public void CheckDevicesCapture_TcpAndIpInfoExtracted()
{
string destinationIpAddress = string.Empty;
string sourceIpAddress = string.Empty;
int destinationPort = 0;
int sourcePort = 0;
//Arrange
var captureDevice = new TestCaptureDevice();
//Act
SharpPcapInformationSource networkInformationSource = new SharpPcapInformationSource(captureDevice, 2000);
networkInformationSource.NetworkAlert += delegate(object sender, EventArgs e) {
if (e is NetworkEventArgs)
{
NetworkEventArgs nArgs = e as NetworkEventArgs;
destinationIpAddress = nArgs.DestinationIpAddress;
sourceIpAddress = nArgs.SourceIpAddress;
destinationPort = nArgs.DestinationPort;
sourcePort = nArgs.SourcePort;
}
};
networkInformationSource.StartListening();
//Internet Protocol Version 4, Src: 62.181.194.206, Dst: 192.168.13.85
//Transmission Control Protocol, Src Port: 21 (21), Dst Port: 64435 (64435), Seq: 1, Ack: 1, Len: 28
//Assert
Assert.AreEqual("192.168.13.85", destinationIpAddress);
Assert.AreEqual("62.181.194.206", sourceIpAddress);
Assert.AreEqual(64435, destinationPort);
Assert.AreEqual(21, sourcePort);
}
public async Task CreatePortScanSensor_PortScanPackets_PortScanAlertCtreated()
{
//arrange
string connectionString = @"Data Source=(localdb)\MSSQLLocalDB;Initial Catalog=IDSDB;Persist Security Info=True;User ID=cyberproduct;Password=x2000; Connect Timeout=600;Max Pool Size = 200;Pooling = True";
IDataAgent datagAgent = new EfDataAgent(connectionString);
DatabaseReporter reportAgent = new DatabaseReporter(datagAgent);
RawCapture[] trafficDataForTest = CreatePortScanNetworkDataForTest();
var captureDevice = new TestCaptureDevice(trafficDataForTest);
SharpPcapInformationSource networkInformationSource = new SharpPcapInformationSource(captureDevice, 2000);
string protectedHostIpAddress = "192.168.100.102";
IRule portScanRule = new PortScanRule(protectedHostIpAddress, 8);
Sensor hostScanSensor = new Sensor(networkInformationSource, portScanRule, reportAgent);
using (TransactionScope transaction = new TransactionScope(TransactionScopeAsyncFlowOption.Enabled))
{
//act
hostScanSensor.Start();
await TestPause();
int numberofPostScanAlerts = datagAgent.CountAlerts();
//assert
Assert.AreEqual(3, numberofPostScanAlerts);
}
}
public async Task TestTestReporter_ReportsSucessfully()
{
//arrange
IReportAgent reportAgent = NSubstitute.Substitute.For <IReportAgent>();
var captureDevice = new TestCaptureDevice();
SharpPcapInformationSource networkInformationSource = new SharpPcapInformationSource(captureDevice, 2000);
SimpleRule simpleRule = new SimpleRule("FTP");
Sensor sensor = new Sensor(networkInformationSource, simpleRule, reportAgent);
//act
sensor.Start();
await TestPause();
//assert
reportAgent.ReceivedWithAnyArgs().ReportPacketCaptured(null);
}
public void CheckDevicesCapture_FtpNetworkTrafficDataFound()
{
//Arrange
var captureDevice = new TestCaptureDevice();
bool ftpCaptureOccured = false;
//Act
SharpPcapInformationSource networkInformationSource = new SharpPcapInformationSource(captureDevice, 2000);
networkInformationSource.NetworkAlert += delegate {
ftpCaptureOccured = true;
};
networkInformationSource.StartListening();
//Assert
Assert.IsTrue(ftpCaptureOccured);
}
