public void CheckDevicesCapture_TcpAndIpInfoExtracted() { string destinationIpAddress = string.Empty; string sourceIpAddress = string.Empty; int destinationPort = 0; int sourcePort = 0; //Arrange var captureDevice = new TestCaptureDevice(); //Act SharpPcapInformationSource networkInformationSource = new SharpPcapInformationSource(captureDevice, 2000); networkInformationSource.NetworkAlert += delegate(object sender, EventArgs e) { if (e is NetworkEventArgs) { NetworkEventArgs nArgs = e as NetworkEventArgs; destinationIpAddress = nArgs.DestinationIpAddress; sourceIpAddress = nArgs.SourceIpAddress; destinationPort = nArgs.DestinationPort; sourcePort = nArgs.SourcePort; } }; networkInformationSource.StartListening(); //Internet Protocol Version 4, Src: 62.181.194.206, Dst: 192.168.13.85 //Transmission Control Protocol, Src Port: 21 (21), Dst Port: 64435 (64435), Seq: 1, Ack: 1, Len: 28 //Assert Assert.AreEqual("192.168.13.85", destinationIpAddress); Assert.AreEqual("62.181.194.206", sourceIpAddress); Assert.AreEqual(64435, destinationPort); Assert.AreEqual(21, sourcePort); }
public async Task CreatePortScanSensor_PortScanPackets_PortScanAlertCtreated() { //arrange string connectionString = @"Data Source=(localdb)\MSSQLLocalDB;Initial Catalog=IDSDB;Persist Security Info=True;User ID=cyberproduct;Password=x2000; Connect Timeout=600;Max Pool Size = 200;Pooling = True"; IDataAgent datagAgent = new EfDataAgent(connectionString); DatabaseReporter reportAgent = new DatabaseReporter(datagAgent); RawCapture[] trafficDataForTest = CreatePortScanNetworkDataForTest(); var captureDevice = new TestCaptureDevice(trafficDataForTest); SharpPcapInformationSource networkInformationSource = new SharpPcapInformationSource(captureDevice, 2000); string protectedHostIpAddress = "192.168.100.102"; IRule portScanRule = new PortScanRule(protectedHostIpAddress, 8); Sensor hostScanSensor = new Sensor(networkInformationSource, portScanRule, reportAgent); using (TransactionScope transaction = new TransactionScope(TransactionScopeAsyncFlowOption.Enabled)) { //act hostScanSensor.Start(); await TestPause(); int numberofPostScanAlerts = datagAgent.CountAlerts(); //assert Assert.AreEqual(3, numberofPostScanAlerts); } }
public async Task TestTestReporter_ReportsSucessfully() { //arrange IReportAgent reportAgent = NSubstitute.Substitute.For <IReportAgent>(); var captureDevice = new TestCaptureDevice(); SharpPcapInformationSource networkInformationSource = new SharpPcapInformationSource(captureDevice, 2000); SimpleRule simpleRule = new SimpleRule("FTP"); Sensor sensor = new Sensor(networkInformationSource, simpleRule, reportAgent); //act sensor.Start(); await TestPause(); //assert reportAgent.ReceivedWithAnyArgs().ReportPacketCaptured(null); }
public void CheckDevicesCapture_FtpNetworkTrafficDataFound() { //Arrange var captureDevice = new TestCaptureDevice(); bool ftpCaptureOccured = false; //Act SharpPcapInformationSource networkInformationSource = new SharpPcapInformationSource(captureDevice, 2000); networkInformationSource.NetworkAlert += delegate { ftpCaptureOccured = true; }; networkInformationSource.StartListening(); //Assert Assert.IsTrue(ftpCaptureOccured); }