private static void AnalyzeICMPv6Packet(Packet packet)
{
if (!(packet.PayloadPacket.PayloadPacket is ICMPv6Packet))
{
return;
}
try
{
ICMPv6Types type = ((ICMPv6Packet)packet.PayloadPacket.PayloadPacket).Type;
if (type == ICMPv6Types.NeighborAdvertisement)
{
ushort payloadLen = ((IPv6Packet)packet.PayloadPacket).PayloadLength;
byte[] flags = new byte[4];
flags[0] = (packet.PayloadPacket.PayloadPacket).Bytes[4];
flags[1] = (packet.PayloadPacket.PayloadPacket).Bytes[5];
flags[2] = (packet.PayloadPacket.PayloadPacket).Bytes[6];
flags[3] = (packet.PayloadPacket.PayloadPacket).Bytes[7];
Data.Neighbor neighbor = Program.CurrentProject.data.GetNeighbor(((EthernetPacket)packet).SourceHwAddress);
if (neighbor != null)
{
// Si el payload UDP es 24 bytes, y los flags son 0x40000000 (sol) puede ser un linux, y no un windows (0x60000000, sol ovr).
if ((flags[0] == 0x40) && (flags[1] == 0x00) && (flags[2] == 0x00) && (flags[3] == 0x00))
{
// Linux
if (neighbor.osPlatform == Data.Platform.Unknow)
{
neighbor.osPlatform = Data.Platform.Linux;
}
}
else if ((flags[0] == 0x60) && (flags[1] == 0x00) && (flags[2] == 0x00) && (flags[3] == 0x00))
{
// Windows
if (neighbor.osPlatform == Data.Platform.Unknow)
{
neighbor.osPlatform = Data.Platform.Windows;
}
}
}
}
}
catch (ArgumentOutOfRangeException)
{
}
}
private void AnalyzeIPv6Packet(Packet packet)
{
if (!(packet.PayloadPacket is IPv6Packet))
return;
if (!(packet is EthernetPacket))
return;
PhysicalAddress macSrc = ((EthernetPacket)packet).SourceHwAddress;
PhysicalAddress macDst = ((EthernetPacket)packet).DestinationHwAddress;
IPAddress ipSrc = ((IPv6Packet)(((EthernetPacket)packet).PayloadPacket)).SourceAddress;
IPAddress ipDst = ((IPv6Packet)(((EthernetPacket)packet).PayloadPacket)).DestinationAddress;
Data.Neighbor neighborSrc = new Data.Neighbor();
Data.Neighbor neighborDst = new Data.Neighbor();
neighborSrc.physicalAddress = macSrc;
neighborSrc.AddIP(ipSrc);
neighborDst.physicalAddress = macDst;
neighborDst.AddIP(ipDst);
if ((ipSrc.IsIPv6LinkLocal) && (ipDst.IsIPv6LinkLocal || ipDst.IsIPv6Multicast) && (packet.PayloadPacket.PayloadPacket is ICMPv6Packet))
AnalyzeICMPv6Packet(packet);
if (ipSrc.IsIPv6LinkLocal)
{
// [ Si no se envia desde nuestra mac ] Y [ el vecino no existe ] -> Se crea el vecino
if (!macSrc.Equals(localPhysicalAddress) && !Program.CurrentProject.data.ExistsNeighbor(macSrc))
{
Program.CurrentProject.data.AddNeighbor(neighborSrc);
OnNewNeighbor(new NeighborEventArgs(neighborSrc));
}
// En caso de que el vecino (mac) tenga una nueva IP, se la añadimos
if (Program.CurrentProject.data.GetNeighbor(neighborSrc.physicalAddress) != null &&
!Program.CurrentProject.data.GetNeighbor(neighborSrc.physicalAddress).ExistsIP(ipSrc))
{
Program.CurrentProject.data.GetNeighbor(neighborSrc.physicalAddress).AddIP(ipSrc);
Program.CurrentProject.data.AddNeighbor(neighborSrc);
}
}
if (ipDst.IsIPv6LinkLocal)
{
// [ Si el destino no es nuestra mac ] Y [ el vecino no existe ] -> Se crea el vecino
if (!macDst.Equals(localPhysicalAddress) && !Program.CurrentProject.data.ExistsNeighbor(macDst))
{
Program.CurrentProject.data.AddNeighbor(neighborDst);
OnNewNeighbor(new NeighborEventArgs(neighborDst));
}
if (Program.CurrentProject.data.GetNeighbor(neighborDst.physicalAddress) != null &&
!Program.CurrentProject.data.GetNeighbor(neighborDst.physicalAddress).ExistsIP(ipDst))
{
Program.CurrentProject.data.GetNeighbor(neighborDst.physicalAddress).AddIP(ipDst);
Program.CurrentProject.data.AddNeighbor(neighborDst);
}
}
if ((packet.PayloadPacket.PayloadPacket is TcpPacket)
&& (((TcpPacket)(packet.PayloadPacket.PayloadPacket)).DestinationPort == 80)
&& (((EthernetPacket)packet).Type == EthernetPacketType.IpV6)
&& ((IPv6Packet)(((EthernetPacket)packet).PayloadPacket)).DestinationAddress.Equals(Program.CurrentProject.data.GetIPv6LocalLinkFromDevice(device)))
{
SynchronizedCollection<Attack> lstAttacks = Program.CurrentProject.data.GetAttacks();
foreach (Attack attk in lstAttacks.Where(A => A.attackType == AttackType.WpadIPv6 && A.attackStatus == AttackStatus.Attacking))
{
MitmAttack mitmAtt = (MitmAttack)attk;
if (((IPv6Packet)((EthernetPacket)packet).PayloadPacket).SourceAddress.Equals(mitmAtt.t2.ip))
WpadIPv6Attack.Instance.SendWpadFile(packet);
}
}
}
private void AnalyzeIPv6Packet(Packet packet)
{
if (!(packet.PayloadPacket is IPv6Packet))
{
return;
}
if (!(packet is EthernetPacket))
{
return;
}
PhysicalAddress macSrc = ((EthernetPacket)packet).SourceHwAddress;
PhysicalAddress macDst = ((EthernetPacket)packet).DestinationHwAddress;
IPAddress ipSrc = ((IPv6Packet)(((EthernetPacket)packet).PayloadPacket)).SourceAddress;
IPAddress ipDst = ((IPv6Packet)(((EthernetPacket)packet).PayloadPacket)).DestinationAddress;
Data.Neighbor neighborSrc = new Data.Neighbor();
Data.Neighbor neighborDst = new Data.Neighbor();
neighborSrc.physicalAddress = macSrc;
neighborSrc.AddIP(ipSrc);
neighborDst.physicalAddress = macDst;
neighborDst.AddIP(ipDst);
if ((ipSrc.IsIPv6LinkLocal) && (ipDst.IsIPv6LinkLocal || ipDst.IsIPv6Multicast) && (packet.PayloadPacket.PayloadPacket is ICMPv6Packet))
{
AnalyzeICMPv6Packet(packet);
}
if (ipSrc.IsIPv6LinkLocal)
{
// [ Si no se envia desde nuestra mac ] Y [ el vecino no existe ] -> Se crea el vecino
if (!macSrc.Equals(localPhysicalAddress) && !Program.CurrentProject.data.ExistsNeighbor(macSrc))
{
Program.CurrentProject.data.AddNeighbor(neighborSrc);
OnNewNeighbor(new NeighborEventArgs(neighborSrc));
}
// En caso de que el vecino (mac) tenga una nueva IP, se la añadimos
if (Program.CurrentProject.data.GetNeighbor(neighborSrc.physicalAddress) != null &&
!Program.CurrentProject.data.GetNeighbor(neighborSrc.physicalAddress).ExistsIP(ipSrc))
{
Program.CurrentProject.data.GetNeighbor(neighborSrc.physicalAddress).AddIP(ipSrc);
Program.CurrentProject.data.AddNeighbor(neighborSrc);
}
}
if (ipDst.IsIPv6LinkLocal)
{
// [ Si el destino no es nuestra mac ] Y [ el vecino no existe ] -> Se crea el vecino
if (!macDst.Equals(localPhysicalAddress) && !Program.CurrentProject.data.ExistsNeighbor(macDst))
{
Program.CurrentProject.data.AddNeighbor(neighborDst);
OnNewNeighbor(new NeighborEventArgs(neighborDst));
}
if (Program.CurrentProject.data.GetNeighbor(neighborDst.physicalAddress) != null &&
!Program.CurrentProject.data.GetNeighbor(neighborDst.physicalAddress).ExistsIP(ipDst))
{
Program.CurrentProject.data.GetNeighbor(neighborDst.physicalAddress).AddIP(ipDst);
Program.CurrentProject.data.AddNeighbor(neighborDst);
}
}
if ((packet.PayloadPacket.PayloadPacket is TcpPacket) &&
(((TcpPacket)(packet.PayloadPacket.PayloadPacket)).DestinationPort == 80) &&
(((EthernetPacket)packet).Type == EthernetPacketType.IpV6) &&
((IPv6Packet)(((EthernetPacket)packet).PayloadPacket)).DestinationAddress.Equals(Program.CurrentProject.data.GetIPv6LocalLinkFromDevice(device)))
{
SynchronizedCollection <Attack> lstAttacks = Program.CurrentProject.data.GetAttacks();
foreach (Attack attk in lstAttacks.Where(A => A.attackType == AttackType.WpadIPv6 && A.attackStatus == AttackStatus.Attacking))
{
MitmAttack mitmAtt = (MitmAttack)attk;
if (((IPv6Packet)((EthernetPacket)packet).PayloadPacket).SourceAddress.Equals(mitmAtt.t2.ip))
{
WpadIPv6Attack.Instance.SendWpadFile(packet);
}
}
}
}