// get info from the database
// search for the entire packet for the same
// update the table and the database
public static void startAnalysis()
{
while (1 > 0)
{
MySqlDataReader icmp_packets = DBConn.getICMPPackets();
Console.WriteLine("Packets retrieved");
if (icmp_packets == null)
{
Thread.Sleep(1000);
continue;
}
Console.WriteLine(icmp_packets.HasRows);
if (!icmp_packets.HasRows)
{
//1000 second timeout
icmp_packets.Close();
Thread.Sleep(1000);
Console.WriteLine("Sleep mode");
}
else
{
while(icmp_packets.Read())
{
LogRecord obj = new LogRecord();
obj.TimeStamp = icmp_packets[0]+"";
obj.Source_IP = icmp_packets[1]+"";
obj.Attack_Type = "Ping warning";
DBConn.insertLog(obj);
MessageBox.Show("Someone is pinging");
Console.WriteLine("Possible ping request");
//RowStyle rs = new RowStyle();
//DataRow workRow = Form1.dataSet1.NewRow();
//Form1.tableLayoutPanel1.RowStyles.Add(new RowStyle("possible ping occuring"));
}
icmp_packets.Close();
DBConn.clearICMPRecords();
}
}
}
//create threads to analyze the three table records
public static void run()
{
DBConn.Initialize();
DBConn.clearICMPRecords();
DBConn.clearTCPRecords();
DBConn.clearUDPRecords();
Console.WriteLine("DB initialized");
/*
* ThreadStart childref = new ThreadStart(ICMPAnalysis.startAnalysis);
*
* Thread childThread = new Thread(childref);
* childThread.Start();
*/
//Res obj = new Res();
obj.Show();
//ThreadStart childref2 = new ThreadStart(TCPAnalysis.startAnalysis);
TCPAnalysis.startAnalysis();
//Thread childThread2 = new Thread(childref2);
//childThread2.Start();
}
public static void startAnalysis()
{
TCP_Packet_Info obj = new TCP_Packet_Info();
while (1 > 0)
{
MySqlDataReader tcp_packets = DBConn.getTCPPackets();
Console.WriteLine("Packets retrieved");
if (tcp_packets == null)
{
Thread.Sleep(1000);
continue;
}
//Console.WriteLine(tcp_packets.HasRows);
if (!tcp_packets.HasRows)
{
//1000 second timeout
tcp_packets.Close();
Thread.Sleep(1000);
Console.WriteLine("Sleep mode");
}
else
{
while (tcp_packets.Read())
{
obj.Time_Stamp = tcp_packets[0] + "";
obj.Source_IP = tcp_packets[1] + "";
obj.Source_Port = tcp_packets[2] + "";
obj.Dest_IP = tcp_packets[3] + "";
obj.Dest_Port = tcp_packets[4] + "";
obj.SYN_Flag = Int32.Parse(tcp_packets[6] + "");
obj.ACK_Flag = Int32.Parse(tcp_packets[7] + "");
obj.FIN_Flag = Int32.Parse(tcp_packets[8] + "");
bool reverseTCPstatus = scanReverseTCP(obj);
Console.WriteLine(reverseTCPstatus);
if (reverseTCPstatus == true)
{
LogRecord lg = new LogRecord();
MessageBox.Show("Possible Reverse TCP being established");
lg.Attack_Type = "Reverse_TCP";
lg.Source_IP = obj.Source_IP;
lg.TimeStamp = obj.Time_Stamp;
Analysis.obj.addNode(lg);
//Analysis.obj.addNode(lg);
//DBConn.insertLog(lg);
}
// MessageBox.Show("Someone is pinging");
//Console.WriteLine("Possible ping request");
//RowStyle rs = new RowStyle();
//DataRow workRow = Form1.dataSet1.NewRow();
//Form1.tableLayoutPanel1.RowStyles.Add(new RowStyle("possible ping occuring"));
}
tcp_packets.Close();
DBConn.clearICMPRecords();
}
}
}