/// <summary>
/// Handle ARP packets
/// </summary>
/// <param name="packet">The EthernetDatagram</param>
/// <param name="arp">The ArpDatagram to parse</param>
public static void HandleARP(Packet packet, ArpDatagram arp,
ref UInt64 frame_id, object[] ctrl)
{
ListViewItem item = new ListViewItem(frame_id.ToString());
frame_id++;
List <string> packet_info = new List <string>();
ListView frames = (ListView)ctrl[0];
EthernetDatagram ethernet = packet.Ethernet;
packet_info.Add(packet.Timestamp.ToString("hh:mm:ss.fff tt"));
packet_info.Add(arp.SenderProtocolIpV4Address.ToString());
packet_info.Add(arp.TargetProtocolIpV4Address.ToString());
packet_info.Add(ethernet.Source.ToString());
packet_info.Add(ethernet.Destination.ToString());
packet_info.Add("ARP");
packet_info.Add(arp.Length.ToString());
// update UI
if (item != null)
{
item.SubItems.AddRange(packet_info.ToArray());
object[] param = new object[2];
param[0] = frames;
object[] o = new object[3];
o[0] = item;
o[1] = ctrl[1];
o[2] = packet;
param[1] = o;
frames.BeginInvoke(new ParserHelper.UIHandlerEx(ParserHelper.UpdateFrameUI), param);
}
}
private void PacketHandler(Packet packet)
{
ArpDatagram arp = packet.Ethernet.Arp;
if (arp.Operation == ArpOperation.Reply)
{
string ipForTxt = string.Join(".", arp.SenderProtocolAddress.Select(d => d.ToString()));
string macForTxt = string.Join("-", arp.SenderHardwareAddress.Select(d => d.ToString("X2")));
IPAddress parsedIP = IPAddress.Parse(ipForTxt);
PhysicalAddress parsedMac = PhysicalAddress.Parse(macForTxt.ToUpper());
if (arpTable.ContainsKey(parsedIP))
{
return;
}
else
{
// updating UI aysnc shameless stolen from from http://stackoverflow.com/questions/17631275/updating-ui-from-events-using-asyc-await
arpTable.Add(parsedIP, parsedMac);
if (this.InvokeRequired)
{
this.Invoke((MethodInvoker)(() =>
{
updateUI(parsedIP);
}
));
}
else
{
updateUI(parsedIP);
}
}
}
}
/// <summary>
/// Update ctrl with packet information
/// Increment frame_id by one
/// </summary>
/// <param name="packet">The packet to handle</param>
/// <param name="frame_id">The frame id, for UI display</param>
/// <param name="ctrl">The control to display information</param>
public static void HandlePacket(Packet packet, ref UInt64 frame_id, object[] ctrl)
{
EthernetDatagram ethernet = packet.Ethernet;
if (ethernet == null)
{
return;
}
switch (ethernet.EtherType)
{
case EthernetType.IpV4: {
IpV4Datagram ip = ethernet.IpV4;
IPParser.HandleIPV4(packet, ip, ref frame_id, ctrl);
break;
}
case EthernetType.Arp: {
ArpDatagram arp = ethernet.Arp;
ArpParser.HandleARP(packet, arp, ref frame_id, ctrl);
break;
}
default:
break;
}
}
public void ProcessARP(ArpDatagram packet)
{
VirtualNetwork.Instance.PostTraceMessage("ARP " + packet.Operation.ToString() + ": " + packet.SenderProtocolIpV4Address.ToString() + " looking for " + packet.TargetProtocolIpV4Address.ToString());
if (packet.ProtocolType == EthernetType.IpV4)
{
if (_arp_table.ContainsKey(packet.SenderProtocolIpV4Address))
{
_arp_table[packet.SenderProtocolIpV4Address] = packet.SenderHardwareAddress.ToArray().ToMacAddress();
VirtualNetwork.Instance.PostTraceMessage("ARP table item update: " + packet.SenderProtocolIpV4Address.ToString() + " = " + packet.SenderHardwareAddress.ToArray().ToMacAddress().ToString());
}
else
{
_arp_table.Add(packet.SenderProtocolIpV4Address, packet.SenderHardwareAddress.ToArray().ToMacAddress());
VirtualNetwork.Instance.PostTraceMessage("ARP table item update: " + packet.SenderProtocolIpV4Address.ToString() + " = " + packet.SenderHardwareAddress.ToArray().ToMacAddress().ToString());
}
if (packet.Operation == ArpOperation.Reply && packet.SenderProtocolIpV4Address.Equals(_current_arp_probe_target_ip) && packet.TargetProtocolIpV4Address.Equals(_adapter.IP))
{
_current_arp_replay_target_mac = packet.SenderHardwareAddress.ToArray().ToMacAddress();
_arp_resolve_wait_handle.Set();
}
if (packet.Operation == ArpOperation.Request && packet.TargetProtocolIpV4Address.Equals(_adapter.IP))
{
SendReply(packet.SenderProtocolIpV4Address, packet.SenderHardwareAddress.ToArray().ToMacAddress());
}
}
}
async void ReceiveResposnes()
{
await Task.Run(() =>
{
Packet pck;
do
{
if (!receiveTask)
{
return;
}
PacketCommunicatorReceiveResult result = communicator.ReceivePacket(out pck);
switch (result)
{
case PacketCommunicatorReceiveResult.Timeout:
continue;
case PacketCommunicatorReceiveResult.Ok:
{
if (pck.DataLink.Kind != DataLinkKind.Ethernet)
{
continue;
}
EthernetDatagram ed = pck.Ethernet;
if (ed.EtherType != EthernetType.Arp)
{
continue;
}
ArpDatagram arppck = ed.Arp;
if (arppck.Operation != ArpOperation.Reply)
{
continue;
}
NetworkHost host = new NetworkHost {
IP = arppck.SenderProtocolIpV4Address.ToString(), MAC = ed.Source.ToString()
};
OnCaptureHost?.Invoke(host);
continue;
}
default:
throw new InvalidOperationException("The result " + result + " shoudl never be reached here");
}
} while (true);
});
}
private MacAddress ParseSenderMacFrom(Packet responce)
{
ArpDatagram datagram = responce.Ethernet.Arp;
List <byte> targetMac = datagram.SenderHardwareAddress.Reverse().ToList();
targetMac.AddRange(new byte[] { 0, 0 });
Int64 value = BitConverter.ToInt64(targetMac.ToArray(), 0);
return(new MacAddress((UInt48)value));
}
/// <summary>
/// Packet parser dispatcher
/// </summary>
/// <param name="packet">The packet to be parsed</param>
/// <param name="ctrl">Contorls to update details with</param>
public static void ParsePacket(Packet packet, object[] ctrl)
{
if (packet == null || ctrl == null ||
ctrl[0] == null || ctrl[1] == null)
{
return;
}
EthernetDatagram ethernet = packet.Ethernet;
List <ListViewItem> items = new List <ListViewItem>();
ListViewItem item = new ListViewItem("Ethernet");
string estr = "Etype = " + ethernet.EtherType;
estr += ", DestinationAddress = " + ethernet.Destination;
estr += ", SourceAddress = " + ethernet.Source;
item.SubItems.Add(estr);
items.Add(item);
ListView f_details = (ListView)ctrl[0];
f_details.Items.Clear();
object[] param = new object[2];
param[0] = f_details;
param[1] = items;
f_details.BeginInvoke(new ParserHelper.UIHandler(ParserHelper.UpdateDetailsUI), param);
switch (ethernet.EtherType)
{
case EthernetType.IpV4: {
IpV4Datagram ip = ethernet.IpV4;
IPParser.ParseIPPacket(ip, ctrl);
break;
}
case EthernetType.Arp: {
ArpDatagram arp = ethernet.Arp;
ArpParser.ParseARPPacket(arp, ctrl);
break;
}
default:
break;
}
// Save packet for layed analyze
SnifferMain.packet = packet;
}
// Packet handler
private static void PacketHandlerArp(Packet packet)
{
// Console.WriteLine(packet.Timestamp.ToString("yyyy-MM-dd hh:mm:ss.fff") + " length:" + packet.Length);
ArpDatagram arp = packet.Ethernet.Arp;
// Populate local hardware address cache
string senderHWAddr = BytesToString(arp.SenderHardwareAddress.ToArray());
if (hwList.IndexOf(senderHWAddr) != -1)
{
hwCount[hwList.IndexOf(senderHWAddr)]++;
}
else
{
Console.WriteLine("New Address: " + senderHWAddr);
hwList.Add(senderHWAddr);
hwCount.Add(1);
}
}
protected virtual void NetifLevel2LayerArp(EthernetDatagram datagram, ArpDatagram arp)
{
}
protected override bool CompareField(XElement field, Datagram datagram)
{
field.AssertNoFields();
ArpDatagram arpDatagram = (ArpDatagram)datagram;
switch (field.Name())
{
case "arp.hw.type":
field.AssertShowDecimal((ushort)arpDatagram.HardwareType);
break;
case "arp.proto.type":
field.AssertShowDecimal((ushort)arpDatagram.ProtocolType);
break;
case "arp.hw.size":
field.AssertShowDecimal(arpDatagram.HardwareLength);
break;
case "arp.proto.size":
field.AssertShowDecimal(arpDatagram.ProtocolLength);
break;
case "arp.opcode":
field.AssertShowDecimal((ushort)arpDatagram.Operation);
break;
case "arp.src.hw":
case "arp.src.hw_mac":
field.AssertShow(arpDatagram.SenderHardwareAddress);
break;
case "arp.src.proto":
field.AssertShow(arpDatagram.SenderProtocolAddress);
break;
case "arp.src.proto_ipv4":
field.AssertShow(arpDatagram.SenderProtocolIpV4Address.ToString());
break;
case "arp.dst.hw":
case "arp.dst.hw_mac":
field.AssertShow(arpDatagram.TargetHardwareAddress);
break;
case "arp.dst.proto":
field.AssertShow(arpDatagram.TargetProtocolAddress);
break;
case "arp.dst.proto_ipv4":
field.AssertShow(arpDatagram.TargetProtocolIpV4Address.ToString());
break;
case "arp.isgratuitous":
case "arp.dst.drarp_error_status":
// TODO: Support DRARP (RFC 1931).
break;
default:
throw new InvalidOperationException("Invalid arp field " + field.Name());
}
return(true);
}
/// <summary>
/// Format an ARP packet
/// </summary>
/// <param name="arp">The ARP packet to be parsed</param>
/// <param name="ctrl">Contorls to update information with
/// ctrl[0] is a ListView
/// ctrl[1] is a TextBox
/// </param>
public static void ParseARPPacket(ArpDatagram arp, object[] ctrl)
{
if (arp == null || ctrl == null ||
ctrl[0] == null || ctrl[1] == null)
{
return;
}
SnifferMain.datagram = arp;
List <ListViewItem> items = new List <ListViewItem>();
ListViewItem item = new ListViewItem("Packet Type");
item.SubItems.Add("ARP");
items.Add(item);
item = new ListViewItem("HardwareLength");
item.SubItems.Add(arp.HardwareLength.ToString());
items.Add(item);
item = new ListViewItem("HardwareType");
item.SubItems.Add(arp.HardwareType.ToString());
items.Add(item);
item = new ListViewItem("HeaderLength");
item.SubItems.Add(arp.HeaderLength.ToString());
items.Add(item);
item = new ListViewItem("Operation");
item.SubItems.Add(arp.Operation.ToString());
items.Add(item);
item = new ListViewItem("ProtocolLength");
item.SubItems.Add(arp.ProtocolLength.ToString());
items.Add(item);
item = new ListViewItem("ProtocolType");
item.SubItems.Add(arp.ProtocolType.ToString());
items.Add(item);
item = new ListViewItem("SenderHardwareAddress");
ReadOnlyCollection <byte> addr = arp.SenderHardwareAddress;
string address = String.Join("-", ParserHelper.ByteToHexString(addr.ToArray()));
item.SubItems.Add(address);
items.Add(item);
item = new ListViewItem("SenderProtocolAddress");
address = new IPAddress(arp.SenderProtocolAddress.ToArray()).ToString();
item.SubItems.Add(address);
items.Add(item);
item = new ListViewItem("TargetHardwareAddress");
addr = arp.TargetHardwareAddress;
address = string.Join("-", ParserHelper.ByteToHexString(addr.ToArray()));
item.SubItems.Add(address);
items.Add(item);
item = new ListViewItem("TargetProtocolAddress");
address = new IPAddress(arp.TargetProtocolAddress.ToArray()).ToString();
item.SubItems.Add(address);
items.Add(item);
ListView f_details = (ListView)ctrl[0];
object[] param = new object[2];
param[0] = f_details;
param[1] = items;
f_details.BeginInvoke(new ParserHelper.UIHandler(ParserHelper.UpdateDetailsUI), param);
PacketParser.DumpPacket(arp, ctrl[1]);
}
