public void SetFilter()
{
var device = new CaptureFileReaderDevice("../../capture_files/test_stream.pcap");
device.Open();
device.Filter = "port 53";
RawCapture rawPacket;
int count = 0;
do
{
rawPacket = device.GetNextPacket();
if (rawPacket != null)
{
Packet p = Packet.ParsePacket(rawPacket.LinkLayerType, rawPacket.Data);
var udpPacket = UdpPacket.GetEncapsulated(p);
Assert.IsNotNull(udpPacket);
int dnsPort = 53;
Assert.AreEqual(dnsPort, udpPacket.DestinationPort);
count++;
}
} while(rawPacket != null);
Assert.AreEqual(1, count);
device.Close(); // close the device
}
private static void device_OnPacketArrival(object sender, CaptureEventArgs e)
{
try
{
Kavprot.Packets.Packet packet = Kavprot.Packets.Packet.ParsePacket(e.Packet);
if (packet is Kavprot.Packets.EthernetPacket)
{
var ip = Kavprot.Packets.IpPacket.GetEncapsulated(packet);
if (ip.Protocol == Kavprot.Packets.IPProtocolType.TCP)
{
TcpPacket tcp = TcpPacket.GetEncapsulated(packet);
if (tcp != null)
{
Alert.Attack("Intrusion Detected", "an intrusion was detected using TCP from " + ip.SourceAddress.ToString() + " @port " + tcp.SourcePort.ToString(), ToolTipIcon.Warning, true);
}
}
else if (ip.Protocol == Kavprot.Packets.IPProtocolType.UDP)
{
UdpPacket udp = UdpPacket.GetEncapsulated(packet);
if (udp != null)
{
Alert.Attack("Intrusion Detected", "an intrusion was detected using UDP from " + ip.SourceAddress.ToString() + " @port " + udp.SourcePort.ToString(), ToolTipIcon.Warning, true);
}
}
else if (ip.Protocol == Kavprot.Packets.IPProtocolType.IGMP)
{
IGMPv2Packet igmp = IGMPv2Packet.GetEncapsulated(packet);
if (igmp != null)
{
Alert.Attack("Intrusion Detected : Unwanted IGMP Packet", "an intrusion was detected using IGMP from " + ip.SourceAddress.ToString(), ToolTipIcon.Warning, true);
}
}
else if (ip.Protocol == Kavprot.Packets.IPProtocolType.ICMPV6)
{
ICMPv6Packet icmp6 = ICMPv6Packet.GetEncapsulated(packet);
if (icmp6 != null)
{
Alert.Attack("Intrusion Detected : Unwanted ICMPv6 Packet", "an intrusion was detected using ICMPv6 from " + ip.SourceAddress.ToString(), ToolTipIcon.Warning, true);
}
}
else if (ip.Protocol == Kavprot.Packets.IPProtocolType.ICMP)
{
ICMPv4Packet icmp4 = ICMPv4Packet.GetEncapsulated(packet);
if (icmp4 != null)
{
Alert.Attack("Intrusion Detected : Unwanted ICMPv4 Packet", "an intrusion was detected using ICMPv4 from " + ip.SourceAddress.ToString(), ToolTipIcon.Warning, true);
}
}
}
}
catch
{
}
finally
{
}
}
private void UDPHandler(Packet dotnetPacket)
{
var udpPacket = UdpPacket.GetEncapsulated(dotnetPacket);
if (udpPacket != null && udpPacket.DestinationPort == sendPacket.GetSourcePort())
{
AssertReplyPacketData(udpPacket.PayloadData);
}
}
/// <summary>
/// Prints the source and dest IP and MAC addresses of each received Ethernet frame
/// </summary>
private static void device_OnPacketArrival(object sender, CaptureEventArgs e)
{
checksum = "";
TcpPacket tcp;
UdpPacket udp;
if (e.Packet.LinkLayerType == PacketDotNet.LinkLayers.Ethernet)
{
var packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
if ((PacketDotNet.EthernetPacket)packet != null)
{
var ethernetPacket = (PacketDotNet.EthernetPacket)packet;
if (TcpPacket.GetEncapsulated(packet) != null)
{
tcp = TcpPacket.GetEncapsulated(packet);
checksum = tcp.Checksum.ToString();
}
else if (UdpPacket.GetEncapsulated(packet) != null)
{
udp = UdpPacket.GetEncapsulated(packet);
checksum = udp.Checksum.ToString();
}
if (IpPacket.GetEncapsulated(packet) != null)
{
var ipPacket = IpPacket.GetEncapsulated(packet);
_listview.Items.Add(new MyPacket
{
Id = packetIndex,
Time = e.Packet.Timeval.Date.ToString() + "." + e.Packet.Timeval.MicroSeconds.ToString(),
SourceIP = ipPacket.SourceAddress.ToString(),
DestIP = ipPacket.DestinationAddress.ToString(),
SourceMac = ethernetPacket.SourceHwAddress.ToString(),
DestMac = ethernetPacket.DestinationHwAddress.ToString(),
Checksum = checksum,
Length = packet.Bytes.Length
});
packets.Add(new MyPacket
{
Id = packetIndex,
Time = e.Packet.Timeval.Date.ToString(),
SourceIP = ipPacket.SourceAddress.MapToIPv4().ToString(),
DestIP = ipPacket.DestinationAddress.MapToIPv4().ToString(),
SourceMac = ethernetPacket.SourceHwAddress.ToString(),
DestMac = ethernetPacket.DestinationHwAddress.ToString(),
Checksum = checksum,
Length = packet.Bytes.Length
});
packetIndex++;
}
}
}
}
public PacketDetials(Packet packet)
{
this.packet = packet;
ethernetPacket = EthernetPacket.GetEncapsulated(packet);
if (ethernetPacket != null)
{
typeName = "Ethernet";
}
ipPacket = IpPacket.GetEncapsulated(packet);
if (ipPacket != null)
{
typeName = "Ip";
}
arpPacket = ARPPacket.GetEncapsulated(packet);
if (arpPacket != null)
{
typeName = "ARP";
}
icmpv4Packet = ICMPv4Packet.GetEncapsulated(packet);
if (icmpv4Packet != null)
{
typeName = "ICMPv4";
}
icmpv6Packet = ICMPv6Packet.GetEncapsulated(packet);
if (icmpv6Packet != null)
{
typeName = "ICMPv6";
}
igmpv2Packet = IGMPv2Packet.GetEncapsulated(packet);
if (igmpv2Packet != null)
{
typeName = "IGMPv2";
}
pppoePacket = PPPoEPacket.GetEncapsulated(packet);
if (pppoePacket != null)
{
typeName = "PPPoE";
}
pppPacket = PPPPacket.GetEncapsulated(packet);
if (pppPacket != null)
{
typeName = "PPP";
}
tcpPacket = TcpPacket.GetEncapsulated(packet);
if (tcpPacket != null)
{
typeName = "TCP";
}
udpPacket = UdpPacket.GetEncapsulated(packet);
if (udpPacket != null)
{
typeName = "UDP";
}
}
private void ipNext(IpPacket ip)
{
PayLoadData = ip.PayloadData;
switch (ip.NextHeader)
{
case IPProtocolType.TCP: //最终协议为TCP
TcpPacket tcp = TcpPacket.GetEncapsulated(packet);
TCP(tcp);
break;
case IPProtocolType.UDP:
UdpPacket udp = UdpPacket.GetEncapsulated(packet);
UDP(udp);
break;
case IPProtocolType.ICMP:
ICMPv4Packet icmp = ICMPv4Packet.GetEncapsulated(packet);
ICMPv4(icmp);
break;
case IPProtocolType.ICMPV6:
ICMPv6Packet icmpv6 = ICMPv6Packet.GetEncapsulated(packet);
ICMPv6(icmpv6);
break;
case IPProtocolType.IGMP:
IGMPv2Packet igmp = IGMPv2Packet.GetEncapsulated(packet);
IGMP(igmp);
break;
case IPProtocolType.IPV6:
List <byte> packetData = new List <byte>();
byte[] tmp = new byte[] { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
packetData.AddRange(tmp);
packetData.AddRange(new byte[] { 0x86, 0xdd });
packetData.AddRange(ip.PayloadData);
Packet p = Packet.ParsePacket(LinkLayers.Ethernet, packetData.ToArray());
IPv6Packet ip6 = (IPv6Packet)IPv6Packet.GetEncapsulated(p);
IPv6(ip6);
packet = p;
ipNext(ip6 as IpPacket);
break;
case IPProtocolType.GRE:
GREPacket gre = new GREPacket(ip.PayloadData);
GRE(gre);
break;
}
}
private void AddPacketToList(CaptureEventArgs packet)
{
DateTime time = packet.Packet.Timeval.Date;
int len = packet.Packet.Data.Length;
// 解析
try
{
var pac = PacketDotNet.Packet.ParsePacket(packet.Packet.LinkLayerType, packet.Packet.Data);
TcpPacket tcpPacket = TcpPacket.GetEncapsulated(pac);
UdpPacket udpPacket = UdpPacket.GetEncapsulated(pac);
if (tcpPacket != null)
{
var ipPacket = (PacketDotNet.IpPacket)tcpPacket.ParentPacket;
System.Net.IPAddress srcip = ipPacket.SourceAddress;
System.Net.IPAddress dstip = ipPacket.DestinationAddress;
int srcport = tcpPacket.SourcePort;
int dstport = tcpPacket.DestinationPort;
string tcpinf = String.Format("{0}:{1}:{2},{3} Len={4} {5}: {6}->{7}:{8} ", time.Hour, time.Minute, time.Second, "Tcp", len, srcip, srcport, dstip, dstport);
string t = String.Format("{0}:{1}:{2}", time.Hour, time.Minute, time.Second);
packets.Add(new PacketItem()
{
Packet = pac, time = t, length = len.ToString(), protocol = "Tcp", srcIp = srcip.ToString(), srcPort = srcport.ToString(), dstIp = dstip.ToString(), dstPort = dstport.ToString(), information = tcpinf
});
}
if (udpPacket != null)
{
var ipPacket = (PacketDotNet.IpPacket)udpPacket.ParentPacket;
System.Net.IPAddress srcip = ipPacket.SourceAddress;
System.Net.IPAddress dstip = ipPacket.DestinationAddress;
int srcport = udpPacket.SourcePort;
int dstport = udpPacket.DestinationPort;
string udpinf = String.Format("{0}:{1}:{2},{3} Len={4} {5}: {6}->{7}:{8} ", time.Hour, time.Minute, time.Second, "udp", len, srcip, srcport, dstip, dstport);
string t = String.Format("{0}:{1}:{2}", time.Hour, time.Minute, time.Second);
packets.Add(new PacketItem()
{
Packet = pac, time = t, length = len.ToString(), protocol = "udp", srcIp = srcip.ToString(), srcPort = srcport.ToString(), dstIp = dstip.ToString(), dstPort = dstport.ToString(), information = udpinf
});
//packets.Add(new PacketItem() { Packet = pac, time =udpinf });
}
}
catch (Exception ex)
{
//System.Windows.MessageBox.Show(ex.Message);
}
}
private static void device1_OnPacketArrival(object sender, CaptureEventArgs e)
{
try
{
Kavprot.Packets.Packet packet = Kavprot.Packets.Packet.ParsePacket(e.Packet);
if (packet is Kavprot.Packets.EthernetPacket)
{
var ip = Kavprot.Packets.IpPacket.GetEncapsulated(packet);
if (ip.Protocol == Kavprot.Packets.IPProtocolType.TCP)
{
TcpPacket tcp = TcpPacket.GetEncapsulated(packet);
if (tcp != null)
{
if (!tcp.IsValidChecksum(TransportPacket.TransportChecksumOption.None))
{
Alert.Attack("Intrusion Detected : Invalid TCP Checksum", "an intrusion was detected using TCP from " + ip.SourceAddress.ToString() + " @port " + tcp.SourcePort.ToString(), ToolTipIcon.Warning, true);
}
}
}
else if (ip.Protocol == Kavprot.Packets.IPProtocolType.UDP)
{
UdpPacket udp = UdpPacket.GetEncapsulated(packet);
if (udp != null)
{
if (!udp.IsValidChecksum(TransportPacket.TransportChecksumOption.None))
{
Alert.Attack("Intrusion Detected : Invalid UDP Checksum", "an intrusion was detected using UDP from " + ip.SourceAddress.ToString() + " @port " + udp.SourcePort.ToString(), ToolTipIcon.Warning, true);
}
}
}
}
}
catch
{
}
finally
{
}
}
private static void configDev_OnPacketArrival(object sender, CaptureEventArgs e)
{
//var time = e.Packet.Timeval.Date;
//var len = e.Packet.Data.Length;
var packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
UdpPacket udpPacket = UdpPacket.GetEncapsulated(packet);
if (udpPacket != null)
{
var ipPacket = (PacketDotNet.IpPacket)udpPacket.ParentPacket;
//System.Net.IPAddress srcIp = ipPacket.SourceAddress;
int srcPort = udpPacket.SourcePort;
int dstPort = udpPacket.DestinationPort;
#if debug
Console.WriteLine("端口检查");
#endif
if (srcPort == 30332 && dstPort == 30333)
{
byte[] payload = udpPacket.PayloadData;
string content = System.Text.Encoding.Default.GetString(payload); //确认包的内容
if (content == "yes")
{
config_info_confirm = true;
Console.WriteLine("{0}", config_info_confirm.ToString());
}
}
if (srcPort == 30334 & dstPort == 30335)
{
byte[] payload = udpPacket.PayloadData;
string content = System.Text.Encoding.Default.GetString(payload); //确认包的内容
FWIPinfo = content;
Console.WriteLine("{0}", FWIPinfo);
}
}
}
private void packetArrival(object sender, CaptureEventArgs e)
{
Packet p = Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
IpPacket ip = IpPacket.GetEncapsulated(p);
TcpPacket tp = TcpPacket.GetEncapsulated(p);
UdpPacket up = UdpPacket.GetEncapsulated(p);
if (ip != null)
{
if (tp != null)
{
listView.Items.Add(new ListViewItem(new String[] { e.Packet.Timeval.Date.Year + "/" + e.Packet.Timeval.Date.Month + "/" + e.Packet.Timeval.Date.Day + " " + (e.Packet.Timeval.Date.Hour + 8) + ":" + e.Packet.Timeval.Date.Minute + ":" + e.Packet.Timeval.Date.Second + ":" + e.Packet.Timeval.Date.Millisecond, "TCP", ip.SourceAddress.ToString() + ":" + tp.SourcePort.ToString(), ip.DestinationAddress.ToString() + ":" + tp.DestinationPort.ToString(), e.Packet.Data.Length.ToString() }));
datas.Add(BitConverter.ToString(e.Packet.Data));
}
else if (up != null)
{
listView.Items.Add(new ListViewItem(new String[] { e.Packet.Timeval.Date.Year + "/" + e.Packet.Timeval.Date.Month + "/" + e.Packet.Timeval.Date.Day + " " + (e.Packet.Timeval.Date.Hour + 8) + ":" + e.Packet.Timeval.Date.Minute + ":" + e.Packet.Timeval.Date.Second + ":" + e.Packet.Timeval.Date.Millisecond, "UDP", ip.SourceAddress.ToString() + ":" + up.SourcePort.ToString(), ip.DestinationAddress.ToString() + ":" + up.DestinationPort.ToString(), e.Packet.Data.Length.ToString() }));
datas.Add(BitConverter.ToString(e.Packet.Data));
}
}
totalPacketLength += e.Packet.Data.Length;
totalPacketNum++;
statusLabel.Text = "共收到" + totalPacketNum + "个数据包,总长度" + totalPacketLength;
}
/// <summary>
/// Processes the specified packet capture.
/// </summary>
/// <param name='capture'>
/// The raw data captured from the interface.
/// </param>
public DataPacket Process(RawCapture capture)
{
var dpacket = new DataPacket();
//Convert the raw data from the interface to a packet.
var spacket = Packet.ParsePacket(capture.LinkLayerType, capture.Data);
var ip = IpPacket.GetEncapsulated(spacket);
/*
* Determine if the packet is a TCP packet.
* If it is map each of the fields of the packet to the
* new storage structure.
*/
var tcp = TcpPacket.GetEncapsulated(spacket);
if (tcp != null && ip != null)
{
dpacket.IpAddressSource = ip.SourceAddress.ToString();
dpacket.IpAddressDestination = ip.DestinationAddress.ToString();
dpacket.PortSource = tcp.SourcePort;
dpacket.PortDestination = tcp.DestinationPort;
dpacket.Payload = tcp.PayloadData;
dpacket.Protocol = NetworkProtocol.tcp;
dpacket.Timestamp = DateTime.Now;
//Notify the DNS worker thread that a new packet needs lookup.
lock (DnsLookupQueue)
{
DnsLookupQueue.Enqueue(dpacket);
}
WaitHandle.Set();
return(dpacket);
}
/*
* Determine if the packet is an UDP packet.
* If it is map each of the fields of the packet to the
* new storage structure.
*/
var udp = UdpPacket.GetEncapsulated(spacket);
if (udp != null && ip != null)
{
dpacket.IpAddressSource = ip.SourceAddress.ToString();
dpacket.IpAddressDestination = ip.DestinationAddress.ToString();
dpacket.PortSource = udp.SourcePort;
dpacket.PortDestination = udp.DestinationPort;
dpacket.Payload = udp.PayloadData;
dpacket.Protocol = NetworkProtocol.udp;
dpacket.Timestamp = DateTime.Now;
//Notify the DNS worker thread that a new packet needs lookup.
lock (DnsLookupQueue)
{
DnsLookupQueue.Enqueue(dpacket);
}
WaitHandle.Set();
return(dpacket);
}
/*
* Determine if the packet is an ICMP packet.
* If it is map each of the fields of the packet to the
* new storage structure.
*/
var icmp = ICMPv4Packet.GetEncapsulated(spacket);
if (icmp != null && ip != null)
{
dpacket.IpAddressSource = ip.SourceAddress.ToString();
dpacket.IpAddressDestination = ip.DestinationAddress.ToString();
dpacket.Type = icmp.TypeCode.ToString();
dpacket.Payload = icmp.PayloadData;
dpacket.Protocol = NetworkProtocol.icmp;
dpacket.Timestamp = DateTime.Now;
//Notify the DNS worker thread that a new packet needs lookup.
lock (DnsLookupQueue)
{
DnsLookupQueue.Enqueue(dpacket);
}
WaitHandle.Set();
return(dpacket);
}
/*
* Determine if the packet is an ARP packet.
* If it is map each of the fields of the packet to the
* new storage structure.
*/
var arp = ARPPacket.GetEncapsulated(spacket);
if (arp != null)
{
dpacket.Timestamp = DateTime.Now;
dpacket.HardwareAddressSource = arp.SenderHardwareAddress.ToString();
dpacket.HardwareAddressTarget = arp.TargetHardwareAddress.ToString();
dpacket.Protocol = NetworkProtocol.arp;
dpacket.Payload = spacket.PayloadData;
return(dpacket);
}
//Console.WriteLine(" UNKNOWN TYPE: " + ((EthernetPacket)spacket).Type.ToString());
return(null);
}
//标记当前数据是否有效
#region 构建数据行
/// <summary>
/// DataGridRow
/// </summary>
/// <returns>返回字符串数据</returns>
public string[] Row(RawCapture rawPacket, uint packetID)
{
string[] rows = new string[7];
rows[0] = string.Format("{0:D7}", packetID); //编号
rows[1] = "Unknown";
rows[2] = rawPacket.Data.Length.ToString(); //数据长度bytes
rows[3] = "--";
rows[4] = "--";
rows[5] = "--";
//rows[6] = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss:fff");
rows[6] = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss");
Packet packet = Packet.ParsePacket(rawPacket.LinkLayerType, rawPacket.Data);
EthernetPacket ep = EthernetPacket.GetEncapsulated(packet);
if (ep != null)
{
rows[1] = "Ethernet(v2)";
rows[3] = Format.MacFormat(ep.SourceHwAddress.ToString());
rows[4] = Format.MacFormat(ep.DestinationHwAddress.ToString());
rows[5] = "[" + ep.Type.ToString() + "]";
#region IP
IpPacket ip = IpPacket.GetEncapsulated(packet);
if (ip != null)
{
if (ip.Version == IpVersion.IPv4)
{
rows[1] = "IPv4";
}
else
{
rows[1] = "IPv6";
}
rows[3] = ip.SourceAddress.ToString();
rows[4] = ip.DestinationAddress.ToString();
rows[5] = "[下层协议:" + ip.NextHeader.ToString() + "] [版本:" + ip.Version.ToString() + "]";
TcpPacket tcp = TcpPacket.GetEncapsulated(packet);
if (tcp != null)
{
rows[1] = "TCP";
rows[3] += " [" + tcp.SourcePort.ToString() + "]";
rows[4] += " [" + tcp.DestinationPort.ToString() + "]";
#region 25:smtp协议;80, 8080, 3128: Http; 21: FTP;
if (tcp.DestinationPort.ToString() == "25" || tcp.SourcePort.ToString() == "25")
{
rows[1] = "SMTP";
}
else if (tcp.DestinationPort.ToString() == "80" || tcp.DestinationPort.ToString() == "8080" || tcp.DestinationPort.ToString() == "3128")
{
rows[1] = "HTTP";
}
else if (tcp.DestinationPort.ToString() == "21")
{
rows[1] = "FTP";
}
else if (tcp.DestinationPort.ToString() == "143")
{
rows[1] = "POP3";
}
#endregion
return(rows);
}
UdpPacket udp = UdpPacket.GetEncapsulated(packet);
if (udp != null)
{
if (rawPacket.Data[42] == ((byte)02))
{
rows[1] = "OICQ";
}
else
{
rows[1] = "UDP";
}
rows[3] += " [" + udp.SourcePort.ToString() + "]";
rows[4] += " [" + udp.DestinationPort.ToString() + "]";
return(rows);
}
ICMPv4Packet icmpv4 = ICMPv4Packet.GetEncapsulated(packet);
if (icmpv4 != null)
{
rows[1] = "ICMPv4";
rows[5] = "[校验:" + icmpv4.Checksum.ToString() + "] [类型:" + icmpv4.TypeCode.ToString() + "] [序列号:" + icmpv4.Sequence.ToString() + "]";
return(rows);
}
ICMPv6Packet icmpv6 = ICMPv6Packet.GetEncapsulated(packet);
if (icmpv6 != null)
{
rows[1] = "ICMPv6";
rows[5] = "[Code:" + icmpv6.Code.ToString() + "] [Type" + icmpv6.Type.ToString() + "]";
return(rows);
}
IGMPv2Packet igmp = IGMPv2Packet.GetEncapsulated(packet);
if (igmp != null)
{
rows[1] = "IGMP";
rows[5] = "[只适用于IGMPv2] [组地址:" + igmp.GroupAddress.ToString() + "] [类型:" + igmp.Type.ToString() + "]";
return(rows);
}
return(rows);
}
#endregion
ARPPacket arp = ARPPacket.GetEncapsulated(packet);
if (arp != null)
{
rows[1] = "ARP";
rows[3] = Format.MacFormat(arp.SenderHardwareAddress.ToString());
rows[4] = Format.MacFormat(arp.TargetHardwareAddress.ToString());
rows[5] = "[Arp操作方式:" + arp.Operation.ToString() + "] [发送者:" + arp.SenderProtocolAddress.ToString() + "] [目标:" + arp.TargetProtocolAddress.ToString() + "]";
return(rows);
}
WakeOnLanPacket wp = WakeOnLanPacket.GetEncapsulated(packet);
if (wp != null)
{
rows[1] = "Wake On Lan";
rows[3] = Format.MacFormat(ep.SourceHwAddress.ToString());
rows[4] = Format.MacFormat(wp.DestinationMAC.ToString());
rows[5] = "[唤醒网络地址:" + wp.DestinationMAC.ToString() + "] [有效性:" + wp.IsValid().ToString() + "]";
return(rows);
}
PPPoEPacket poe = PPPoEPacket.GetEncapsulated(packet);
if (poe != null)
{
rows[1] = "PPPoE";
rows[5] = poe.Type.ToString() + " " + poe.Version.ToString();
return(rows);
}
LLDPPacket llp = LLDPPacket.GetEncapsulated(packet);
if (llp != null)
{
rows[1] = "LLDP";
rows[5] = llp.ToString();
return(rows);
}
return(rows);
}
//链路层
PPPPacket ppp = PPPPacket.GetEncapsulated(packet);
if (ppp != null)
{
rows[1] = "PPP";
rows[3] = "--";
rows[4] = "--";
rows[5] = "协议类型:" + ppp.Protocol.ToString();
return(rows);
}
//PPPSerial
PppSerialPacket ppps = PppSerialPacket.GetEncapsulated(packet);
if (ppps != null)
{
rows[1] = "PPP";
rows[3] = "--";
rows[4] = "0x" + ppps.Address.ToString("X2");
rows[5] = "地址:" + ppps.Address.ToString("X2") + " 控制:" + ppps.Control.ToString() + " 协议类型:" + ppps.Protocol.ToString();
return(rows);
}
//Cisco HDLC
CiscoHDLCPacket hdlc = CiscoHDLCPacket.GetEncapsulated(packet);
if (hdlc != null)
{
rows[1] = "Cisco HDLC";
rows[3] = "--";
rows[4] = "0x" + hdlc.Address.ToString("X2");
rows[5] = "地址:" + hdlc.Address.ToString("X2") + " 控制:" + hdlc.Control.ToString() + " 协议类型:" + hdlc.Protocol.ToString();
return(rows);
}
#region
//SmtpPacket smtp = SmtpPacket.
#endregion
PacketDotNet.Ieee80211.MacFrame ieee = Packet.ParsePacket(rawPacket.LinkLayerType, rawPacket.Data) as PacketDotNet.Ieee80211.MacFrame;
if (ieee != null)
{
rows[1] = "IEEE802.11 MacFrame";
rows[3] = "--";
rows[4] = "--";
rows[5] = "帧校验序列:" + ieee.FrameCheckSequence.ToString() + " 封装帧:" + ieee.FrameControl.ToString();
return(rows);
}
PacketDotNet.Ieee80211.RadioPacket ieeePacket = Packet.ParsePacket(rawPacket.LinkLayerType, rawPacket.Data) as PacketDotNet.Ieee80211.RadioPacket;
if (ieeePacket != null)
{
rows[1] = "IEEE Radio";
rows[5] = "Version=" + ieeePacket.Version.ToString();
}
LinuxSLLPacket linux = Packet.ParsePacket(rawPacket.LinkLayerType, rawPacket.Data) as LinuxSLLPacket;
if (linux != null)
{
rows[1] = "LinuxSLL";
rows[5] = "Tyep=" + linux.Type.ToString() + " Protocol=" + linux.EthernetProtocolType.ToString();
}
return(rows);
}
public void Handler(Packet packet)
{
var udpPacket = UdpPacket.GetEncapsulated(packet);
// if it's not udp , udpPacket will be null and we don't handle it.
if (udpPacket != null)
{
try
{
// signalling packet
SIP_Message msg = ParseSIPMessage(udpPacket.PayloadData);
if (msg != null && msg.CallID != null)
{
SDP_Message sdp = null;
Console.WriteLine("SIP capture");
try
{
sdp = SDP_Message.Parse(System.Text.Encoding.Default.GetString(msg.Data));
}
catch { }
if (msg is SIP_Request && msg.CallID != null)
{
SIP_Request r = (SIP_Request)msg;
//already containsKey
if (!Call.SIPSessions.ContainsKey(r.CallID))
{
if (r.RequestLine.Method == "INVITE")
{
Call.SIPSessions.Add(r.CallID, new Call(r.CallID));
Call.SIPSessions[r.CallID].CallerIP = ((IpPacket)udpPacket.ParentPacket).SourceAddress;
Call.SIPSessions[r.CallID].CalleeIP = ((IpPacket)udpPacket.ParentPacket).DestinationAddress;
}
else
{
return; // Ignore this conversation
}
}
// if this is an invite, do we have an audio rtp port defined?
if (r.RequestLine.Method == "INVITE")
{
if (sdp != null)
{
foreach (var a in sdp.MediaDescriptions)
{
Console.Out.WriteLine(r.CallID + " - Got RTP Media Port: " + ((IpPacket)udpPacket.ParentPacket).SourceAddress + ":" + a.Port.ToString());
if (Call.SIPSessions[r.CallID].CallerIP.ToString() == ((IpPacket)udpPacket.ParentPacket).SourceAddress.ToString())
{
Call.SIPSessions[r.CallID].CallerRTPPort = a.Port;
}
else
{
Call.SIPSessions[r.CallID].CalleeRTPPort = a.Port;
}
a.MediaFormats.GetType();
break; // First description is about audio . Second is about viedo and we don't need it, so break.
}
}
}
if (r.RequestLine.Method == "BYE")
{
if (Call.SIPSessions.ContainsKey(r.CallID))
{
// Log bye was recevied
Call.SIPSessions[r.CallID].SeenBYE = true;
// Now indicate who hung up
Call.SIPSessions[r.CallID].WhoHungUp = ((IpPacket)udpPacket.ParentPacket).SourceAddress == Call.SIPSessions[r.CallID].CallerIP ?
Call.CallDirection.Caller : Call.CallDirection.Callee;
}
else
{
Console.WriteLine("Unknown CallID: " + r.CallID);
}
}
}// if (msg is SIP_Request && msg.CallID != null)
else if (msg is SIP_Response && msg.CallID != null)
{
SIP_Response r = (SIP_Response)msg;
if (r.StatusCode != 183 && r.StatusCode != 100 && r.StatusCode != 200)
{
Call.SIPSessions[r.CallID].isEnd = true;
}
if (sdp != null)
{
foreach (var a in sdp.MediaDescriptions)
{
Console.Out.WriteLine(r.CallID + " - Got RTP Media Port: " + ((IpPacket)udpPacket.ParentPacket).SourceAddress + ":" + a.Port.ToString());
if (Call.SIPSessions[r.CallID].CallerIP.ToString() == ((IpPacket)udpPacket.ParentPacket).SourceAddress.ToString())
{
Call.SIPSessions[r.CallID].CallerRTPPort = a.Port;
}
else
{
Call.SIPSessions[r.CallID].CalleeRTPPort = a.Port;
}
break; // First description is about audio . Second is about viedo and we don't need it, so break.
}
}
if (Call.SIPSessions.ContainsKey(r.CallID))
{
if (r.StatusCodeType == SIP_StatusCodeType.Success && Call.SIPSessions[r.CallID].SeenBYE)
{
Call.SIPSessions[r.CallID].Confirmed = true;
Call.SIPSessions[r.CallID].isEnd = true;
}
}
}
// Add packet to history
if (Call.SIPSessions.ContainsKey(msg.CallID))
{
Call.SIPSessions[msg.CallID].WritePacket(packet, Call.PacketType.SIPDialog);
// Check to see is this call has been terminated
if (Call.SIPSessions[msg.CallID].Confirmed)
{
// Close off the call now last data has been written
Console.WriteLine("Call Ended: " + msg.CallID);
// Close off the call
Call.SIPSessions[msg.CallID].CloseCall();
StringBuilder file = new StringBuilder(Directory.GetCurrentDirectory() + "//" + Call.SIPSessions[msg.CallID].SIPPacketFilePathAndName);
StringBuilder StoragePath = new StringBuilder(Directory.GetCurrentDirectory() + "//" + Call.SIPSessions[msg.CallID].SIPPacketFilePath);
pacp_to_wav(file, StoragePath);
}
if (Call.SIPSessions[msg.CallID].isEnd == true)
{
Call.SIPSessions.Remove(msg.CallID);
}
}
}
else
{
Call c = Call.GetCallByRTPPort(udpPacket.SourcePort);
if (c != null)
{
c.WritePacket(packet, Call.PacketType.RTP);
}
}
}
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
}
}
}