public TcpHeader(IPHeader ip) { if (ip.Protocol == IPProtocol.Tcp) { data = ip.Data; headerOffset = ip.DataOffset; sourcePort = data[headerOffset] << 8 | data[headerOffset + 1]; destinationPort = data[headerOffset + 2] << 8 | data[headerOffset + 3]; flags = (TcpFlags)(data[headerOffset + 13] & 0x3f); dataOffset = headerOffset + ((data[headerOffset + 12] & 0xF0) >> 2); dataLength = ip.DataLength - (dataOffset - headerOffset); } else { throw new PacketFormatException("Packet is not TCP"); } }
public UdpHeader(IPHeader ip) { headerOffset = ip.DataOffset; if (ip.Protocol == IPProtocol.Udp) { data = ip.Data; if (data.Length < headerOffset + 2) { throw new PacketFormatException("Packet too short: sourcePort"); } sourcePort = data[headerOffset] << 8 | data[headerOffset + 1]; if (data.Length < headerOffset + 4) { throw new PacketFormatException("Packet too short: destinationPort"); } destinationPort = data[headerOffset + 2] << 8 | data[headerOffset + 3]; dataOffset = headerOffset + 14; dataLength = ip.DataLength - (dataOffset - headerOffset); } else { throw new PacketFormatException("Packet is not UDP"); } }
public UdpHeader(IPHeader ip) { headerOffset = ip.DataOffset; if (ip.Protocol == IPProtocol.Udp) { data = ip.Data; if (data.Length < headerOffset + 2) throw new PacketFormatException("Packet too short: sourcePort"); sourcePort = data[headerOffset] << 8 | data[headerOffset + 1]; if (data.Length < headerOffset + 4) throw new PacketFormatException("Packet too short: destinationPort"); destinationPort = data[headerOffset + 2] << 8 | data[headerOffset + 3]; dataOffset = headerOffset + 14; dataLength = ip.DataLength - (dataOffset - headerOffset); } else { throw new PacketFormatException("Packet is not UDP"); } }
static void Main(string[] args) { var pcap = new Pcap(); pcap.Open(ConfigurationManager.AppSettings["Adapter"]); var address = IPAddress.Parse(ConfigurationManager.AppSettings["Address"]); var port = UInt16.Parse(ConfigurationManager.AppSettings["Port"]); Packet packet = null; long tx = 0, rx = 0; while (true) { if ((packet = pcap.Next()) != null) { var eth = new EthernetHeader(packet.Data); if (eth.Protocol == (int)EthernetProtocol.IP) { var ip = new IPHeader(eth); if (ip.Protocol == IPProtocol.Tcp) { var tcp = new TcpHeader(ip); if (ip.SourceIp.Equals(address) && tcp.SourcePort == port) rx += tcp.Length; else if (ip.DestinationIp.Equals(address) && tcp.DestinationPort == port) tx += tcp.Length; } } } if (KeyPressed()) { Console.WriteLine("{0},{1}", tx, rx); tx = 0; rx = 0; } } }
public void Assign(IPHeader ip, UdpHeader udp) { Source = new IPEndPoint(ip.SourceIp, udp.SourcePort); Destination = new IPEndPoint(ip.DestinationIp, udp.DestinationPort); Protocol = ip.Protocol; }
public Flow(IPHeader ip, UdpHeader udp) { Assign(ip, udp); }
public Flow(IPHeader ip, TcpHeader tcp) { Assign(ip, tcp); }
public void Execute() { Packet packet; EthernetHeader eth; IPHeader ip; Flow key = new Flow(); FlowStats stats; try { //BinaryReader log = new BinaryReader(new FileStream(@"c:\users\gavin\desktop\20081006.dat", FileMode.Open, FileAccess.Read)); while (!terminated) { try { /*packet = new Packet(); packet.Time = log.ReadInt64(); packet.Length = log.ReadInt32(); packet.Data = log.ReadBytes(log.ReadInt32());*/ packet = pcap.Next(); } catch (Exception e) { packet = null; throw; } if (packet != null) { if (dump != null) { dump.Write(packet.Time); dump.Write(packet.Length); int i = Math.Min(packet.Data.Length, 64); dump.Write(i); dump.Write(packet.Data, 0, i); dump.Flush(); } eth = new EthernetHeader(packet.Data); if (eth.Protocol == (int)EthernetProtocol.IP) { ip = new IPHeader(eth); if (ip.Protocol == IPProtocol.Tcp) { TcpHeader tcp = new TcpHeader(ip); key = new Flow(ip, tcp); stats = tracker.Resolve(key, packet.Time); stats.Last = packet.Time; stats.Packets++; // Bytes at IP, including IP header stats.Bytes += ip.Length; #region debugging /* // TODO: Verify sorted order of queue - should be right now FlowStats check = queue.Head; while (check != null) { if (check.Next != null) Debug.Assert(check.Last >= check.Next.Last); check = check.Next; } */ #endregion } else if (ip.Protocol == IPProtocol.Udp) { try { UdpHeader udp = new UdpHeader(ip); key = new Flow(ip, udp); stats = tracker.Resolve(key, packet.Time); stats.Last = packet.Time; stats.Packets++; // Bytes at IP, including IP header stats.Bytes += ip.Length; } catch (IndexOutOfRangeException e) { using (StreamWriter errorLog = new StreamWriter(Path.Combine(LogFolder, "error.log"), true)) { errorLog.WriteLine(DateTime.Now); errorLog.WriteLine(e.Message); errorLog.WriteLine(e.StackTrace); errorLog.WriteLine(); } if (dump != null) { dump.Write(packet.Time); dump.Write(packet.Length); dump.Write(packet.Data.Length); dump.Write(packet.Data, 0, packet.Data.Length); dump.Flush(); } } catch (Exception ex) { } } else if (ip.Protocol == IPProtocol.Icmp) { // TODO: Deal with ICMP } else if (ip.Protocol == IPProtocol.Gre) { // TODO: Deal with GRE } } else { // TODO: deal with non-IP } #region Age flows /**/ while (tracker.Count > 0 && tracker.Tail.Last < packet.Time - ExpiryInterval) { stats = tracker.Tail; Dump(stats); tracker.Remove(stats); } writer.Flush(); /**/ #endregion } packets++; } } catch (EndOfStreamException e) { // TODO: nothing } catch (Exception e) { //debug.WriteLine("ERROR: " + e.Message); //debug.Flush(); throw e; } }