private void AddFrameToOpenSession(TcpPacket tcpPacket, AttributeFingerprintHandler.PacketDirection direction, Int32 protocolPacketLength) { if (this.State != TCPState.ESTABLISHED && this.State != TCPState.FIN) { throw new Exception("Session is not open!"); } if (this.State == TCPState.ESTABLISHED && tcpPacket.FlagBits.Fin && !tcpPacket.FlagBits.Acknowledgement) { this.State = TCPState.FIN; } else if (tcpPacket.FlagBits.Fin && tcpPacket.FlagBits.Acknowledgement) { this.State = TCPState.CLOSED; if (this.SessionClosed != null) { this.SessionClosed(this, this.ApplicationProtocolModel); } if (this.UsePlaceholderProtocolModel) { this.ApplicationProtocolModel = SessionHandler.PlaceholderProtocolModel; //to save memory } } else if (tcpPacket.FlagBits.Reset) { this.State = TCPState.CLOSED; if (this.SessionClosed != null) { this.SessionClosed(this, this.ApplicationProtocolModel); } if (this.UsePlaceholderProtocolModel) { this.ApplicationProtocolModel = SessionHandler.PlaceholderProtocolModel; //to save memory } } else { if (this.ApplicationProtocolModel == null) { this.ApplicationProtocolModel = new ProtocolModel(this.Identifier, this.config.ActiveAttributeMeters); } if (this.FrameCount <= this.config.MaxFramesToInspectPerSession) { //at last we can add the observation to the model //int protocolPacketStartIndex=tcpPacket.PacketStartIndex+tcpPacket.DataOffsetByteCount; //int protocolPacketLength=ipPacket.TotalLength-(tcpPacket.PacketStartIndex-ipPacket.PacketStartIndex)-tcpPacket.DataOffsetByteCount; if (protocolPacketLength > 0) { var protocolPacketStartIndex = tcpPacket.PacketStartIndex + tcpPacket.DataOffsetByteCount; this.ApplicationProtocolModel.AddObservation(tcpPacket.ParentFrame.Data, protocolPacketStartIndex, protocolPacketLength, tcpPacket.ParentFrame.Timestamp, direction); } } } }
private void AddFrame(UdpPacket udpPacket, AttributeFingerprintHandler.PacketDirection direction, Int32 protocolPacketLength) { this.frameCount++; this.LastPacketTimestamp = udpPacket.ParentFrame.Timestamp; if (this.FirstPacketTimestamp == DateTime.MinValue) { this.FirstPacketTimestamp = udpPacket.ParentFrame.Timestamp; } //see if the session has just been established if (direction == AttributeFingerprintHandler.PacketDirection.ClientToServer && !this.clientToServerPacketReceived) { this.clientToServerPacketReceived = true; if (this.serverToClientPacketReceived && this.SessionEstablished != null) { this.SessionEstablished(this); } } else if (direction == AttributeFingerprintHandler.PacketDirection.ServerToClient && !this.serverToClientPacketReceived) { this.serverToClientPacketReceived = true; if (this.clientToServerPacketReceived && this.SessionEstablished != null) { this.SessionEstablished(this); } } if (this.frameCount == this.config.MaxFramesToInspectPerSession + 1 && this.ApplicationProtocolModel != SessionHandler.PlaceholderProtocolModel) { if (this.ProtocolModelCompleted != null) { this.ProtocolModelCompleted(this, this.ApplicationProtocolModel); } if (this.usePlaceholderProtocolModel) { this.ApplicationProtocolModel = SessionHandler.PlaceholderProtocolModel; } } if (this.frameCount <= this.config.MaxFramesToInspectPerSession) { if (protocolPacketLength > 0) { if (this.ApplicationProtocolModel == null) { this.ApplicationProtocolModel = new ProtocolModel(this.Identifier, this.config.ActiveAttributeMeters); } var protocolPacketStartIndex = udpPacket.PacketStartIndex + udpPacket.DataOffsetByteCount; this.ApplicationProtocolModel.AddObservation(udpPacket.ParentFrame.Data, protocolPacketStartIndex, protocolPacketLength, udpPacket.ParentFrame.Timestamp, direction); } } }
public void AddFrame(TcpPacket tcpPacket, AttributeFingerprintHandler.PacketDirection direction, Int32 protocolPacketLength) { this.FrameCount++; this.LastPacketTimestamp = tcpPacket.ParentFrame.Timestamp; if (this.FirstPacketTimestamp == DateTime.MinValue) { this.FirstPacketTimestamp = tcpPacket.ParentFrame.Timestamp; } if (direction == AttributeFingerprintHandler.PacketDirection.Unknown) { throw new Exception("A valid direction must be supplied"); } if (this.FrameCount == this.config.MaxFramesToInspectPerSession + 1 && this.ApplicationProtocolModel != SessionHandler.PlaceholderProtocolModel) { if (this.ProtocolModelCompleted != null) { this.ProtocolModelCompleted(this, this.ApplicationProtocolModel); } if (this.UsePlaceholderProtocolModel) { this.ApplicationProtocolModel = SessionHandler.PlaceholderProtocolModel; } } if (this.State == TCPState.CLOSED) { //do nothing //throw new Exception("Cannot add a frame to a closed session"); } else if (this.State == TCPState.NONE) { //Expected: client->server SYN //or unidirectional server->client SYN+ACK if (direction == AttributeFingerprintHandler.PacketDirection.ClientToServer && tcpPacket.FlagBits.Synchronize) { this.State = TCPState.SYN; } else if (direction == AttributeFingerprintHandler.PacketDirection.ServerToClient && tcpPacket.FlagBits.Synchronize && tcpPacket.FlagBits.Acknowledgement) { this.State = TCPState.SYN_ACK; } } else if (this.State == TCPState.SYN) { //Expected: server->client SYN+ACK //or unidirectional client->server ACK if (direction == AttributeFingerprintHandler.PacketDirection.ServerToClient && tcpPacket.FlagBits.Synchronize && tcpPacket.FlagBits.Acknowledgement) { this.State = TCPState.SYN_ACK; } else if (direction == AttributeFingerprintHandler.PacketDirection.ClientToServer && !tcpPacket.FlagBits.Synchronize && tcpPacket.FlagBits.Acknowledgement) { this.State = TCPState.ESTABLISHED; } } else if (this.State == TCPState.SYN_ACK) { //Expected: client->server ACK //or unidirectional first data packet server->client if (direction == AttributeFingerprintHandler.PacketDirection.ClientToServer && tcpPacket.FlagBits.Acknowledgement && !tcpPacket.FlagBits.Synchronize) { this.State = TCPState.ESTABLISHED; //generate a SessionEstablishedEvent if (this.SessionEstablished != null) { this.SessionEstablished(this); } } //else if(direction==ProtocolIdentification.AttributeFingerprintHandler.PacketDirection.ServerToClient && (ipPacket.TotalLength-(tcpPacket.PacketStartIndex-ipPacket.PacketStartIndex)-tcpPacket.DataOffsetByteCount)>0) { else if (direction == AttributeFingerprintHandler.PacketDirection.ServerToClient && protocolPacketLength > 0) { this.State = TCPState.ESTABLISHED; if (this.SessionEstablished != null) { this.SessionEstablished(this); } //AddFrameToOpenSession(ipPacket, tcpPacket, direction); this.AddFrameToOpenSession(tcpPacket, direction, protocolPacketLength); } } else if (this.State == TCPState.ESTABLISHED || this.State == TCPState.FIN) { //AddFrameToOpenSession(ipPacket, tcpPacket, direction); this.AddFrameToOpenSession(tcpPacket, direction, protocolPacketLength); } }