/// <summary>
/// Constructor
/// </summary>
/// <param name="LinkLayerType">
/// A <see cref="LinkLayers"/>
/// </param>
/// <param name="Timeval">
/// A <see cref="PosixTimeval"/>
/// </param>
/// <param name="Data">
/// A <see cref="System.Byte"/>
/// </param>
public Frame(LinkLayerType linkLayerType,
PosixTime posixTime,
byte[] bytes)
{
this.LinkLayer = linkLayerType;
this.Timestamp = posixTime;
this.m_data = bytes;
}
void ReadHeader()
{
var magicNumber = m_reader.ReadUInt32();
var version_major = m_reader.ReadUInt16();
var version_minor = m_reader.ReadUInt16();
var thiszone = m_reader.ReadInt32();
var sigfigs = m_reader.ReadUInt32();
var snaplen = m_reader.ReadUInt32();
m_network = (LinkLayerType)m_reader.ReadUInt32();
}
private void buttonSaveAll_Click(object sender, EventArgs e)
{
List <Raw> allRawCaptures = packetListView1.GetAllRawCaptures();
if (allRawCaptures.Count == 0)
{
return;
}
LinkLayerType layer = allRawCaptures.First().LinkLayer;
if (!allRawCaptures.TrueForAll(raw => raw.LinkLayer == layer))
{
MessageBox.Show(
"The contained data consists of different Link Layer types, please use PCAPNG format instead");
}
var saveFileDialog = new SaveFileDialog
{
AddExtension = true,
DefaultExt = "pcap"
};
DialogResult dialogResult = saveFileDialog.ShowDialog();
if (dialogResult != DialogResult.OK)
{
return;
}
using (var pcapWriter = new sonesson_tools.FileWriters.PCAPWriter(saveFileDialog.FileName))
{
pcapWriter.LinkLayerType = (uint)layer;
pcapWriter.Start();
foreach (Raw raw in allRawCaptures)
{
pcapWriter.WritePacket(raw.RawData, raw.TimeStamp);
}
}
// TODO FOR TEST ONLY
//using (var fstream = new FileStream(saveFileDialog.FileName + ".binary", FileMode.OpenOrCreate, FileAccess.Write))
//{
// var bWriter = new BinaryFormatter();
// bWriter.Serialize(fstream, allRawCaptures);
//}
//
//using (var fstream2 = new FileStream(saveFileDialog.FileName + ".binary2", FileMode.OpenOrCreate, FileAccess.Write))
//{
// var bWriter2 = new BinaryFormatter();
// var capturePacket = packetListView1.GetAllPackets().First(p => p.ParsedData != null);
// bWriter2.Serialize(fstream2, packetListView1.GetAllPackets());
//}
}
public RawTemplateControl()
{
InitializeComponent();
foreach (KeyValuePair <string, LinkLayerType> nameAndType in _map)
{
LinkLayerType type = nameAndType.Value;
string name = nameAndType.Key;
string label = $"{(int) type} {name}";
linkLayersBox.Items.Add(label);
}
// Setting default to Ethernet
linkLayersBox.SelectedIndex = (int)LinkLayerType.Ethernet;
}
private void linkLayerTextBox_TextChanged(object sender, EventArgs e)
{
PacketChanged?.Invoke(this, new EventArgs());
// Trying to resolve the PPID so the use know what protocol wireshark is going to try
try
{
_linkLayer = ParseLinkLayer(linkLayerTextBox.Text);
if (!Enum.IsDefined(typeof(LinkLayerType), _linkLayer))
{
resProtoValueLabel.Text = "Unassigned";
}
else
{
resProtoValueLabel.Text = _linkLayer.ToString();
}
}
catch
{
resProtoValueLabel.Text = "ERROR";
}
}
public TempPacketSaveData(byte[] data, LinkLayerType linkLayer)
{
Data = data;
LinkLayer = linkLayer;
}
internal PacketReader(PcapHandle handle)
{
this.handle = handle;
linkLayerType = (LinkLayerType)NativeMethods.pcap_datalink(handle);
}
public void ReplacePacket(int index, LinkLayerType missing_name, byte[] data)
{
throw new NotImplementedException();
}
public void AppendPacket(LinkLayerType linkLayer, byte[] data)
{
// TODO: ??
}
public void ReplacePacket(LinkLayerType link, byte[] data)
{
throw new NotImplementedException();
}
public Raw(DateTime timeStamp, byte[] rawData, LinkLayerType layer)
{
TimeStamp = timeStamp;
RawData = rawData;
LinkLayer = layer;
}
public CapturePacket(Raw raw)
{
//RawCapture = raw;
Date = raw.TimeStamp;
_linkLayerType = raw.LinkLayer;
try
{
Packet = Packet.ParsePacket((LinkLayers)raw.LinkLayer, raw.RawData);
}
catch (Exception e)
{
Error = e.Message;
}
if (Packet == null)
{
return;
}
// protect against corrupted data with a try read
try
{
var throwaway = Packet.Bytes.Length + Packet.HeaderData.Length;
}
catch (Exception e)
{
_protocolinfo = "Malformed Packet or Header";
this.Error = "Malformed Packet or Header";
return;
}
if (Packet.PayloadPacket is IPv4Packet)
{
var ipv4 = (IPv4Packet)Packet.PayloadPacket;
switch (ipv4.Protocol)
{
case PacketDotNet.ProtocolType.Tcp:
var tcpPacket = (TcpPacket)ipv4.PayloadPacket;
Protocol = ProtocolType.TCP;
// catch a semi-rare error in PacketDotNet that cannot be checked against
try
{
if (tcpPacket.PayloadData.Length == 0)
{
break;
}
}
catch (Exception e)
{
Error = e.Message;
break;
}
if ((tcpPacket.DestinationPort == 50039 || tcpPacket.DestinationPort == 50040) &&
tcpPacket.PayloadData.Length > 0)
{
Protocol = ProtocolType.JRU;
try
{
var ss27 = ExtractSS27Packet(tcpPacket);
DisplayFields.Add(new Tuple <string, object>("time", ss27.DateTime));
if (ss27.Events.Count == 0)
{
// if there is no event, chuck some other data in there, maybe
// ParsedData = new ParsedDataSet() { ParsedFields = new List<ParsedField>(ss27.Header) };
}
else
{
// TODO FIX THIS SO IT WORKS
ss27.Events.ForEach(e => DisplayFields.Add(new Tuple <string, object>(e.EventType.ToString(), e.Description)));
}
this.SS27Packet = ss27;
}
catch (Exception e)
{
Error = e.Message;
}
}
if (tcpPacket.SourcePort == 50041 && tcpPacket.PayloadData.Length > 0)
{
Protocol = ProtocolType.JRU;
var jruload = tcpPacket.PayloadData;
try
{
ushort jrulen = BitConverter.ToUInt16(new byte[] { jruload[1], jruload[0] }, 0);
var buffer = new byte[jrulen];
Array.Copy(jruload, 2, buffer, 0, jrulen);
ParsedData = VSIS210.JRU_STATUS.Parse(buffer);
}
catch (Exception e)
{
Error = e.Message;
}
}
break;
case PacketDotNet.ProtocolType.Udp:
Protocol = ProtocolType.UDP;
var udp = (UdpPacket)ipv4.PayloadPacket;
if (udp == null)
{
_protocolinfo = "Malformed UDP";
this.Error = "Malformed UDP";
return;
}
// protect against corrupted data with a try read
try
{
var throwaway = udp.DestinationPort + udp.SourcePort + udp.Length + udp.Checksum;
}
catch (Exception e)
{
_protocolinfo = "Malformed UDP";
this.Error = "Malformed UDP";
return;
}
if (udp.SourcePort == 123 && udp.DestinationPort == 123)
{
Protocol = ProtocolType.NTP;
}
else if (Equals(ipv4.SourceAddress, VapAddress))
{
if (udp.DestinationPort == 50023)
{
_protocolinfo = "VAP->ETC (TR)";
}
else if (udp.DestinationPort == 50030)
{
_protocolinfo = "VAP->ETC (DMI1 to ETC)";
}
else if (udp.DestinationPort == 50031)
{
_protocolinfo = "VAP->ETC (DMI2 to ETC)";
}
else if (udp.DestinationPort == 50032)
{
_protocolinfo = "VAP->ETC (DMI1 to iSTM)";
}
else if (udp.DestinationPort == 50033)
{
_protocolinfo = "VAP->ETC (DMI2 to iSTM)";
}
else if (udp.DestinationPort == 50051)
{
_protocolinfo = "VAP->ETC (DMI1 to gSTM)";
}
else if (udp.DestinationPort == 50052)
{
_protocolinfo = "VAP->ETC (DMI2 to gSTM)";
}
else if (udp.DestinationPort == 50024)
{
_protocolinfo = "VAP->ETC (DMI1 EVC-102)";
}
else if (udp.DestinationPort == 50025)
{
_protocolinfo = "VAP->ETC (DMI2 EVC-102)";
}
else if (udp.DestinationPort == 50039)
{
_protocolinfo = "VAP->ETC (STM to JRU)";
}
else if (udp.DestinationPort == 50041)
{
_protocolinfo = "VAP->ETC (JRU Status)";
}
else if (udp.DestinationPort == 50050)
{
_protocolinfo = "VAP->ETC (VAP Status)";
}
else if (udp.DestinationPort == 50015)
{
Protocol = ProtocolType.UDP_SPL;
_protocolinfo = "VAP->OPC (DMI to STM)";
}
else if (udp.DestinationPort == 5514)
{
_protocolinfo = "VAP->BDS (VAP Diag)";
}
}
else if (Equals(ipv4.DestinationAddress, VapAddress))
{
if (udp.DestinationPort == 50022)
{
_protocolinfo = "ETC->VAP (OBU)";
}
else if (udp.DestinationPort == 50026)
{
_protocolinfo = "ETC->VAP (ETC to DMI1)";
}
else if (udp.DestinationPort == 50027)
{
_protocolinfo = "ETC->VAP (ETC to DMI2)";
}
else if (udp.DestinationPort == 50037)
{
_protocolinfo = "ETC->VAP (EVC-1&7)";
}
else if (udp.DestinationPort == 50035)
{
_protocolinfo = "ETC->VAP (EVC-1&7)";
}
else if (udp.DestinationPort == 50028)
{
_protocolinfo = "ETC->VAP (iSTM to DMI1)";
}
else if (udp.DestinationPort == 50029)
{
_protocolinfo = "ETC->VAP (iSTM to DMI2)";
}
else if (udp.DestinationPort == 50055)
{
_protocolinfo = "ETC->VAP (gSTM to DMI1)";
}
else if (udp.DestinationPort == 50056)
{
_protocolinfo = "ETC->VAP (gSTM to DMI2)";
}
else if (udp.DestinationPort == 50034)
{
_protocolinfo = "ETC->VAP (to JRU)";
}
else if (udp.DestinationPort == 50057)
{
_protocolinfo = "ETC->VAP (VAP Config)";
}
else if (udp.DestinationPort == 50014)
{
Protocol = ProtocolType.UDP_SPL;
_protocolinfo = "OPC->VAP";
var payload = udp.PayloadData;
var spl = VAP.UDP_SPL.Parse(payload);
this.DisplayFields =
spl.ParsedFields.Select(f => new Tuple <string, object>(f.Name, f.Value)).ToList();
if (spl.ParsedFields.Last().Value.Equals("C9"))
{
var nextBytes = Functions.SubArrayGetter(payload, 81);
var stm = VAP.STM_Packet.Parse(nextBytes);
DisplayFields.AddRange(stm.ParsedFields.Select(f => new Tuple <string, object>(f.Name, f.Value)).ToList());
}
}
else if (udp.DestinationPort == 50036)
{
_protocolinfo = "BDS->VAP (Diag)";
}
else if (udp.DestinationPort == 50070)
{
_protocolinfo = "ETC->VAP (ATO)";
}
else if (udp.DestinationPort == 50068)
{
_protocolinfo = "ETC->VAP (ATO)";
}
else if (udp.DestinationPort == 50072)
{
_protocolinfo = "ETC->VAP (ATO)";
}
}
try
{
IPTWPPacket = IPTWPPacket.Extract(udp);
}
catch (Exception e)
{
Error = e.Message;
}
if (IPTWPPacket != null)
{
Protocol = ProtocolType.IPTWP;
}
break;
case PacketDotNet.ProtocolType.Icmp:
Protocol = ProtocolType.ICMP;
// dunno
break;
case PacketDotNet.ProtocolType.Igmp:
Protocol = ProtocolType.IGMP;
// dunno
break;
default:
throw new ArgumentOutOfRangeException();
}
}
else if (Packet.PayloadPacket is ArpPacket arpPacket)
{
Protocol = ProtocolType.ARP;
}
else if (Packet.PayloadPacket is IPv6Packet)
{
Protocol = ProtocolType.IPv6;
// ignore, for now
}
else if (raw.LinkLayer == LinkLayerType.Ethernet && Packet.HeaderData[12] == 0x88 &&
Packet.HeaderData[13] == 0xe1)
{
Protocol = ProtocolType.HomeplugAV;
// ignore
}
else if (raw.LinkLayer == LinkLayerType.Ethernet && Packet.HeaderData[12] == 0x89 &&
Packet.HeaderData[13] == 0x12)
{
Protocol = ProtocolType.Mediaxtream;
// ignore
}
else if (raw.LinkLayer == LinkLayerType.Ethernet && Packet.HeaderData[12] == 0x88 &&
Packet.HeaderData[13] == 0xcc)
{
Protocol = ProtocolType.LLDP;
// ignore
}
else
{
Protocol = ProtocolType.UNKNOWN;
#if DEBUG
// if we are in debug, we might want to know what is in the unknown
// throw new NotImplementedException("Surprise data! " + BitConverter.ToString(packet.Bytes));
#endif
}
var extractParsedData = ExtractParsedData(this, out var displayfields);
this.DisplayFields.AddRange(displayfields);
this.ParsedData = extractParsedData;
}
public static PacketSaveData GetPacketSaveData(string hex, HexStreamType streamType, LinkLayerType linkType, string streamId, string ppId, string ext = "")
{
string linkTypeStr = ((byte)linkType).ToString();
return(GetPacketSaveData(hex, streamType, linkTypeStr, streamId, ppId, ext));
}
/// <summary>
/// Gets the flow key for supported frame (not only Ethernet). It uses PacketDotNet library.
/// </summary>
/// <param name="linkLayer">Link Layer of the Frame.</param>
/// <param name="bytes">Bytes of the frame.</param>
/// <returns><see cref="FlowKey"/> for the provided frame.</returns>
public static FlowKey GetKey(LinkLayerType linkLayer, byte[] bytes)
{
var packet = PacketDotNet.Packet.ParsePacket((PacketDotNet.LinkLayers)linkLayer, bytes);
return(PacketKeyProvider.GetKeyFromPacket(packet));
}
