// tcp public void VerifyPacket1(Packet p, RawCapture rawCapture) { Console.WriteLine(p.ToString()); EthernetPacket e = (EthernetPacket)p; Assert.AreEqual("0016CFC91E29", e.SourceHwAddress.ToString()); Assert.AreEqual("0014BFF2EF0A", e.DestinationHwAddress.ToString()); IpPacket ip = (IpPacket)p.PayloadPacket; Assert.AreEqual(System.Net.IPAddress.Parse("192.168.1.104"), ip.SourceAddress); Assert.AreEqual(System.Net.IPAddress.Parse("86.42.196.13"), ip.DestinationAddress); Assert.AreEqual(64, ip.TimeToLive); Assert.AreEqual(0x2ff4, ((IPv4Packet)ip).CalculateIPChecksum()); Assert.AreEqual(1171483600, rawCapture.Timeval.Seconds); Assert.AreEqual(125234.000, rawCapture.Timeval.MicroSeconds); TcpPacket tcp = (TcpPacket)ip.PayloadPacket; Assert.AreEqual(56925, tcp.SourcePort); Assert.AreEqual(50199, tcp.DestinationPort); Assert.IsTrue(tcp.Ack); Assert.IsTrue(tcp.Psh); Assert.AreEqual(16666, tcp.WindowSize); Assert.AreEqual(0x9b02, tcp.CalculateTCPChecksum()); Assert.AreEqual(0x9b02, tcp.Checksum); Assert.IsTrue(tcp.ValidTCPChecksum); }
private void AnalyzeTCP(Packet p) { if (!(p.PayloadPacket.PayloadPacket is TcpPacket)) return; EthernetPacket ethernet = (EthernetPacket)p; IpPacket ip = (IpPacket)p.PayloadPacket; TcpPacket tcp = (TcpPacket)p.PayloadPacket.PayloadPacket; Neighbor neighbor = null; if (tcp.Syn && tcp.Ack) { neighbor = Program.CurrentProject.data.GetNeighbor(ethernet.SourceHwAddress); if (neighbor == null) return; if (neighbor.ExistsIP(ip.SourceAddress)) { Port port = new Port(tcp.SourcePort, Protocol.TCP, ip.SourceAddress); if (!(neighbor.ExistsPort(port))) { neighbor.AddPort(port); Program.CurrentProject.data.AddNeighbor(neighbor); } } else return; } }
public void ReportPacketCapture(Packet packet, DateTime arrivalTime) { IpPacket ip = (IpPacket)packet.Extract(typeof(IpPacket)); TcpPacket tcp = (TcpPacket)packet.Extract(typeof(TcpPacket)); ASCIIEncoding format = new ASCIIEncoding(); string payloadAsText = format.GetString(packet.Bytes); payloadAsText = payloadAsText.ToLower(); //remove non readable characters //payloadAsText = Regex.Replace(payloadAsText, @"[^\u0000-\u007F]", string.Empty); payloadAsText = Regex.Replace(payloadAsText, "[^0-9a-zA-Z]+", string.Empty); if ((tcp != null) && (payloadAsText.Contains("ftp"))) { int x = 5; } if (payloadAsText.Length > 255) { payloadAsText = payloadAsText.Substring(0, 255); } if (tcp != null) { _sensorEventAgent.LogEvent(_sensorId, ip.DestinationAddress.ToString(), tcp.DestinationPort, ip.SourceAddress.ToString(), tcp.SourcePort, arrivalTime, payloadAsText); } }
public void ReportPacketCapture(Packet packet, DateTime arrivalTime) { var ip = (PacketDotNet.IpPacket)packet.Extract(typeof(PacketDotNet.IpPacket)); //IpPacket ip = (IpPacket)packet.Extract(typeof(IpPacket)); TcpPacket tcp = (TcpPacket)packet.Extract(typeof(TcpPacket)); ASCIIEncoding format = new ASCIIEncoding(); string payloadAsText = format.GetString(packet.Bytes); payloadAsText = payloadAsText.ToLower(); //remove non readable characters //payloadAsText = Regex.Replace(payloadAsText, @"[^\u0000-\u007F]", string.Empty); payloadAsText = Regex.Replace(payloadAsText, "[^0-9a-zA-Z]+", string.Empty); if ((tcp != null) && (payloadAsText.Contains("ftp"))) { int x = 5; } if (payloadAsText.Length > 255) { payloadAsText = payloadAsText.Substring(0, 255); } if (tcp != null) { _sensorEventAgent.LogEvent(_sensorId, ip.DestinationAddress.ToString(), tcp.DestinationPort, ip.SourceAddress.ToString(), tcp.SourcePort, arrivalTime, payloadAsText); } }
public HLPacket(Packet parent, int headerLen) { var i = parent; for (; i.PayloadPacket != null; i = i.PayloadPacket) ; header = new PacketDotNet.Utils.ByteArraySegment(i.Bytes, i.Header.Length, headerLen); i.PayloadPacket = this; }
// tcp public void VerifyPacket0(Packet p, RawCapture rawCapture) { Console.WriteLine(p.ToString()); EthernetPacket e = (EthernetPacket)p; Assert.AreEqual(PhysicalAddress.Parse("00-13-10-03-71-47"), e.SourceHwAddress); Assert.AreEqual(PhysicalAddress.Parse("00-E0-4C-E5-73-AD"), e.DestinationHwAddress); IpPacket ip = (IpPacket)e.PayloadPacket; Assert.AreEqual(System.Net.IPAddress.Parse("82.165.240.134"), ip.SourceAddress); Assert.AreEqual(System.Net.IPAddress.Parse("192.168.1.221"), ip.DestinationAddress); Assert.AreEqual(IpVersion.IPv4, ip.Version); Assert.AreEqual(IPProtocolType.TCP, ip.Protocol); Assert.AreEqual(254, ip.TimeToLive); Assert.AreEqual(0x0df8, ((IPv4Packet)ip).CalculateIPChecksum()); Assert.AreEqual(1176685346, rawCapture.Timeval.Seconds); Assert.AreEqual(885259.000, rawCapture.Timeval.MicroSeconds); TcpPacket tcp = (TcpPacket)ip.PayloadPacket; Assert.AreEqual(80, tcp.SourcePort); Assert.AreEqual(4324, tcp.DestinationPort); Assert.IsTrue(tcp.Ack); Assert.AreEqual(3536, tcp.WindowSize); Assert.AreEqual(0xc835, tcp.CalculateTCPChecksum()); Console.WriteLine("tcp.Checksum is {0}", tcp.Checksum); Assert.AreEqual(0xc835, tcp.Checksum, "tcp.Checksum mismatch"); Assert.IsTrue(tcp.ValidTCPChecksum); }
private void sendPackage(PacketDotNet.Packet udpPacket) { foreach (PcapDevice device in SharpPcap.CaptureDeviceList.Instance) { PacketDotNet.Packet p = udpPacket;// = new PacketDotNet.UdpPacket();// //p.EthernetProtocol = EthernetProtocols_Fields.IP; //p.IPVersion = IPVersions_Fields.IPV4; //p.IPProtocol = IPProtocols_Fields.UDP;// //p.TimeToLive = 2;// //p.IPHeaderLength = IPFields_Fields.IP_HEADER_LEN;// //p.Length = 60;// //p.SourceHwAddress = strSouMac; //p.DestinationHwAddress = strGateWayMac; //p.SourceAddress = "201.23.12.88"; //p.SourcePort = 12345; //p.DestinationAddress = "192.168.100.106"; //p.DestinationPort = 9000; //p.ComputeIPChecksum(true);// //p.ComputeUDPChecksum(true); p.PayloadPacket.PayloadPacket.PayloadData[0] = 0x10; p.PayloadPacket.PayloadPacket.UpdateCalculatedValues(); device.SendPacket(p.Bytes); } }
public bool CheckIfIsDHCP(Packet p) { if (p.PayloadPacket == null || p.PayloadPacket.PayloadPacket == null || !(p.PayloadPacket.PayloadPacket is UdpPacket) || ((p.PayloadPacket.PayloadPacket as UdpPacket).DestinationPort != 67 && (p.PayloadPacket.PayloadPacket as UdpPacket).DestinationPort != 68)) return false; else return true; }
/// <summary> /// handle the packet capture event /// </summary> /// <param name="sender"></param> /// <param name="e"></param> private void _currentCaptureDevice_OnPacketArrival(object sender, CaptureEventArgs e) { PacketDotNet.Packet packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data); Console.WriteLine("device_OnPacketArrival: " + e.Device.Statistics); foreach (ISensorReport reportMethod in _reportMethods) { reportMethod.ReportPacketCapture(packet, e.Packet.Timeval.Date); } }
public static EthernetPacket CreateEthernetPacket(PhysicalAddress sourceAddress, PhysicalAddress destinationAddress, Packet payloapPacket) { var result = new EthernetPacket(sourceAddress, destinationAddress, EthernetPacketType.IpV4) { PayloadPacket = payloapPacket }; return result; }
//handles how packets are processed for connectivity check. if there are packts, sets flag to true. same logic as PacketHandler private static void DeviceConnectivityHandler(object sender, CaptureEventArgs e) { PacketDotNet.Packet packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data); string details = string.Format("{0}", packet.ToString()); if ((!string.IsNullOrEmpty(details)) && (!string.IsNullOrWhiteSpace(details))) { isDeviceActive = true; } }
private void OnPacketArrival(object sender, CaptureEventArgs e) { var tcp = (TcpPacket)Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data).Extract(typeof(TcpPacket)); var ipv4 = (IPv4Packet)tcp.ParentPacket; var sourceAddress = ipv4.SourceAddress.ToString(); var data = tcp.PayloadData; if (sourceAddress == _serverIp) { if (IsZlibStartPacket(data)) { _libFaolanCompression = new LibFaolanCompression(); } if (_libFaolanCompression == null) { throw new Exception("_libFaolanCompression == null"); } var decompressedData = _libFaolanCompression.Inflate(data); if (decompressedData == null) { throw new Exception("decompressedData == null"); } if (decompressedData.Length == 0) { return; } foreach (var cp in _serverWireProtocol.CreateMessages(decompressedData)) { _capturedPackets.Add(new PacketWrapper(_packetCounter++, ipv4, tcp.SourcePort, tcp.DestinationPort, (ConanPacket)cp)); } } else if (sourceAddress == _clientIp) { // Client sometimes sends the zlib start packet, but never actually uses compression (anymore) if (IsZlibStartPacket(data)) { Console.WriteLine("Client send zlib start packet"); return; } foreach (var cp in _clientWireProtocol.CreateMessages(data)) { _capturedPackets.Add(new PacketWrapper(_packetCounter++, ipv4, tcp.SourcePort, tcp.DestinationPort, (ConanPacket)cp)); } } else { throw new Exception("Weird stuff is happening"); } }
public TcpPacket(byte[] Bytes, int Offset, PosixTimeval Timeval, Packet ParentPacket) : this(Bytes, Offset, Timeval) { this.ParentPacket = ParentPacket; if (this.ParentPacket is IPv4Packet) { IPv4Packet parentPacket = (IPv4Packet) this.ParentPacket; int num = parentPacket.TotalLength - (parentPacket.HeaderLength * 4); int num2 = num - this.Header.Length; base.payloadPacketOrData.TheByteArraySegment.Length = num2; } }
public bool CheckIfIsRequestDHCPIpv6(Packet p) { if (p.PayloadPacket == null || p.PayloadPacket.PayloadPacket == null) return false; if (!(p.PayloadPacket.PayloadPacket is UdpPacket) || !(p.PayloadPacket is IPv6Packet)) return false; if ((p.PayloadPacket as IPv6Packet).SourceAddress.Equals(Program.CurrentProject.data.GetIPv6LocalLinkFromDevice(device))) return false; if ((p.PayloadPacket.PayloadPacket as UdpPacket).SourcePort == 546 && (p.PayloadPacket.PayloadPacket as UdpPacket).DestinationPort == 547) return true; return false; }
public static void getEndPoint(Packet p, out System.Net.IPEndPoint src, out System.Net.IPEndPoint dest) { if (p.PayloadPacket is IpPacket) if (p.PayloadPacket.PayloadPacket is TcpPacket) { src = new System.Net.IPEndPoint((p.PayloadPacket as IpPacket).SourceAddress, (p.PayloadPacket.PayloadPacket as TcpPacket).SourcePort); dest = new System.Net.IPEndPoint((p.PayloadPacket as IpPacket).DestinationAddress, (p.PayloadPacket.PayloadPacket as TcpPacket).DestinationPort); return; } src = null; dest = null; }
public static void AnalyzePacket(Packet p) { if (p == null) return; if ( (p.PayloadPacket != null && p.PayloadPacket is IPv6Packet) && (p.PayloadPacket.PayloadPacket != null && p.PayloadPacket.PayloadPacket is ICMPv6Packet) ) { AnalyzeICMPv6Packet(p); } }
/// <summary> /// Initialize Http Packet /// </summary> /// <param name="packet">First TCP packet which consist of Http packet</param> public HttpPacket(Packet packet) : this() { try { TcpPacket tcpPacket = (TcpPacket)packet.Extract(typeof(TcpPacket)); // Update next sequence number nextSequenceNumber = tcpPacket.SequenceNumber + (uint)packet.PayloadPacket.PayloadPacket.PayloadData.Length; ParsingHeader(packet.PayloadPacket.PayloadPacket.PayloadData); } catch (ArgumentException e) { throw new ArgumentException("invalid packet data"); } }
public void AnalyzePacket(Packet p) { try { if (p is EthernetPacket) { if (p.PayloadPacket == null) return; //Para que no se procesen los paquetes del DoS if ((p as EthernetPacket).SourceHwAddress.Equals(DoSSLAAC.MACsrc)) return; if (p.PayloadPacket is ARPPacket) AnalyzeARP(p); if (p.PayloadPacket is IPv6Packet) AnalyzeIPv6Packet(p); else if (p.PayloadPacket is IPv4Packet) AnalyzeIPv4Packet(p); AnalyzeLLMNR(p); // Ataque pasivo DHCP ACK Injector en Ipv4 if ((attacks.Where(A => A.attackType == AttackType.DHCPACKInjection && A.attackStatus == AttackStatus.Attacking).Count() > 0)) { if (DHCPACKInjection.CheckIfIsDHCP(p)) DHCPACKInjection.AnalyzePacket(device, p); } // Ataque pasivo DHCP IPv6 if ((attacks.Where(A => A.attackType == AttackType.DHCPIpv6 && A.attackStatus == AttackStatus.Attacking).Count() > 0)) { if (DHCPIpv6.CheckIfIsRequestDHCPIpv6(p)) DHCPIpv6.AnalyzePacket(device, p); } OSDetector.AnalyzePacket(p); pasivePortScan.AnalyzePacket(p); route.CheckToRoutePacket(p); } } catch { // Paquete perdido!!! } }
/// <summary> /// Comprueba si el paquete ha sido enrutado verificando si llega de 8.8.8.8 con seqId = 1 /// </summary> /// <returns></returns> private bool IsRoutedPacked(Packet p) { if ((p.PayloadPacket != null) && (p.PayloadPacket is IPv4Packet) && (p.PayloadPacket.PayloadPacket != null) && (p.PayloadPacket.PayloadPacket is TcpPacket)) { TcpPacket tcp = (TcpPacket)p.PayloadPacket.PayloadPacket; if (tcp.DestinationPort == 31337 && tcp.SourcePort == 53) { if (tcp.AcknowledgmentNumber == 1) { return true; } } } return false; }
// arp response private void VerifyPacket1(Packet p) { var arpPacket = (ARPPacket)p.Extract (typeof(ARPPacket)); Assert.IsNotNull(arpPacket, "Expected arpPacket to not be null"); IPAddress senderIp = IPAddress.Parse("192.168.1.214"); IPAddress targetIp = IPAddress.Parse("192.168.1.202"); Assert.AreEqual(senderIp, arpPacket.SenderProtocolAddress); Assert.AreEqual(targetIp, arpPacket.TargetProtocolAddress); string senderMacAddress = "00216A020854"; string targetMacAddress = "000461990154"; Assert.AreEqual(senderMacAddress, arpPacket.SenderHardwareAddress.ToString()); Assert.AreEqual(targetMacAddress, arpPacket.TargetHardwareAddress.ToString()); }
// arp request private void VerifyPacket0(Packet p) { var arpPacket = ARPPacket.GetEncapsulated(p); Assert.IsNotNull(arpPacket, "Expected arpPacket to not be null"); IPAddress senderIp = IPAddress.Parse("192.168.1.202"); IPAddress targetIp = IPAddress.Parse("192.168.1.214"); Assert.AreEqual(senderIp, arpPacket.SenderProtocolAddress); Assert.AreEqual(targetIp, arpPacket.TargetProtocolAddress); string senderMacAddress = "000461990154"; string targetMacAddress = "000000000000"; Assert.AreEqual(senderMacAddress, arpPacket.SenderHardwareAddress.ToString()); Assert.AreEqual(targetMacAddress, arpPacket.TargetHardwareAddress.ToString()); }
public void GenerateLLMNRResponse(Packet packet) { try { LLMNR.LLMNRPacket llmnr = new LLMNR.LLMNRPacket(); llmnr.ParsePacket(((UdpPacket)(packet.PayloadPacket.PayloadPacket)).PayloadData); if (llmnr.Query.Name.ToLower().Equals("wpad") && llmnr.Query.Type.Value == LLMNR.DNSType.A) { WinPcapDevice dev = Program.CurrentProject.data.GetDevice(); IPAddress ip = Program.CurrentProject.data.GetIPv4FromDevice(dev); byte[] ipv4Addr = ip.GetAddressBytes(); llmnr.AnswerList.Add(new LLMNR.DNSAnswer() { Class = evilfoca.LLMNR.DNSClass.IN, Name = llmnr.Query.Name, Type = evilfoca.LLMNR.DNSType.A, RData = ipv4Addr, RDLength = (short)ipv4Addr.Length, TTL = 12 }); llmnr.IsResponse = true; EthernetPacket ethDns = new EthernetPacket(dev.MacAddress, ((EthernetPacket)packet).SourceHwAddress, EthernetPacketType.IpV4); IPv4Packet ipv4Dns = new IPv4Packet(ip, ((IPv4Packet)((EthernetPacket)packet).PayloadPacket).SourceAddress); UdpPacket udpDns = new UdpPacket(((UdpPacket)(packet.PayloadPacket.PayloadPacket)).DestinationPort, ((UdpPacket)(packet.PayloadPacket.PayloadPacket)).SourcePort); udpDns.PayloadData = llmnr.BuildPacket(); ipv4Dns.PayloadPacket = udpDns; udpDns.UpdateCalculatedValues(); udpDns.UpdateUDPChecksum(); ipv4Dns.UpdateIPChecksum(); ipv4Dns.UpdateCalculatedValues(); ethDns.PayloadPacket = ipv4Dns; Program.CurrentProject.data.SendPacket(ethDns); } } catch (Exception) { } }
public void AnalyzePacket(Packet p) { if (p == null) return; if (p.PayloadPacket == null) return; if (p.PayloadPacket.PayloadPacket == null) return; if (p.PayloadPacket is IpPacket) { if (p.PayloadPacket.PayloadPacket is TcpPacket) AnalyzeTCP(p); else if (p.PayloadPacket.PayloadPacket is UdpPacket) AnalyzeUDP(p); } }
public static Idmef.IDMEFMessage CreateAltertMessageFromRawPacket(Packet packet) { IDMEFMessage idmefMessage = new IDMEFMessage(); idmefMessage.Items = new object[1]; //this is an IDMEF alert Alert alertMessage = new Idmef.Alert(); //build the alert message alertMessage.CreateTime = CreateTimestamp(DateTime.Now); // add more alert stuff here //add the alert to the message idmefMessage.Items[0] = alertMessage; return idmefMessage; }
private void VerifyPacket0(Packet p) { // expect an arp packet var arpPacket = ARPPacket.GetEncapsulated(p); Assert.IsNotNull(arpPacket, "Expected arpPacket to not be null"); // validate some of the LinuxSSLPacket fields var l = (LinuxSLLPacket)p; Assert.AreEqual(6, l.LinkLayerAddressLength, "Address length"); Assert.AreEqual(1, l.LinkLayerAddressType); Assert.AreEqual(LinuxSLLType.PacketSentToUs, l.Type); // validate some of the arp fields Assert.AreEqual("192.168.1.1", arpPacket.SenderProtocolAddress.ToString(), "Arp SenderProtocolAddress"); Assert.AreEqual("192.168.1.102", arpPacket.TargetProtocolAddress.ToString(), "Arp TargetProtocolAddress"); }
private static void AnalyzeICMPv6Packet(Packet packet) { if (!(packet.PayloadPacket.PayloadPacket is ICMPv6Packet)) return; try { ICMPv6Types type = ((ICMPv6Packet)packet.PayloadPacket.PayloadPacket).Type; if (type == ICMPv6Types.NeighborAdvertisement) { ushort payloadLen = ((IPv6Packet)packet.PayloadPacket).PayloadLength; byte[] flags = new byte[4]; flags[0] = (packet.PayloadPacket.PayloadPacket).Bytes[4]; flags[1] = (packet.PayloadPacket.PayloadPacket).Bytes[5]; flags[2] = (packet.PayloadPacket.PayloadPacket).Bytes[6]; flags[3] = (packet.PayloadPacket.PayloadPacket).Bytes[7]; Data.Neighbor neighbor = Program.CurrentProject.data.GetNeighbor(((EthernetPacket)packet).SourceHwAddress); if (neighbor != null) { // Si el payload UDP es 24 bytes, y los flags son 0x40000000 (sol) puede ser un linux, y no un windows (0x60000000, sol ovr). if ((flags[0] == 0x40) && (flags[1] == 0x00) && (flags[2] == 0x00) && (flags[3] == 0x00)) { // Linux if (neighbor.osPlatform == Data.Platform.Unknow) neighbor.osPlatform = Data.Platform.Linux; } else if ((flags[0] == 0x60) && (flags[1] == 0x00) && (flags[2] == 0x00) && (flags[3] == 0x00)) { // Windows if (neighbor.osPlatform == Data.Platform.Unknow) neighbor.osPlatform = Data.Platform.Windows; } } } } catch (ArgumentOutOfRangeException) { } }
/// <summary> /// 为当前的TreeView增加节点(节点信息来自编码的包的字段) /// </summary> /// <param name="p">要解码的包</param> /// <param name="deepth">当前各个项的根节点的序号</param> private void addNodes(Packet p, int deepth) { //增加包的类型名称并切掉命名空间前缀 string packetName = p.GetType().ToString(); packetName = packetName.Substring(13, packetName.Length - 13); TreeNode rootNode = new TreeNode(packetName); this.tvPacket.Nodes.Add(rootNode); Type t = p.GetType(); PropertyInfo[] pis = t.GetProperties(); //输出包的各个属性 for (int i = 0; i < pis.Length; i++) { string name = pis[i].Name; Object value = pis[i].GetValue(p, null); //空属性不输出;Color属性不输出;类型为System.Byte[]的项不输出 if (value != null && name != "Color" && pis[i].PropertyType.FullName != "System.Byte[]") { string strValue = value.ToString(); this.tvPacket.Nodes[deepth].Nodes.Add(new TreeNode(name + " : " + strValue)); } } }
public bool CheckIfHijack(Packet p) { foreach (Data.Attack attack in attacks.Where(A => A.attackType == Data.AttackType.DNSHijacking && A.attackStatus == Data.AttackStatus.Attacking)) { if ((p.PayloadPacket != null && p.PayloadPacket.PayloadPacket != null) && (p.PayloadPacket.PayloadPacket is UdpPacket)) { EthernetPacket ethernet = (EthernetPacket)p; IpPacket ip = (IpPacket)p.PayloadPacket; UdpPacket udp = (UdpPacket)p.PayloadPacket.PayloadPacket; if ((udp.SourcePort == 53)) // La respuesta DNS { // Comprobamos que venga a nuestra MAC pero no a nuestra IP if (NeedToRoute(ip)) { try { Heijden.DNS.Response response = new Heijden.DNS.Response(new IPEndPoint(IPAddress.Parse("1.2.3.4"), 53), udp.PayloadData); DNSHijackAttack dnsAttack = (DNSHijackAttack)attack; foreach (Heijden.DNS.Question q in response.Questions) { if ((q.QName == dnsAttack.domain + ".") || dnsAttack.domain == "*") return true; } } catch { return false; } } else return false; } } } return false; }
/* * handles how packets are processed. prints off timestamp, length of packet, and readable packet information * saves each packet to a queue for later processing. email admin if there are any issues */ private static void PacketHandler(object sender, CaptureEventArgs e) { try { PacketDotNet.Packet packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data); DateTime time = e.Packet.Timeval.Date; int length = e.Packet.Data.Length; string details = string.Format("{0} Length={1}\n{2}\n\n", DateTime.Now, length, packet.ToString()); Console.WriteLine(details); currentDetailsQueue.AppendLine(details); IPv4Packet ipv4Packet = packet.PayloadPacket as IPv4Packet; if ((currentTrafficQueue.Contains(ipv4Packet.SourceAddress) == false) && (ipv4Packet.SourceAddress.ToString().Contains("192.168") == false)) { currentTrafficQueue.Add(ipv4Packet.SourceAddress); } } catch (Exception exception) { Security.CheckInternetConnection(); Security.EmailAdmin(exception.ToString(), "PacketHandler"); } }
// icmpv6 public void VerifyPacket0(Packet p, RawCapture rawCapture) { Assert.IsNotNull(p); Console.WriteLine(p.ToString()); EthernetPacket e = (EthernetPacket)p; Assert.AreEqual(PhysicalAddress.Parse("00-A0-CC-D9-41-75"), e.SourceHwAddress); Assert.AreEqual(PhysicalAddress.Parse("33-33-00-00-00-02"), e.DestinationHwAddress); var ip = IpPacket.GetEncapsulated(p); Console.WriteLine("ip {0}", ip.ToString()); Assert.AreEqual(System.Net.IPAddress.Parse("fe80::2a0:ccff:fed9:4175"), ip.SourceAddress); Assert.AreEqual(System.Net.IPAddress.Parse("ff02::2"), ip.DestinationAddress); Assert.AreEqual(IpVersion.IPv6, ip.Version); Assert.AreEqual(IPProtocolType.ICMPV6, ip.Protocol); Assert.AreEqual(16, ip.PayloadPacket.Bytes.Length, "ip.PayloadPacket.Bytes.Length mismatch"); Assert.AreEqual(255, ip.HopLimit); Assert.AreEqual(255, ip.TimeToLive); Assert.AreEqual(0x3a, (byte)ip.NextHeader); Console.WriteLine("Failed: ip.ComputeIPChecksum() not implemented."); Assert.AreEqual(1221145299, rawCapture.Timeval.Seconds); Assert.AreEqual(453568.000, rawCapture.Timeval.MicroSeconds); }
private void Write(Packet packet) { var ethPacket = packet as EthernetPacket; if (ethPacket == null) return; var ipPacket = ethPacket.Extract(typeof (IPv4Packet)) as IPv4Packet; if (ipPacket == null) return; var udpPacket = ipPacket.Extract(typeof (UdpPacket)) as UdpPacket; if (udpPacket == null) return; var sb = new StringBuilder(); sb.Append(String.Format("{0:yyyyMMdd HHmmss:fff}", DateTime.Now)); sb.Append("\t"); sb.Append(ethPacket.SourceHwAddress); sb.Append("\t"); sb.Append(ethPacket.DestinationHwAddress); sb.Append("\t"); sb.Append(ipPacket.SourceAddress); sb.Append("\t"); sb.Append(ipPacket.DestinationAddress); sb.Append("\t"); sb.Append(udpPacket.SourcePort); sb.Append("\t"); sb.Append(udpPacket.DestinationPort); sb.Append("\t"); var dhcpPacket = new DhcpPacket(udpPacket.PayloadData); dhcpPacket.ReadPacket(_parameters, sb); sb.Append("\r\n"); String loggingText = sb.ToString(); File.AppendAllText(_parameters.LogFilename, loggingText); Console.Write(loggingText); }
public PacketEventArgs(Packet packet) { this.packet = packet; }
public ArpEventArgs(Packet p) { this.p = p; }
public void SendPacket(PacketDotNet.Packet packet) { this.device.SendPacket(packet); }
public static ushort PayloadChecksum(this PacketDotNet.Packet packet) { return(CRC16.ComputeChecksum(packet.PayloadData)); }
public Entry(SharpPcap.PosixTimeval timeval, PacketDotNet.Packet packet) { this.Timeval = timeval; this.Packet = packet; }
private int sendMsg(int srcPort, int destPort, PacketDotNet.Packet packet) { if (destPort.Equals(srcPort)) { // Console.WriteLine("Src a dest sa rovnaju zahod paket"); return(-1); } else if (destPort.Equals(-1)) { // Console.WriteLine("Robime flood"); if (srcPort.Equals(1)) { // Console.WriteLine("Posielame flood na 2 a ja som src " + srcPort); try { //Send the packet out the network device dev2.SendPacket(packet); // System.Diagnostics.Trace.WriteLine("-- Packet sent successfuly."); } catch (Exception e) { System.Diagnostics.Trace.WriteLine("-- " + e.Message); } return(2); } else if (srcPort.Equals(2)) { // Console.WriteLine("Posielame flood na 1 a ja som src " + srcPort); try { //Send the packet out the network device dev1.SendPacket(packet); // System.Diagnostics.Trace.WriteLine("-- Packet sent successfuly."); } catch (Exception e) { System.Diagnostics.Trace.WriteLine("-- " + e.Message); } return(1); } } else if (destPort.Equals(1) && !destPort.Equals(srcPort)) { //Console.WriteLine("Posielame klasika na 1"); try { //Send the packet out the network device dev1.SendPacket(packet); // System.Diagnostics.Trace.WriteLine("-- Packet sent successfuly."); } catch (Exception e) { System.Diagnostics.Trace.WriteLine("-- " + e.Message); } return(1); } else if (destPort.Equals(2) && !destPort.Equals(srcPort)) { // Console.WriteLine("Posielame klasika na 2"); try { //Send the packet out the network device dev2.SendPacket(packet); // System.Diagnostics.Trace.WriteLine("-- Packet sent successfuly."); } catch (Exception e) { System.Diagnostics.Trace.WriteLine("-- " + e.Message); } return(2); } return(-1); }
private void VerifyPacket2(Packet p) { // expecting a tcp packet Assert.IsNotNull(TcpPacket.GetEncapsulated(p), "expected a tcp packet"); }
private void VerifyPacket1(Packet p) { // expect a udp packet Assert.IsNotNull(UdpPacket.GetEncapsulated(p), "expected a udp packet"); }
/// <summary> /// Constructor with parent packet /// </summary> /// <param name="bas"> /// A <see cref="ByteArraySegment"/> /// </param> /// <param name="ParentPacket"> /// A <see cref="Packet"/> /// </param> public ICMPv6Packet(ByteArraySegment bas, Packet ParentPacket) : this(bas) { this.ParentPacket = ParentPacket; }
public packView(int loffset , ref PacketDotNet.Packet targetPack) { pack = targetPack; Text = pack.GetType().Name; moffset = loffset; listField(ref pack); paintNodes(); }