IP:" + address.Ip); //Console.WriteLine("packet IP:" + packet.Ethernet.IpV4.Destination); if (address.Ip.Equals(packet.Ethernet.IpV4.Destination.ToString())) { Console.WriteLine("EQUALSS :>"); addr = address; } } return addr; }
private static void DiscoverNetworkBroadcast(PacketCommunicator communicator, MyDevice device) { // Supposing to be on ethernet, set mac source MacAddress source = new MacAddress(device.MacAddressWithDots()); // set mac destination to broadcast MacAddress destination = new MacAddress("FF:FF:FF:FF:FF:FF"); // Create the packets layers // Ethernet Layer EthernetLayer ethernetLayer = new EthernetLayer { Source = source, Destination = destination }; // IPv4 Layer IpV4Layer ipV4Layer = new IpV4Layer { Source = new IpV4Address(device.IPAddress), Ttl = 128, // The rest of the important parameters will be set for each packet }; // ICMP Layer IcmpEchoLayer icmpLayer = new IcmpEchoLayer(); // Create the builder that will build our packets PacketBuilder builder = new PacketBuilder(ethernetLayer, ipV4Layer, icmpLayer); string ipBeg = device.IpWithoutEnd(); //Send 100 Pings to different destination with different parameters for (int i = 0; i < 256; i++) { // Set IPv4 parameters ipV4Layer.CurrentDestination = new IpV4Address(ipBeg + i); ipV4Layer.Identification = (ushort)i; // Set ICMP parameters icmpLayer.SequenceNumber = (ushort)i; icmpLayer.Identifier = (ushort)i; // Build the packet Packet packet = builder.Build(DateTime.Now); // Send down the packet communicator.SendPacket(packet); //Console.WriteLine("172.16.1." + i); } }
private static EthernetLayer BuildEthernetLayer(MyDevice newDev, Address addr) { EthernetLayer ethLayer = null; if (addr != null) { //Console.WriteLine("ADDR: " + addr.Mac.ToString()); ethLayer = new EthernetLayer { Source = new MacAddress(newDev.MacAddressWithDots()), Destination = new MacAddress(addr.Mac) }; //Console.WriteLine("%%%%Src: " + newDev.MacAddressWithDots() + " Dst: " + addr.Mac); } return ethLayer; }
//bridge pretends to be target computer private static void ArpPoison(Packet packet, MyDevice devObj) { string SrcMac = packet.Ethernet.Source.ToString(); PhysicalAddress pySrc = PhysicalAddress.Parse(devObj.MacAddress); PhysicalAddress pyDest = PhysicalAddress.Parse(RemoveDots(SrcMac)); //IPAddress ipSrc = IPAddress.Parse(devObj.IPAddress); IPAddress ipSrc = null; IPAddress ipDest = IPAddress.Parse(packet.IpV4.Source.ToString()); try { ipSrc = IPAddress.Parse(packet.Ethernet.Arp.TargetProtocolIpV4Address.ToString()); } catch (Exception e) { } //Console.WriteLine("PY-SRC: " + pySrc + ", PY-DST: " + pyDest + ", iP-SRC: " + ipSrc + ", IP-DST: " + ipDest); SendResponse(pySrc, pyDest, ipDest, ipSrc); }
//Capture thread public static void CaptureStarter() //adds parameters to device objects and start capture function { // Take the selected adapter PacketDevice selectedDevice = allDevices[deviceNumber]; int threadID = System.Threading.Thread.CurrentThread.ManagedThreadId; //fetch current thread ID CaptureDeviceList devices = CaptureDeviceList.Instance; string dName = selectedDevice.Name; dName = dName.Substring(dName.IndexOf('{') + 1, (dName.IndexOf('}') - dName.IndexOf('{') - 1)); string dAddress = ""; ICaptureDevice capDevice = null; foreach (ICaptureDevice dev in devices) { dev.Open(); string name = dev.Name; name = name.Substring(name.IndexOf('{') + 1, (name.IndexOf('}') - name.IndexOf('{') - 1)); if (dName.Equals(name)) { dAddress = dev.MacAddress.ToString(); capDevice = dev; } } string deviceIP = selectedDevice.Addresses[1].Address.ToString(); deviceIP = deviceIP.Split(' ')[1]; Console.WriteLine("DEVICE IP: " + deviceIP); // Open the device using (PacketCommunicator communicator = selectedDevice.Open(65536, // portion of the packet to capture // 65536 guarantees that the whole packet will be captured on all the link layers PacketDeviceOpenAttributes.Promiscuous, // promiscuous mode 1000)) // read timeout { MyDevice device = new MyDevice(selectedDevice, dAddress, deviceIP, threadID, capDevice, communicator); myDevices.Add(device); //Console.WriteLine("Dev ID:" + device.ID); //Console.WriteLine("Dev Name:" + device.Device.Name); //Console.WriteLine("Dev MAC: " + device.MacAddress); //using (BerkeleyPacketFilter filter = communicator.CreateFilter("icmp or arp")) //{ // //Set the filter // communicator.SetFilter(filter); //} Console.WriteLine("Listening on device " + (deviceNumber + 1) + " out of " + allDevices.Count + " : " + selectedDevice.Description + "..."); // Start the capture communicator.ReceivePackets(0, PacketHandler); } }
private static void HandleTcp(Packet packet, int threadID) { TcpLayer tcpLayer = (TcpLayer)packet.Ethernet.IpV4.Tcp.ExtractLayer(); MyDevice newDev = GetDevice(threadID, "other"); IpV4Layer ipLayer = (IpV4Layer)packet.Ethernet.IpV4.ExtractLayer(); PayloadLayer tcpPayload = (PayloadLayer)packet.Ethernet.IpV4.Tcp.Payload.ExtractLayer(); TcpSessionKey tcpKey1 = new TcpSessionKey(ipLayer.Source.ToString(), tcpLayer.SourcePort, ipLayer.Destination.ToString(), tcpLayer.DestinationPort); TcpSessionKey tcpKey2 = new TcpSessionKey(ipLayer.Destination.ToString(), tcpLayer.DestinationPort, ipLayer.Source.ToString(), tcpLayer.SourcePort); bool newSession = false; TcpSessionValue currentSession = null; try { currentSession = sessionDic[tcpKey1]; } catch { try { currentSession = sessionDic[tcpKey2]; } catch { newSession = true; TcpSessionKey tcpKeyN = new TcpSessionKey(ipLayer.Source.ToString(), tcpLayer.SourcePort, ipLayer.Destination.ToString(), tcpLayer.DestinationPort); TcpSessionValue tcpValueN = new TcpSessionValue(tcpLayer.SequenceNumber, tcpLayer.AcknowledgmentNumber, 64000, tcpLayer.SequenceNumber); currentSession = tcpValueN; sessionDic.Add(tcpKeyN, tcpValueN); } } if (!newSession) { int prevAckNum = (int)currentSession.ackNum; int prevSeqNum = (int)currentSession.seqNum; int curAckNum = (int)tcpLayer.AcknowledgmentNumber; int curSeqNum = (int)tcpLayer.SequenceNumber; int oldSeqNum = (int)currentSession.prevseq; if (curSeqNum - oldSeqNum < currentSession.windowSize && curSeqNum - oldSeqNum >= 0 && (curSeqNum == prevSeqNum || curAckNum == prevSeqNum)) { currentSession.prevseq = currentSession.seqNum; currentSession.ackNum = tcpLayer.AcknowledgmentNumber; currentSession.seqNum = tcpLayer.SequenceNumber; Packet newPacket = null; string targetMac = null; targetMac = GetTargetAddress(packet, newDev).Mac; if (targetMac != null) { newPacket = BuildTcpPacket(new MacAddress(newDev.MacAddressWithDots()), new MacAddress(targetMac), ipLayer, tcpLayer, tcpPayload); } else { Console.WriteLine("No target MAC found"); } Console.WriteLine("packet built"); if (newPacket.IsValid) { Console.WriteLine("TCP packet sent"); newDev.Communicator.SendPacket(newPacket); } else { Console.WriteLine("Packet not valid"); } } else { Console.WriteLine("TCP packet not valid"); } } }