public void ICMPv4Parsing ()
{
var dev = new CaptureFileReaderDevice("../../CaptureFiles/ICMPv4.pcap");
dev.Open();
var rawCapture = dev.GetNextPacket();
dev.Close();
// Parse an icmp request
Packet p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data);
Assert.IsNotNull(p);
var icmp = ICMPv4Packet.GetEncapsulated(p);
Console.WriteLine(icmp.GetType());
Assert.AreEqual(ICMPv4TypeCodes.EchoRequest, icmp.TypeCode);
Assert.AreEqual(0xe05b, icmp.Checksum);
Assert.AreEqual(0x0200, icmp.ID);
Assert.AreEqual(0x6b00, icmp.Sequence);
// check that the message matches
string expectedString = "abcdefghijklmnopqrstuvwabcdefghi";
byte[] expectedData = System.Text.ASCIIEncoding.ASCII.GetBytes(expectedString);
Assert.AreEqual(expectedData, icmp.Data);
}
public void CookedCaptureTest()
{
var dev = new CaptureFileReaderDevice("../../CaptureFiles/LinuxCookedCapture.pcap");
dev.Open();
RawCapture rawCapture;
int packetIndex = 0;
while((rawCapture = dev.GetNextPacket()) != null)
{
Packet p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data);
switch(packetIndex)
{
case 0:
VerifyPacket0(p);
break;
case 1:
VerifyPacket1(p);
break;
case 2:
VerifyPacket2(p);
break;
default:
Assert.Fail("didn't expect to get to packetIndex " + packetIndex);
break;
}
packetIndex++;
}
dev.Close();
}
public void SetFilter()
{
var device = new CaptureFileReaderDevice("../../capture_files/test_stream.pcap");
device.Open();
device.Filter = "port 53";
RawCapture rawPacket;
int count = 0;
do
{
rawPacket = device.GetNextPacket();
if(rawPacket != null)
{
Packet p = Packet.ParsePacket(rawPacket.LinkLayerType, rawPacket.Data);
var udpPacket = UdpPacket.GetEncapsulated(p);
Assert.IsNotNull(udpPacket);
int dnsPort = 53;
Assert.AreEqual(dnsPort, udpPacket.DestinationPort);
count++;
}
} while(rawPacket != null);
Assert.AreEqual(1, count);
device.Close(); // close the device
}
public void Test_Constructor()
{
var dev = new CaptureFileReaderDevice("../../CaptureFiles/80211_authentication_frame.pcap");
dev.Open();
var rawCapture = dev.GetNextPacket();
dev.Close();
Packet p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data);
AuthenticationFrame frame = (AuthenticationFrame)p.PayloadPacket;
Assert.AreEqual(0, frame.FrameControl.ProtocolVersion);
Assert.AreEqual(FrameControlField.FrameSubTypes.ManagementAuthentication, frame.FrameControl.SubType);
Assert.IsFalse(frame.FrameControl.ToDS);
Assert.IsFalse(frame.FrameControl.FromDS);
Assert.IsFalse(frame.FrameControl.MoreFragments);
Assert.IsFalse(frame.FrameControl.Retry);
Assert.IsFalse(frame.FrameControl.PowerManagement);
Assert.IsFalse(frame.FrameControl.MoreData);
Assert.IsFalse(frame.FrameControl.Wep);
Assert.IsFalse(frame.FrameControl.Order);
Assert.AreEqual(248, frame.Duration.Field); //this need expanding on in the future
Assert.AreEqual("0024B2F8D706", frame.DestinationAddress.ToString().ToUpper());
Assert.AreEqual("00173FB72C29", frame.SourceAddress.ToString().ToUpper());
Assert.AreEqual("0024B2F8D706", frame.BssId.ToString().ToUpper());
Assert.AreEqual(0, frame.SequenceControl.FragmentNumber);
Assert.AreEqual(1327, frame.SequenceControl.SequenceNumber);
Assert.AreEqual(0, frame.AuthenticationAlgorithmNumber);
Assert.AreEqual(1, frame.AuthenticationAlgorithmTransactionSequenceNumber);
Assert.AreEqual(AuthenticationStatusCode.Success, frame.StatusCode);
Assert.AreEqual(0x4AE3E90F, frame.FrameCheckSequence);
Assert.AreEqual(30, frame.FrameSize);
}
public void Test_Constructor ()
{
var dev = new CaptureFileReaderDevice ("../../CaptureFiles/80211_block_acknowledgment_frame.pcap");
dev.Open ();
var rawCapture = dev.GetNextPacket ();
dev.Close ();
Packet p = Packet.ParsePacket (rawCapture.LinkLayerType, rawCapture.Data);
BlockAcknowledgmentFrame frame = (BlockAcknowledgmentFrame)p.PayloadPacket;
Assert.AreEqual (0, frame.FrameControl.ProtocolVersion);
Assert.AreEqual (FrameControlField.FrameSubTypes.ControlBlockAcknowledgment, frame.FrameControl.SubType);
Assert.IsFalse (frame.FrameControl.ToDS);
Assert.IsFalse (frame.FrameControl.FromDS);
Assert.IsFalse (frame.FrameControl.MoreFragments);
Assert.IsFalse (frame.FrameControl.Retry);
Assert.IsFalse (frame.FrameControl.PowerManagement);
Assert.IsFalse (frame.FrameControl.MoreData);
Assert.IsFalse (frame.FrameControl.Wep);
Assert.IsFalse (frame.FrameControl.Order);
Assert.AreEqual (0, frame.Duration.Field); //this need expanding on in the future
Assert.AreEqual ("0024B2F8D706", frame.ReceiverAddress.ToString ().ToUpper ());
Assert.AreEqual ("7CC5376D16E7", frame.TransmitterAddress.ToString ().ToUpper ());
Assert.AreEqual (BlockAcknowledgmentControlField.AcknowledgementPolicy.Delayed, frame.BlockAcknowledgmentControl.Policy);
Assert.IsFalse (frame.BlockAcknowledgmentControl.MultiTid);
Assert.IsTrue (frame.BlockAcknowledgmentControl.CompressedBitmap);
Assert.AreEqual (0, frame.BlockAcknowledgmentControl.Tid);
Assert.AreEqual (0, frame.BlockAckStartingSequenceControl);
Assert.AreEqual (8, frame.BlockAckBitmap.Length);
Assert.AreEqual (0x9BB909C2, frame.FrameCheckSequence);
Assert.AreEqual (28, frame.FrameSize);
}
public void Test_Constuctor_FromBeaconFrame ()
{
var dev = new CaptureFileReaderDevice ("../../CaptureFiles/80211_beacon_frame.pcap");
dev.Open ();
var rawCapture = dev.GetNextPacket ();
dev.Close ();
Packet p = Packet.ParsePacket (rawCapture.LinkLayerType, rawCapture.Data);
BeaconFrame beaconFrame = (BeaconFrame)p.PayloadPacket;
List<InformationElement> infoElements = beaconFrame.InformationElements;
Assert.AreEqual (InformationElement.ElementId.ServiceSetIdentity, infoElements [0].Id);
Assert.AreEqual (InformationElement.ElementId.SupportedRates, infoElements [1].Id);
Assert.AreEqual (InformationElement.ElementId.DsParameterSet, infoElements [2].Id);
Assert.AreEqual (InformationElement.ElementId.TrafficIndicationMap, infoElements [3].Id);
Assert.AreEqual (InformationElement.ElementId.ErpInformation, infoElements [4].Id);
Assert.AreEqual (InformationElement.ElementId.ErpInformation2, infoElements [5].Id);
Assert.AreEqual (InformationElement.ElementId.RobustSecurityNetwork, infoElements [6].Id);
Assert.AreEqual (InformationElement.ElementId.ExtendedSupportedRates, infoElements [7].Id);
Assert.AreEqual (InformationElement.ElementId.HighThroughputCapabilities, infoElements [8].Id);
Assert.AreEqual (InformationElement.ElementId.HighThroughputInformation, infoElements [9].Id);
Assert.AreEqual (InformationElement.ElementId.VendorSpecific, infoElements [10].Id);
Assert.AreEqual (InformationElement.ElementId.VendorSpecific, infoElements [11].Id);
Assert.AreEqual (InformationElement.ElementId.VendorSpecific, infoElements [12].Id);
Assert.AreEqual (InformationElement.ElementId.VendorSpecific, infoElements [13].Id);
Assert.AreEqual (InformationElement.ElementId.VendorSpecific, infoElements [14].Id);
}
public void Test_Constructor ()
{
var dev = new CaptureFileReaderDevice ("../../CaptureFiles/80211_probe_request_frame.pcap");
dev.Open ();
var rawCapture = dev.GetNextPacket ();
dev.Close ();
Packet p = Packet.ParsePacket (rawCapture.LinkLayerType, rawCapture.Data);
ProbeRequestFrame frame = (ProbeRequestFrame)p.PayloadPacket;
Assert.AreEqual (0, frame.FrameControl.ProtocolVersion);
Assert.AreEqual (FrameControlField.FrameSubTypes.ManagementProbeRequest, frame.FrameControl.SubType);
Assert.IsFalse (frame.FrameControl.ToDS);
Assert.IsFalse (frame.FrameControl.FromDS);
Assert.IsFalse (frame.FrameControl.MoreFragments);
Assert.IsFalse (frame.FrameControl.Retry);
Assert.IsFalse (frame.FrameControl.PowerManagement);
Assert.IsFalse (frame.FrameControl.MoreData);
Assert.IsFalse (frame.FrameControl.Wep);
Assert.IsFalse (frame.FrameControl.Order);
Assert.AreEqual (0, frame.Duration.Field); //this need expanding on in the future
Assert.AreEqual ("FFFFFFFFFFFF", frame.DestinationAddress.ToString ().ToUpper ());
Assert.AreEqual ("0020008AB749", frame.SourceAddress.ToString ().ToUpper ());
Assert.AreEqual ("FFFFFFFFFFFF", frame.BssId.ToString ().ToUpper ());
Assert.AreEqual (0, frame.SequenceControl.FragmentNumber);
Assert.AreEqual (234, frame.SequenceControl.SequenceNumber);
Assert.AreEqual (0xD83CB03D, frame.FrameCheckSequence);
Assert.AreEqual (45, frame.FrameSize);
}
public void ReadingPacketsFromFile ()
{
var dev = new CaptureFileReaderDevice ("../../CaptureFiles/80211_per_packet_information.pcap");
dev.Open ();
var rawCapture = dev.GetNextPacket ();
dev.Close ();
PpiPacket p = Packet.ParsePacket (rawCapture.LinkLayerType, rawCapture.Data) as PpiPacket;
Assert.IsNotNull (p);
Assert.AreEqual (0, p.Version);
Assert.AreEqual (32, p.Length);
Assert.AreEqual (1, p.Count);
PpiCommon commonField = p.FindFirstByType(PpiFieldType.PpiCommon) as PpiCommon;
Assert.AreEqual (PpiFieldType.PpiCommon, commonField.FieldType);
Assert.AreEqual (0, commonField.TSFTimer);
Assert.IsTrue ((commonField.Flags & PpiCommon.CommonFlags.FcsIncludedInFrame) == PpiCommon.CommonFlags.FcsIncludedInFrame);
Assert.AreEqual (2, commonField.Rate);
Assert.AreEqual (2437, commonField.ChannelFrequency);
Assert.AreEqual (0x00A0, (int) commonField.ChannelFlags);
Assert.AreEqual (0, commonField.FhssHopset);
Assert.AreEqual (0, commonField.FhssPattern);
Assert.AreEqual (-84, commonField.AntennaSignalPower);
Assert.AreEqual (-100, commonField.AntennaSignalNoise);
MacFrame macFrame = p.PayloadPacket as MacFrame;
Assert.AreEqual(FrameControlField.FrameSubTypes.ControlCTS, macFrame.FrameControl.SubType);
Assert.IsTrue(macFrame.AppendFcs);
}
public void ParsingArpPacketRequestResponse()
{
var dev = new CaptureFileReaderDevice("../../CaptureFiles/arp_request_response.pcap");
dev.Open();
RawCapture rawCapture;
int packetIndex = 0;
while((rawCapture = dev.GetNextPacket()) != null)
{
var p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data);
Console.WriteLine("got packet");
Console.WriteLine("{0}", p.ToString());
switch(packetIndex)
{
case 0:
VerifyPacket0(p);
break;
case 1:
VerifyPacket1(p);
break;
default:
Assert.Fail("didn't expect to get to packetIndex " + packetIndex);
break;
}
packetIndex++;
}
dev.Close();
}
public void Test_Constructor()
{
var dev = new CaptureFileReaderDevice("../../CaptureFiles/80211_qos_null_data_frame.pcap");
dev.Open();
var rawCapture = dev.GetNextPacket();
dev.Close();
Packet p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data);
QosNullDataFrame frame = (QosNullDataFrame)p.PayloadPacket;
Assert.AreEqual(0, frame.FrameControl.ProtocolVersion);
Assert.AreEqual(FrameControlField.FrameSubTypes.QosNullData, frame.FrameControl.SubType);
Assert.IsFalse(frame.FrameControl.ToDS);
Assert.IsTrue(frame.FrameControl.FromDS);
Assert.IsFalse(frame.FrameControl.MoreFragments);
Assert.IsFalse(frame.FrameControl.Retry);
Assert.IsFalse(frame.FrameControl.PowerManagement);
Assert.IsFalse(frame.FrameControl.MoreData);
Assert.IsFalse(frame.FrameControl.Wep);
Assert.IsFalse(frame.FrameControl.Order);
Assert.AreEqual(314, frame.Duration.Field);
Assert.AreEqual("78ACC00A5E0E", frame.DestinationAddress.ToString().ToUpper());
Assert.AreEqual("00223FC1F378", frame.BssId.ToString().ToUpper());
Assert.AreEqual("00223FC1F378", frame.SourceAddress.ToString().ToUpper());
Assert.AreEqual(0, frame.SequenceControl.FragmentNumber);
Assert.AreEqual(2292, frame.SequenceControl.SequenceNumber);
Assert.AreEqual(0x00, frame.QosControl);
Assert.AreEqual(0xDBF2B119, frame.FrameCheckSequence);
Assert.AreEqual(26, frame.FrameSize);
}
public void Test_Constructor_EncryptedDataFrame()
{
var dev = new CaptureFileReaderDevice("../../CaptureFiles/80211_encrypted_data_frame.pcap");
dev.Open();
var rawCapture = dev.GetNextPacket();
dev.Close();
Packet p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data);
DataDataFrame frame = (DataDataFrame)p.PayloadPacket;
Assert.AreEqual(0, frame.FrameControl.ProtocolVersion);
Assert.AreEqual(FrameControlField.FrameSubTypes.Data, frame.FrameControl.SubType);
Assert.IsFalse(frame.FrameControl.ToDS);
Assert.IsTrue(frame.FrameControl.FromDS);
Assert.IsFalse(frame.FrameControl.MoreFragments);
Assert.IsFalse(frame.FrameControl.Retry);
Assert.IsFalse(frame.FrameControl.PowerManagement);
Assert.IsFalse(frame.FrameControl.MoreData);
Assert.IsTrue(frame.FrameControl.Wep);
Assert.IsFalse(frame.FrameControl.Order);
Assert.AreEqual(0, frame.Duration.Field); //this need expanding on in the future
Assert.AreEqual("33330000000C", frame.DestinationAddress.ToString().ToUpper());
Assert.AreEqual("00173FB72C29", frame.SourceAddress.ToString().ToUpper());
Assert.AreEqual("0024B2F8D706", frame.BssId.ToString().ToUpper());
Assert.AreEqual(0, frame.SequenceControl.FragmentNumber);
Assert.AreEqual(1561, frame.SequenceControl.SequenceNumber);
Assert.AreEqual(0xC77B6323, frame.FrameCheckSequence);
Assert.AreEqual(24, frame.FrameSize);
Assert.AreEqual(218, frame.PayloadData.Length);
}
public void Test_Constructor ()
{
var dev = new CaptureFileReaderDevice ("../../CaptureFiles/80211_ack_frame.pcap");
dev.Open ();
var rawCapture = dev.GetNextPacket ();
dev.Close ();
Packet p = Packet.ParsePacket (rawCapture.LinkLayerType, rawCapture.Data);
AckFrame frame = (AckFrame)p.PayloadPacket;
Assert.AreEqual (0, frame.FrameControl.ProtocolVersion);
Assert.AreEqual (FrameControlField.FrameSubTypes.ControlACK, frame.FrameControl.SubType);
Assert.IsFalse (frame.FrameControl.ToDS);
Assert.IsFalse (frame.FrameControl.FromDS);
Assert.IsFalse (frame.FrameControl.MoreFragments);
Assert.IsFalse (frame.FrameControl.Retry);
Assert.IsFalse (frame.FrameControl.PowerManagement);
Assert.IsFalse (frame.FrameControl.MoreData);
Assert.IsFalse (frame.FrameControl.Wep);
Assert.IsFalse (frame.FrameControl.Order);
Assert.AreEqual (0, frame.Duration.Field); //this need expanding on in the future
Assert.AreEqual ("F8DB7F491342", frame.ReceiverAddress.ToString ().ToUpper ());
Assert.AreEqual (0xD2F5BE07, frame.FrameCheckSequence);
Assert.AreEqual (10, frame.FrameSize);
}
public void UDPData()
{
RawCapture rawCapture;
UdpPacket u;
Packet p;
var dev = new CaptureFileReaderDevice("../../CaptureFiles/udp_dns_request_response.pcap");
dev.Open();
// check the first packet
rawCapture = dev.GetNextPacket();
p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data);
Assert.IsNotNull(p);
u = (UdpPacket)p.Extract(typeof(UdpPacket));
Assert.IsNotNull(u, "Expected a non-null UdpPacket");
Assert.AreEqual(41 - u.Header.Length,
u.PayloadData.Length, "UDPData.Length mismatch");
// check the second packet
rawCapture = dev.GetNextPacket();
p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data);
Assert.IsNotNull(p);
u = (UdpPacket)p.Extract(typeof(UdpPacket));
Assert.IsNotNull(u, "Expected u to be a UdpPacket");
Assert.AreEqual(356 - u.Header.Length,
u.PayloadData.Length, "UDPData.Length mismatch");
Console.WriteLine("u is {0}", u.ToString());
dev.Close();
}
public void Test_Constructor ()
{
var dev = new CaptureFileReaderDevice ("../../CaptureFiles/80211_null_data_frame.pcap");
dev.Open ();
var rawCapture = dev.GetNextPacket ();
dev.Close ();
Packet p = Packet.ParsePacket (rawCapture.LinkLayerType, rawCapture.Data);
NullDataFrame frame = (NullDataFrame)p.PayloadPacket;
Assert.AreEqual (0, frame.FrameControl.ProtocolVersion);
Assert.AreEqual (FrameControlField.FrameSubTypes.DataNullFunctionNoData, frame.FrameControl.SubType);
Assert.IsTrue (frame.FrameControl.ToDS);
Assert.IsFalse (frame.FrameControl.FromDS);
Assert.IsFalse (frame.FrameControl.MoreFragments);
Assert.IsFalse (frame.FrameControl.Retry);
Assert.IsFalse (frame.FrameControl.PowerManagement);
Assert.IsFalse (frame.FrameControl.MoreData);
Assert.IsFalse (frame.FrameControl.Wep);
Assert.IsFalse (frame.FrameControl.Order);
Assert.AreEqual (314, frame.Duration.Field); //this need expanding on in the future
Assert.AreEqual ("001B2F02DC6C", frame.DestinationAddress.ToString ().ToUpper ());
Assert.AreEqual ("2477030C721C", frame.SourceAddress.ToString ().ToUpper ());
Assert.AreEqual ("001B2F02DC6C", frame.BssId.ToString ().ToUpper ());
Assert.AreEqual (0, frame.SequenceControl.FragmentNumber);
Assert.AreEqual (1245, frame.SequenceControl.SequenceNumber);
Assert.AreEqual (0x8DAD458C, frame.FrameCheckSequence);
Assert.AreEqual (24, frame.FrameSize);
}
public void Test_Constructor ()
{
var dev = new CaptureFileReaderDevice ("../../CaptureFiles/80211_disassociation_frame.pcap");
dev.Open ();
var rawCapture = dev.GetNextPacket ();
dev.Close ();
Packet p = Packet.ParsePacket (rawCapture.LinkLayerType, rawCapture.Data);
DisassociationFrame frame = (DisassociationFrame)p.PayloadPacket;
Assert.AreEqual (0, frame.FrameControl.ProtocolVersion);
Assert.AreEqual (FrameControlField.FrameSubTypes.ManagementDisassociation, frame.FrameControl.SubType);
Assert.IsFalse (frame.FrameControl.ToDS);
Assert.IsFalse (frame.FrameControl.FromDS);
Assert.IsFalse (frame.FrameControl.MoreFragments);
Assert.IsFalse (frame.FrameControl.Retry);
Assert.IsFalse (frame.FrameControl.PowerManagement);
Assert.IsFalse (frame.FrameControl.MoreData);
Assert.IsFalse (frame.FrameControl.Wep);
Assert.IsFalse (frame.FrameControl.Order);
Assert.AreEqual (248, frame.Duration.Field); //this need expanding on in the future
Assert.AreEqual ("0024B2F8D706", frame.DestinationAddress.ToString ().ToUpper ());
Assert.AreEqual ("00173FB72C29", frame.SourceAddress.ToString ().ToUpper ());
Assert.AreEqual ("0024B2F8D706", frame.BssId.ToString ().ToUpper ());
Assert.AreEqual (0, frame.SequenceControl.FragmentNumber);
Assert.AreEqual (1311, frame.SequenceControl.SequenceNumber);
Assert.AreEqual (ReasonCode.LeavingToRoam, frame.Reason);
Assert.AreEqual (0xB17572A4, frame.FrameCheckSequence);
Assert.AreEqual (26, frame.FrameSize);
}
public void WakeOnLanParsing()
{
var dev = new CaptureFileReaderDevice("../../CaptureFiles/wol.pcap");
dev.Open();
RawCapture rawCapture;
int packetIndex = 0;
while((rawCapture = dev.GetNextPacket()) != null)
{
var p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data);
Assert.IsNotNull(p);
var wol = PacketDotNet.WakeOnLanPacket.GetEncapsulated(p);
Assert.IsNotNull(p);
if(packetIndex == 0)
Assert.AreEqual(wol.DestinationMAC, PhysicalAddress.Parse("00-0D-56-DC-9E-35"));
if(packetIndex == 3)
Assert.AreEqual(wol.DestinationMAC, PhysicalAddress.Parse("00-90-27-85-CF-01"));
packetIndex++;
}
dev.Close();
}
public void Test_Constructor_AddBlockAckResponseReport ()
{
var dev = new CaptureFileReaderDevice ("../../CaptureFiles/80211_block_ack_response_action_frame.pcap");
dev.Open ();
var rawCapture = dev.GetNextPacket ();
dev.Close ();
Packet p = Packet.ParsePacket (rawCapture.LinkLayerType, rawCapture.Data);
ActionFrame frame = (ActionFrame)p.PayloadPacket;
Assert.AreEqual (0, frame.FrameControl.ProtocolVersion);
Assert.AreEqual (FrameControlField.FrameSubTypes.ManagementAction, frame.FrameControl.SubType);
Assert.IsFalse (frame.FrameControl.ToDS);
Assert.IsFalse (frame.FrameControl.FromDS);
Assert.IsFalse (frame.FrameControl.MoreFragments);
Assert.IsFalse (frame.FrameControl.Retry);
Assert.IsFalse (frame.FrameControl.PowerManagement);
Assert.IsFalse (frame.FrameControl.MoreData);
Assert.IsFalse (frame.FrameControl.Wep);
Assert.IsFalse (frame.FrameControl.Order);
Assert.AreEqual (314, frame.Duration.Field); //this need expanding on in the future
Assert.AreEqual ("0024B2F8D706", frame.DestinationAddress.ToString ().ToUpper ());
Assert.AreEqual ("7CC5376D16E7", frame.SourceAddress.ToString ().ToUpper ());
Assert.AreEqual ("0024B2F8D706", frame.BssId.ToString ().ToUpper ());
Assert.AreEqual (0, frame.SequenceControl.FragmentNumber);
Assert.AreEqual (3826, frame.SequenceControl.SequenceNumber);
Assert.AreEqual (0x6D3FCFA3, frame.FrameCheckSequence);
Assert.AreEqual (24, frame.FrameSize);
Assert.AreEqual (9, frame.PayloadData.Length);
}
public void IPv6PacketTestParsing()
{
var dev = new CaptureFileReaderDevice("../../CaptureFiles/ipv6_icmpv6_packet.pcap");
dev.Open();
RawCapture rawCapture;
int packetIndex = 0;
while((rawCapture = dev.GetNextPacket()) != null)
{
var p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data);
Console.WriteLine("got packet");
switch(packetIndex)
{
case 0:
VerifyPacket0(p, rawCapture);
break;
default:
Assert.Fail("didn't expect to get to packetIndex " + packetIndex);
break;
}
packetIndex++;
}
dev.Close();
}
public void Test_Constructor ()
{
var dev = new CaptureFileReaderDevice ("../../CaptureFiles/80211_contention_free_end_frame.pcap");
dev.Open ();
var rawCapture = dev.GetNextPacket ();
dev.Close ();
Packet p = Packet.ParsePacket (rawCapture.LinkLayerType, rawCapture.Data);
ContentionFreeEndFrame frame = (ContentionFreeEndFrame)p.PayloadPacket;
Assert.AreEqual (0, frame.FrameControl.ProtocolVersion);
Assert.AreEqual (FrameControlField.FrameSubTypes.ControlCFEnd, frame.FrameControl.SubType);
Assert.IsFalse (frame.FrameControl.ToDS);
Assert.IsFalse (frame.FrameControl.FromDS);
Assert.IsFalse (frame.FrameControl.MoreFragments);
Assert.IsFalse (frame.FrameControl.Retry);
Assert.IsFalse (frame.FrameControl.PowerManagement);
Assert.IsFalse (frame.FrameControl.MoreData);
Assert.IsFalse (frame.FrameControl.Wep);
Assert.IsTrue (frame.FrameControl.Order);
Assert.AreEqual (0, frame.Duration.Field); //this need expanding on in the future
Assert.AreEqual ("FFFFFFFFFFFF", frame.ReceiverAddress.ToString ().ToUpper ());
Assert.AreEqual ("001B2FDCFC12", frame.BssId.ToString ().ToUpper ());
Assert.AreEqual (0x0AE8A403, frame.FrameCheckSequence);
Assert.AreEqual (16, frame.FrameSize);
}
public static void Main (string[] args)
{
string ver = SharpPcap.Version.VersionString;
/* Print SharpPcap version */
Console.WriteLine("SharpPcap {0}, ReadingCaptureFile", ver);
Console.WriteLine();
Console.WriteLine();
// read the file from stdin or from the command line arguments
string capFile;
if(args.Length == 0)
{
Console.Write("-- Please enter an input capture file name: ");
capFile = Console.ReadLine();
} else
{
// use the first argument as the filename
capFile = args[0];
}
Console.WriteLine("opening '{0}'", capFile);
ICaptureDevice device;
try
{
// Get an offline device
device = new CaptureFileReaderDevice( capFile );
// Open the device
device.Open();
}
catch(Exception e)
{
Console.WriteLine("Caught exception when opening file" + e.ToString());
return;
}
// Register our handler function to the 'packet arrival' event
device.OnPacketArrival +=
new PacketArrivalEventHandler( device_OnPacketArrival );
Console.WriteLine();
Console.WriteLine
("-- Capturing from '{0}', hit 'Ctrl-C' to exit...",
capFile);
// Start capture 'INFINTE' number of packets
// This method will return when EOF reached.
device.Capture();
// Close the pcap device
device.Close();
Console.WriteLine("-- End of file reached.");
Console.Write("Hit 'Enter' to exit...");
Console.ReadLine();
}
public void ReadingRawPacketWithoutFcs ()
{
var dev = new CaptureFileReaderDevice ("../../CaptureFiles/80211_raw_without_fcs.pcap");
dev.Open ();
var rawCapture = dev.GetNextPacket ();
dev.Close ();
Packet p = Packet.ParsePacket (rawCapture.LinkLayerType, rawCapture.Data);
Assert.IsNotNull (p);
}
public void CaptureFinite()
{
var device = new CaptureFileReaderDevice("../../capture_files/ipv6_http.pcap");
device.OnPacketArrival += HandleDeviceOnPacketArrival;
device.Open();
var expectedPackets = 3;
capturedPackets = 0;
device.Capture(expectedPackets);
Assert.AreEqual(expectedPackets, capturedPackets);
}
public void ReadPacketWithInvalidFcs ()
{
var dev = new CaptureFileReaderDevice ("../../CaptureFiles/80211_ppi_fcs_present_and_invalid.pcap");
dev.Open ();
var rawCapture = dev.GetNextPacket ();
dev.Close ();
PpiPacket p = Packet.ParsePacket (rawCapture.LinkLayerType, rawCapture.Data) as PpiPacket;
//The packet is corrupted in such a way that the type field has been changed
//to a reserved/unused type. Therefore we don't expect there to be a packet
Assert.IsNull (p.PayloadPacket);
Assert.IsNotNull(p.PayloadData);
}
public void PrintString()
{
Console.WriteLine("Loading the sample capture file");
var dev = new CaptureFileReaderDevice("../../CaptureFiles/tcp.pcap");
dev.Open();
Console.WriteLine("Reading packet data");
var rawCapture = dev.GetNextPacket();
var p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data);
Console.WriteLine("Parsing");
var ip = IPv4Packet.GetEncapsulated(p);
Console.WriteLine("Printing human readable string");
Console.WriteLine(ip.ToString());
}
public void Test_AppendFcs_Raw80211WithFcs()
{
var dev = new CaptureFileReaderDevice("../../CaptureFiles/80211_raw_with_fcs.pcap");
dev.Open();
var rawCapture = dev.GetNextPacket();
dev.Close();
//For this test we are just going to ignore the radio packet that precedes the data frame
Packet p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data);
MacFrame macFrame = p as MacFrame;
//When its raw 802.11 we cant tell if there is an FCS there so even though
//there is we still expect AppendFcs to be false.
Assert.IsFalse(macFrame.AppendFcs);
}
public void PrintVerboseString()
{
Console.WriteLine("Loading the sample capture file");
var dev = new CaptureFileReaderDevice("../../CaptureFiles/tcp.pcap");
dev.Open();
Console.WriteLine("Reading packet data");
var rawCapture = dev.GetNextPacket();
var p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data);
Console.WriteLine("Parsing");
var ip = (IPv4Packet)p.Extract(typeof(IPv4Packet));
Console.WriteLine("Printing human readable string");
Console.WriteLine(ip.ToString(StringOutputType.Verbose));
}
public void PrintString()
{
Console.WriteLine("Loading the sample capture file");
var dev = new CaptureFileReaderDevice("../../CaptureFiles/IGMP dataset.pcap");
dev.Open();
Console.WriteLine("Reading packet data");
var rawCapture = dev.GetNextPacket();
var p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data);
Console.WriteLine("Parsing");
var igmpV2 = (IGMPv2Packet)p.Extract (typeof(IGMPv2Packet));
Console.WriteLine("Printing human readable string");
Console.WriteLine(igmpV2.ToString());
}
public void ReadPacketWithNoFcs()
{
var dev = new CaptureFileReaderDevice ("../../CaptureFiles/80211_radio_without_fcs.pcap");
dev.Open ();
var rawCapture = dev.GetNextPacket ();
dev.Close ();
RadioPacket p = Packet.ParsePacket (rawCapture.LinkLayerType, rawCapture.Data) as RadioPacket;
Assert.IsNotNull (p.PayloadPacket);
TsftRadioTapField tsftField = p[RadioTapType.Tsft] as TsftRadioTapField;
Assert.IsNotNull(tsftField);
Assert.AreEqual(38724775, tsftField.TimestampUsec);
FlagsRadioTapField flagsField = p[RadioTapType.Flags] as FlagsRadioTapField;
Assert.IsNotNull(flagsField);
Assert.AreEqual(0, (int)flagsField.Flags);
RateRadioTapField rateField = p[RadioTapType.Rate] as RateRadioTapField;
Assert.IsNotNull(rateField);
Assert.AreEqual(1, rateField.RateMbps);
ChannelRadioTapField channelField = p[RadioTapType.Channel] as ChannelRadioTapField;
Assert.IsNotNull(channelField);
Assert.AreEqual(2462, channelField.FrequencyMHz);
Assert.AreEqual(11, channelField.Channel);
Assert.AreEqual(RadioTapChannelFlags.Channel2Ghz | RadioTapChannelFlags.Cck, channelField.Flags);
DbmAntennaSignalRadioTapField dbmSignalField = p[RadioTapType.DbmAntennaSignal] as DbmAntennaSignalRadioTapField;
Assert.IsNotNull(dbmSignalField);
Assert.AreEqual(-61, dbmSignalField.AntennaSignalDbm);
DbmAntennaNoiseRadioTapField dbmNoiseField = p[RadioTapType.DbmAntennaNoise] as DbmAntennaNoiseRadioTapField;
Assert.IsNotNull(dbmNoiseField);
Assert.AreEqual(-84, dbmNoiseField.AntennaNoisedBm);
AntennaRadioTapField antennaField = p[RadioTapType.Antenna] as AntennaRadioTapField;
Assert.IsNotNull(antennaField);
Assert.AreEqual(0, antennaField.Antenna);
DbAntennaSignalRadioTapField dbSignalField = p[RadioTapType.DbAntennaSignal] as DbAntennaSignalRadioTapField;
Assert.IsNotNull(dbSignalField);
Assert.AreEqual(23, dbSignalField.SignalStrengthdB);
MacFrame macFrame = p.PayloadPacket as MacFrame;
Assert.IsFalse(macFrame.AppendFcs);
Assert.IsFalse(macFrame.FCSValid);
}
public PcapParser(string pcappath, string serverIp, string clientIp)
{
_serverIp = serverIp;
_clientIp = clientIp;
_capturedPackets = new List<PacketWrapper>();
_serverWireProtocol = new WireProtocol<ConanPacket>();
_clientWireProtocol = new WireProtocol<ConanPacket>();
_device = new CaptureFileReaderDevice(pcappath)
{
//Filter = "(ip and tcp) and (host " + serverIp + " or host " + clientIp + ")"
Filter = "(ip and tcp) and host " + serverIp
};
_device.OnPacketArrival += OnPacketArrival;
}
public void PrintVerboseString()
{
Console.WriteLine("Loading the sample capture file");
var dev = new CaptureFileReaderDevice("../../CaptureFiles/ICMPv4.pcap");
dev.Open();
RawCapture rawCapture;
Console.WriteLine("Reading packet data");
rawCapture = dev.GetNextPacket();
var p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data);
Console.WriteLine("Parsing");
var icmp = ICMPv4Packet.GetEncapsulated(p);
Console.WriteLine("Printing human readable string");
Console.WriteLine(icmp.ToString(StringOutputType.Verbose));
}
//打开文件
private void btnOpen_Click(object sender, EventArgs e)
{
OpenFileDialog od = new OpenFileDialog();
od.Filter = "pcap文件|*.pcap";
if (od.ShowDialog() == DialogResult.OK)
{
Clear();
ICaptureDevice offDev = new SharpPcap.LibPcap.CaptureFileReaderDevice(od.FileName);
RawCapture tempPacket;
offDev.Open();
while ((tempPacket = offDev.GetNextPacket()) != null)
{
packetList.Add(tempPacket);
ShowDataRows(tempPacket);
}
offDev.Close();
}
}
private void OpenFile_Click(object sender, RoutedEventArgs e)
{
System.Windows.Forms.OpenFileDialog openfile = new OpenFileDialog();
openfile.InitialDirectory = Environment.CurrentDirectory;
openfile.Filter = "pcap files (*.pcap)|*.pcap";
openfile.CheckFileExists = true;
openfile.RestoreDirectory = true;
if (openfile.ShowDialog() == System.Windows.Forms.DialogResult.OK)
{
string name = openfile.FileName;
PacketsInfolistView.Items.Clear();
Network_dic = new Dictionary <string, int>();
TRANS_dic = new Dictionary <string, int>();
this.packets = new ArrayList();
SharpPcap.LibPcap.CaptureFileReaderDevice reader = new SharpPcap.LibPcap.CaptureFileReaderDevice(name);
RawCapture rawp;
try{
rawp = reader.GetNextPacket();
while (rawp != null)
{
packet temp = new packet(rawp);
packets.Add(temp);
ProcessContext(temp);
rawp = reader.GetNextPacket();
}
MessageBox.Show("success!");
}
catch (Exception) {
MessageBox.Show("fail!");
}
}
}
public void ProcessPcap()
{
sharpPcapDict = new Dictionary <Connection, TcpRecon>();
PcapDevice device;
totalPackets = 0;
totalTCPPackets = 0;
try
{
device = new SharpPcap.LibPcap.CaptureFileReaderDevice(capFile);
device.Open();
}
catch (Exception ex)
{
ErrorMessage = "Error Loading pcap with SharpPcap: " + ex.Message;
owner.Invoke(Complete, ips);
return;
}
device.OnPacketArrival += new SharpPcap.PacketArrivalEventHandler(device_PcapOnPacketArrival);
device.Capture(); //parse entire pcap until EOF
device.Close();
foreach (TcpRecon tr in sharpPcapDict.Values)
{
tr.isComplete = true;
if (tr.LastSavedOffset != tr.CurrentOffset)
{
AddNewNode(tr);
}
tr.Close();
}
sharpPcapDict.Clear();
owner.Invoke(Complete, ips);
return;
}
