private void AddFrameToOpenSession(TcpPacket tcpPacket, AttributeFingerprintHandler.PacketDirection direction, Int32 protocolPacketLength)
{
if (this.State != TCPState.ESTABLISHED && this.State != TCPState.FIN)
{
throw new Exception("Session is not open!");
}
if (this.State == TCPState.ESTABLISHED && tcpPacket.FlagBits.Fin && !tcpPacket.FlagBits.Acknowledgement)
{
this.State = TCPState.FIN;
}
else if (tcpPacket.FlagBits.Fin && tcpPacket.FlagBits.Acknowledgement)
{
this.State = TCPState.CLOSED;
if (this.SessionClosed != null)
{
this.SessionClosed(this, this.ApplicationProtocolModel);
}
if (this.UsePlaceholderProtocolModel)
{
this.ApplicationProtocolModel = SessionHandler.PlaceholderProtocolModel; //to save memory
}
}
else if (tcpPacket.FlagBits.Reset)
{
this.State = TCPState.CLOSED;
if (this.SessionClosed != null)
{
this.SessionClosed(this, this.ApplicationProtocolModel);
}
if (this.UsePlaceholderProtocolModel)
{
this.ApplicationProtocolModel = SessionHandler.PlaceholderProtocolModel; //to save memory
}
}
else
{
if (this.ApplicationProtocolModel == null)
{
this.ApplicationProtocolModel = new ProtocolModel(this.Identifier, this.config.ActiveAttributeMeters);
}
if (this.FrameCount <= this.config.MaxFramesToInspectPerSession)
{
//at last we can add the observation to the model
//int protocolPacketStartIndex=tcpPacket.PacketStartIndex+tcpPacket.DataOffsetByteCount;
//int protocolPacketLength=ipPacket.TotalLength-(tcpPacket.PacketStartIndex-ipPacket.PacketStartIndex)-tcpPacket.DataOffsetByteCount;
if (protocolPacketLength > 0)
{
var protocolPacketStartIndex = tcpPacket.PacketStartIndex + tcpPacket.DataOffsetByteCount;
this.ApplicationProtocolModel.AddObservation(tcpPacket.ParentFrame.Data, protocolPacketStartIndex, protocolPacketLength, tcpPacket.ParentFrame.Timestamp,
direction);
}
}
}
}
private void AddFrame(UdpPacket udpPacket, AttributeFingerprintHandler.PacketDirection direction, Int32 protocolPacketLength)
{
this.frameCount++;
this.LastPacketTimestamp = udpPacket.ParentFrame.Timestamp;
if (this.FirstPacketTimestamp == DateTime.MinValue)
{
this.FirstPacketTimestamp = udpPacket.ParentFrame.Timestamp;
}
//see if the session has just been established
if (direction == AttributeFingerprintHandler.PacketDirection.ClientToServer && !this.clientToServerPacketReceived)
{
this.clientToServerPacketReceived = true;
if (this.serverToClientPacketReceived && this.SessionEstablished != null)
{
this.SessionEstablished(this);
}
}
else if (direction == AttributeFingerprintHandler.PacketDirection.ServerToClient && !this.serverToClientPacketReceived)
{
this.serverToClientPacketReceived = true;
if (this.clientToServerPacketReceived && this.SessionEstablished != null)
{
this.SessionEstablished(this);
}
}
if (this.frameCount == this.config.MaxFramesToInspectPerSession + 1 && this.ApplicationProtocolModel != SessionHandler.PlaceholderProtocolModel)
{
if (this.ProtocolModelCompleted != null)
{
this.ProtocolModelCompleted(this, this.ApplicationProtocolModel);
}
if (this.usePlaceholderProtocolModel)
{
this.ApplicationProtocolModel = SessionHandler.PlaceholderProtocolModel;
}
}
if (this.frameCount <= this.config.MaxFramesToInspectPerSession)
{
if (protocolPacketLength > 0)
{
if (this.ApplicationProtocolModel == null)
{
this.ApplicationProtocolModel = new ProtocolModel(this.Identifier, this.config.ActiveAttributeMeters);
}
var protocolPacketStartIndex = udpPacket.PacketStartIndex + udpPacket.DataOffsetByteCount;
this.ApplicationProtocolModel.AddObservation(udpPacket.ParentFrame.Data, protocolPacketStartIndex, protocolPacketLength, udpPacket.ParentFrame.Timestamp,
direction);
}
}
}
public void AddFrame(TcpPacket tcpPacket, AttributeFingerprintHandler.PacketDirection direction, Int32 protocolPacketLength)
{
this.FrameCount++;
this.LastPacketTimestamp = tcpPacket.ParentFrame.Timestamp;
if (this.FirstPacketTimestamp == DateTime.MinValue)
{
this.FirstPacketTimestamp = tcpPacket.ParentFrame.Timestamp;
}
if (direction == AttributeFingerprintHandler.PacketDirection.Unknown)
{
throw new Exception("A valid direction must be supplied");
}
if (this.FrameCount == this.config.MaxFramesToInspectPerSession + 1 && this.ApplicationProtocolModel != SessionHandler.PlaceholderProtocolModel)
{
if (this.ProtocolModelCompleted != null)
{
this.ProtocolModelCompleted(this, this.ApplicationProtocolModel);
}
if (this.UsePlaceholderProtocolModel)
{
this.ApplicationProtocolModel = SessionHandler.PlaceholderProtocolModel;
}
}
if (this.State == TCPState.CLOSED)
{
//do nothing
//throw new Exception("Cannot add a frame to a closed session");
}
else if (this.State == TCPState.NONE)
{
//Expected: client->server SYN
//or unidirectional server->client SYN+ACK
if (direction == AttributeFingerprintHandler.PacketDirection.ClientToServer && tcpPacket.FlagBits.Synchronize)
{
this.State = TCPState.SYN;
}
else if (direction == AttributeFingerprintHandler.PacketDirection.ServerToClient && tcpPacket.FlagBits.Synchronize && tcpPacket.FlagBits.Acknowledgement)
{
this.State = TCPState.SYN_ACK;
}
}
else if (this.State == TCPState.SYN)
{
//Expected: server->client SYN+ACK
//or unidirectional client->server ACK
if (direction == AttributeFingerprintHandler.PacketDirection.ServerToClient && tcpPacket.FlagBits.Synchronize && tcpPacket.FlagBits.Acknowledgement)
{
this.State = TCPState.SYN_ACK;
}
else if (direction == AttributeFingerprintHandler.PacketDirection.ClientToServer && !tcpPacket.FlagBits.Synchronize && tcpPacket.FlagBits.Acknowledgement)
{
this.State = TCPState.ESTABLISHED;
}
}
else if (this.State == TCPState.SYN_ACK)
{
//Expected: client->server ACK
//or unidirectional first data packet server->client
if (direction == AttributeFingerprintHandler.PacketDirection.ClientToServer && tcpPacket.FlagBits.Acknowledgement && !tcpPacket.FlagBits.Synchronize)
{
this.State = TCPState.ESTABLISHED;
//generate a SessionEstablishedEvent
if (this.SessionEstablished != null)
{
this.SessionEstablished(this);
}
}
//else if(direction==ProtocolIdentification.AttributeFingerprintHandler.PacketDirection.ServerToClient && (ipPacket.TotalLength-(tcpPacket.PacketStartIndex-ipPacket.PacketStartIndex)-tcpPacket.DataOffsetByteCount)>0) {
else if (direction == AttributeFingerprintHandler.PacketDirection.ServerToClient && protocolPacketLength > 0)
{
this.State = TCPState.ESTABLISHED;
if (this.SessionEstablished != null)
{
this.SessionEstablished(this);
}
//AddFrameToOpenSession(ipPacket, tcpPacket, direction);
this.AddFrameToOpenSession(tcpPacket, direction, protocolPacketLength);
}
}
else if (this.State == TCPState.ESTABLISHED || this.State == TCPState.FIN)
{
//AddFrameToOpenSession(ipPacket, tcpPacket, direction);
this.AddFrameToOpenSession(tcpPacket, direction, protocolPacketLength);
}
}
