public void Test() { connectionStatistics.OnMeasurementFound += HandleConnectionStatisticsOnMeasurementFound; connectionStatistics.OnMeasurementEvent += HandleConnectionStatisticsOnMeasurementEvent; captureFilename = capturePre + captureFN; // open the offline file var dev = new CaptureFileReaderDevice(captureFilename); dev.Open(); Assert.True(dev != null, "failed to open " + captureFilename); var tcpConnectionManager = new TcpConnectionManager(); tcpConnectionManager.OnConnectionFound += HandleTcpConnectionManagerOnConnectionFound; RawCapture rawCapture; while ((rawCapture = dev.GetNextPacket()) != null) { var p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data); var tcpPacket = p.Extract <TcpPacket>(); if (tcpPacket != null) { // Console.WriteLine("{0}", tcpPacket.ToString()); tcpConnectionManager.ProcessPacket(rawCapture.Timeval, tcpPacket); } } }
private void device_OnPacketArrival(object sender, CaptureEventArgs e) { var packet = Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data); var tcpPacket = packet.Extract <TcpPacket>(); if (tcpPacket == null || tcpPacket.PayloadData.Length == 0) { return; } //var dest = tcpPacket.SourcePort == Constants.LOGIN_PORT ? PacketDirection.ServerToClient : PacketDirection.ClientToServer; //var data = new byte[tcpPacket.PayloadData.Length]; //tcpPacket.PayloadData.CopyTo(data, 0); //var logAddr = $"{dest} Data: {BitConverter.ToString(data)}"; //Logger.LogInformation(logAddr); //Crypt.Decrypt(data, 2, data.Length - 2); //if(data[2] == 0 && Crypt.IsInitial) //{ // Logger.LogInformation($"{dest} BXOR Data: {BitConverter.ToString(data)}"); // Crypt.DecXORPass(data); // var init = new Init(new System.IO.MemoryStream(data)); // Crypt.SetKey(init.BlowFishKey); //} //Logger.LogInformation($"{dest} DEC Data: {BitConverter.ToString(data)}"); //var ipv4Packet = packet.Extract<IPv4Packet>(); ConnectionManager.ProcessPacket(e.Packet.Timeval, tcpPacket); }
private void ProcessPackets(ICaptureDevice dev, TcpConnectionManager tcpConnectionManager) { // reset the expected message index at the start of the test run expectedMessageIndex = 0; GetPacketStatus status; PacketCapture e; while ((status = dev.GetNextPacket(out e)) == GetPacketStatus.PacketRead) { var rawCapture = e.GetPacket(); var p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data); var tcpPacket = p.Extract <TcpPacket>(); // skip non-tcp packets, http is a tcp based protocol if (p == null) { continue; } log.Debug("passing packet to TcpConnectionManager"); tcpConnectionManager.ProcessPacket(rawCapture.Timeval, tcpPacket); } // did we get all of the messages? Assert.Equal(expectedMessages.Count, expectedMessageIndex); }
public void TestCallbacks() { log4net.Config.XmlConfigurator.Configure(LogManager.GetRepository(Assembly.GetCallingAssembly())); TcpConnectionManager connectionManager = new TcpConnectionManager(); connectionManager.OnConnectionFound += HandleConnectionManagerOnConnectionFound; incomingGenerators = new List <TcpStreamGenerator>(); // outgoingGenerators = new List<TcpStreamGenerator>(); // open the offline file var dev = new CaptureFileReaderDevice(captureFilename); dev.Open(); Assert.True(dev != null, "failed to open " + captureFilename); RawCapture rawCapture; while ((rawCapture = dev.GetNextPacket()) != null) { var p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data); var tcpPacket = p.Extract <TcpPacket>(); Console.WriteLine("tcpPacket.PayloadData.Length {0}", tcpPacket.PayloadData.Length); connectionManager.ProcessPacket(rawCapture.Timeval, tcpPacket); } dev.Close(); int expectedCallbackCount = 5; Assert.Equal(expectedCallbackCount, callbackCount); }
/// <summary> /// Prints the time and length of each received packet /// </summary> private static void device_OnPacketArrival(object sender, CaptureEventArgs e) { PacketCount++; var p = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data); var tcpPacket = p.Extract <TcpPacket>(); if (tcpPacket != null) { log.Debug("passing packet to TcpConnectionManager"); tcpConnectionManager.ProcessPacket(e.Packet.Timeval, tcpPacket); } }
public void ConnectionCreation() { // store the logging value var oldThreshold = LoggingConfiguration.GlobalLoggingLevel; // disable logging to improve performance LoggingConfiguration.GlobalLoggingLevel = log4net.Core.Level.Off; string captureFN = "tcp_test.pcap"; string captureFilename = capturePre + captureFN; // open the offline file var dev = new CaptureFileReaderDevice(captureFilename); dev.Open(); Assert.True(dev != null, "failed to open " + captureFilename); var tcpConnectionManager = new TcpConnectionManager(); tcpConnectionManager.OnConnectionFound += HandleTcpConnectionManagerOnConnectionFound; connectionsFound = 0; var startTime = DateTime.Now; PacketCapture e; GetPacketStatus status; while ((status = dev.GetNextPacket(out e)) == GetPacketStatus.PacketRead) { var rawCapture = e.GetPacket(); var p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data); var tcpPacket = p.Extract <TcpPacket>(); if (tcpPacket != null) { // Console.WriteLine("{0}", tcpPacket.ToString()); tcpConnectionManager.ProcessPacket(rawCapture.Timeval, tcpPacket); } } var endTime = DateTime.Now; // restore logging LoggingConfiguration.GlobalLoggingLevel = oldThreshold; var rate = new Utils.Rate(startTime, endTime, connectionsFound, "Connections found"); Console.WriteLine(rate.ToString()); }
private void device_OnPacketArrival(object sender, CaptureEventArgs e) { var packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data); try { var tcpPacket = packet.Extract <TcpPacket>(); // only pass tcp packets to the tcpConnectionManager if (tcpPacket != null) { _tcpConnectionManager.ProcessPacket(e.Packet.Timeval, tcpPacket); } } catch { } }
public void ConnectionEstablishResetIgnored() { string captureFN = "tcp_stream_with_disconnect_and_reset.pcap"; string captureFilename = capturePre + captureFN; // open the offline file var dev = new CaptureFileReaderDevice(captureFilename); dev.Open(); Assert.True(dev != null, "failed to open " + captureFilename); int expectedConnectionsFound = 1; int connectionsFound = 0; var tcpConnectionManager = new TcpConnectionManager(); tcpConnectionManager.OnConnectionFound += delegate(TcpConnection c) { Console.WriteLine("found connection"); connectionsFound++; }; tcpConnectionManager.OnConnectionFound += HandleTcpConnectionManagerOnConnectionFound; GetPacketStatus status; PacketCapture e; while ((status = dev.GetNextPacket(out e)) == GetPacketStatus.PacketRead) { var rawCapture = e.GetPacket(); var p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data); var tcpPacket = p.Extract <TcpPacket>(); if (tcpPacket != null) { // Console.WriteLine("{0}", tcpPacket.ToString()); tcpConnectionManager.ProcessPacket(rawCapture.Timeval, tcpPacket); } } Assert.Equal(expectedConnectionsFound, connectionsFound); }
/// <summary> /// Prints the time and length of each received packet /// </summary> private static void device_OnPacketArrival(object sender, CaptureEventArgs e) { #if false var time = e.Packet.Timeval.Date; var len = e.Packet.Data.Length; Console.WriteLine("{0}:{1}:{2},{3} Len={4}", time.Hour, time.Minute, time.Second, time.Millisecond, len); Console.WriteLine(e.Packet.ToString()); #endif var p = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data); var tcpPacket = p.Extract <TcpPacket>(); if (tcpPacket == null) { return; } log.Debug("passing packet to TcpConnectionManager"); tcpConnectionManager.ProcessPacket(e.Packet.Timeval, tcpPacket); }
private List <MemoryStream> packetParserUsingDotnetConnections(String capFile) { //Open packet file //String capFile = ""; ICaptureDevice device; try { // Get an offline device device = new CaptureFileReaderDevice(capFile); // tcpdump filter to capture only TCP/IP packets string filter = "ip and (tcp or udp)"; //Convert to flows //string tcpFilter = "tcp.stream eq 1"; //string udpFilter = "udp.stream==1"; device.Filter = filter; // Open the device device.Open(); } catch (Exception e) { Console.WriteLine("Error - Caught exception when opening file" + e.ToString()); return(null); } RawCapture packets; List <byte> bytesList = new List <byte>(); List <NetFlow> tcpNetFlows = new List <NetFlow>(); List <NetFlow> udpNetFlows = new List <NetFlow>(); TcpConnectionManager tcpConnectionManager = new TcpConnectionManager(); tcpConnectionManager.OnConnectionFound += HandleTcpConnectionManagerOnConnectionFound; // Capture packets using GetNextPacket() while ((packets = device.GetNextPacket()) != null) { var p = PacketDotNet.Packet.ParsePacket(packets.LinkLayerType, packets.Data); var tcpPacket = p.Extract <PacketDotNet.TcpPacket>(); var udpPacket = p.Extract <PacketDotNet.UdpPacket>(); //tcpPacket, also requires assembling packets into proper sequences if (tcpPacket != null) { tcpConnectionManager.ProcessPacket(packets.Timeval, tcpPacket); var ipPacket = (PacketDotNet.IPPacket)tcpPacket.ParentPacket; System.Net.IPAddress srcIp = ipPacket.SourceAddress; System.Net.IPAddress dstIp = ipPacket.DestinationAddress; int srcPort = tcpPacket.SourcePort; int dstPort = tcpPacket.DestinationPort; } //Console.WriteLine(p.ToString()); } // Print out the device statistics //Console.WriteLine(device.Statistics.ToString()); //Close the pcap device device.Close(); //MemoryStream memoryStream = new MemoryStream(bytesList.ToArray()); // Dictionary<TcpFlow, List<Entry>> TcpPackets List <MemoryStream> memoryStreams = new List <MemoryStream>(); MemoryStream memoryStream = null; foreach (KeyValuePair <TcpFlow, List <Entry> > entry in TcpPackets) { // do something with entry.Value or entry.Key foreach (var pkt in entry.Value) { if (pkt.Packet.HasPayloadData) { memoryStream = new MemoryStream(); memoryStream.Write(pkt.Packet.PayloadData, 0, pkt.Packet.PayloadData.Length); memoryStreams.Add(memoryStream); } } } return(memoryStreams); }