private string SetSQLString(ProcessingAllData p)
{
string id;
string data_id;
string protocol;
string length;
string sourceAddress;
string destinationAddress;
string time;
string data;
id = p.Id;
data_id = p.Id;
protocol = p.Protocol;
length = p.Length;
sourceAddress = re2.Replace(p.SourceAddress, "");
destinationAddress = re2.Replace(p.DestinationAddress, "");
time = re2.Replace(p.Time, "");
data = re1.Replace(p.Data, "''");
time = re3.Replace(time, "");
//time = "1";
//protocol = "1";
//sourceAddress = "1";
//destinationAddress = "1";
//protocol = "tcp";
//time = "1";
//data = "123456";
return("insert into all_info(data_id,protocol,length,sourceAddress,destinationAddress,time,data) values('" + data_id + "','" + protocol + "','" + length + "','" + sourceAddress + "','" + destinationAddress + "','" + time + "','" + data + "')");
//re.Replace(m.ToString(), "");
}
/// 将分析好的数据添加到列表
private void ShowDataRows(RawCapture packet)
{
try
{
temp_packetIndex = packetIndex + 1;
dataGridPacket.Rows.Add(rowsBulider.Row(packet, temp_packetIndex));//加载DataGridRows;
string[] rowsLinebuffer = new string[7];
rowsLinebuffer = rowsBulider.Row(packet, ++packetIndex);
Console.WriteLine("rowsLinebuffer is " + rowsLinebuffer.Length);
if (rowsLinebuffer[1] == "TCP" || rowsLinebuffer[1] == "SMTP" || rowsLinebuffer[1] == "POP3" || rowsLinebuffer[1] == "HTTP" || rowsLinebuffer[1] == "OICQ")
{
rowData = new ProcessingAllData();
rowData.Id = rowsLinebuffer[0];
rowData.Protocol = rowsLinebuffer[1];
rowData.Length = rowsLinebuffer[2];
rowData.SourceAddress = rowsLinebuffer[3];
rowData.DestinationAddress = rowsLinebuffer[4];
rowData.HardwareType = rowsLinebuffer[5];
rowData.Time = rowsLinebuffer[6];
rowData.BinaryData = packet.Data;
rowData.Data = HexConvert.ConvertToAscii(packet.Data);
//添加总的数据
lock (padList.SyncRoot)
{
padList.Add(rowData);
}
//saveAllData.SaveAll(saveAllData.MyConnect,rowData);
if (rowsLinebuffer[1] == "OICQ")
{
pqll = new ProcessingQQLoginLogout();
countQQ += pqll.Analysis(rowData);
if (pqll.QqLogin == 1 || pqll.QqLogin == 2)
{
lock (pqllList.SyncRoot)
{
pqllList.Add(pqll);
//这里写存入数据库的代码
}
}
}
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
this.qqNoticeLabel.Text = "已捕获QQ上下线记录" + countQQ + "条";
}
/// <summary>
/// 将分析好的数据添加到列表
/// </summary>
/// <param name="packet"></param>
private void AddDataToList(RawCapture packet)
{
Console.Write("AddDataToList");
try
{
string[] rowsLinebuffer = new string[7];
rowsLinebuffer = rowsBulider.Row(packet, ++packetIndex);
if (rowsLinebuffer[1] == "TCP" || rowsLinebuffer[1] == "SMTP" || rowsLinebuffer[1] == "POP3" || rowsLinebuffer[1] == "HTTP" || rowsLinebuffer[1] == "OICQ")
{
rowData = new ProcessingAllData();
rowData.Id = rowsLinebuffer[0];
rowData.Protocol = rowsLinebuffer[1];
rowData.Length = rowsLinebuffer[2];
rowData.SourceAddress = rowsLinebuffer[3];
rowData.DestinationAddress = rowsLinebuffer[4];
rowData.HardwareType = rowsLinebuffer[5];
rowData.Time = rowsLinebuffer[6];
rowData.BinaryData = packet.Data; //?
rowData.Data = HexConvert.ConvertToAscii(packet.Data);
//添加总的数据
lock (padList.SyncRoot)
{
padList.Add(rowData);
}
if (rowsLinebuffer[1] == "OICQ")
{
pqll = new ProcessingQQLoginLogout();
countQQ += pqll.Analysis(rowData);
if (pqll.QqLogin == 1 || pqll.QqLogin == 2)
{
lock (pqllList.SyncRoot)
{
pqllList.Add(pqll);
//这里写存入数据库的代码
}
}
}
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
//this.staffNoticeLabel.Text = "今日新增记录" + countBehave + "条";
this.qqNoticeLabel.Text = "今日新增记录" + countQQ + "条";
}
public int Analysis(ProcessingAllData data)
{
this.QqID = (data.BinaryData[49] * 256 * 256 * 256 + data.BinaryData[50] * 256 * 256 +
data.BinaryData[51] * 256 + data.BinaryData[52]).ToString();
this.Time = data.Time;
this.QqIP = data.SourceAddress;
if (data.BinaryData[45] == (byte)(0x08) && data.BinaryData[46] == (byte)(0x25))
{
this.QqLogin = 1;
return(1);
}
else if (data.BinaryData[45] == (byte)(0x00) && data.BinaryData[46] == (byte)(0x62))
{
this.QqLogin = 2;
return(1);
}
return(0);
}
public string Analysis(ProcessingAllData data, Hashtable ht, ProcessingBehaveList <ProcessingBehave> pbList)
{
String keys = "key";
foreach (String key in ht.Keys)
{
if (data.Data.Contains(key) || data.Data.Contains(key))
{
this.UserIPA = data.SourceAddress;
this.UserIPB = data.DestinationAddress;
this.time = data.Time;
this.protocol = data.HardwareType;
string str = ht[key].ToString();
string[] strs = str.Split(',');
this.reason = strs[0];
this.detailReason = strs[1];
Console.WriteLine("reason= " + str[0] + "detailReason= " + detailReason);
lock (pbList.SyncRoot)
{
pbList.Add(this);
}
keys = key;
}
//if (data.Data.Contains(key) || data.Data.Contains(key))
//{
// this.UserIPA = data.SourceAddress;
// this.UserIPB = data.DestinationAddress;
// this.time = data.Time;
// this.protocol = data.HardwareType;
// this.reason = (String)ht[key];
// lock (pbList.SyncRoot)
// {
// pbList.Add(this);
// }
// keys = key;
//}
}
return(keys);
}
public void SaveAll(MySqlConnection myConnect, ProcessingAllData rowData)
{
myConnect.Open();
string sql = "";
MySqlCommand myCmd = null;
///
sql = SetSQLString(rowData);
Debug.WriteLine(sql);
try
{
myCmd = new MySqlCommand(get_uft8(sql), myConnect);
myCmd.ExecuteNonQuery();
}
finally
{
myConnect.Close();
}
//MySqlCommand mycmd = new MySqlCommand("insert into buyer(name,password,email) values('小王','dikd3939','*****@*****.**')", mycon);
}
private void ShowDataRows(RawCapture packet)
{
try
{
temp_packetIndex = packetIndex + 1;
dataGridPacket.Rows.Add(rowsBulider.Row(packet, temp_packetIndex));//加载DataGridRows;
string[] rowsLinebuffer = new string[7];
rowsLinebuffer = rowsBulider.Row(packet, ++packetIndex);
//Console.WriteLine("rowsLinebuffer的长度是:"+ rowsLinebuffer.Length);
if (rowsLinebuffer[1] == "TCP" || rowsLinebuffer[1] == "SMTP" || rowsLinebuffer[1] == "POP3" || rowsLinebuffer[1] == "HTTP" || rowsLinebuffer[1] == "OICQ")
{
rowData = new ProcessingAllData();
rowData.Id = rowsLinebuffer[0];
rowData.Protocol = rowsLinebuffer[1];
rowData.Length = rowsLinebuffer[2];
rowData.SourceAddress = rowsLinebuffer[3];
rowData.DestinationAddress = rowsLinebuffer[4];
rowData.HardwareType = rowsLinebuffer[5];
//Console.WriteLine("305 索引前rowsLinebuffer的长度是:" + rowsLinebuffer.Length);
rowData.Time = rowsLinebuffer[6];
//Console.WriteLine("308 索引后rowsLinebuffer的长度是:" + rowsLinebuffer.Length);
rowData.BinaryData = packet.Data; //?
rowData.Data = HexConvert.ConvertToAscii(packet.Data);
//Console.WriteLine("311 rowsLinebuffer的长度是:" + rowsLinebuffer.Length);
//添加总的数据
lock (padList.SyncRoot)
{
padList.Add(rowData);
}
if (rowsLinebuffer[1] == "OICQ")
{
pqll = new ProcessingQQLoginLogout();
countQQ += pqll.Analysis(rowData);
if (pqll.QqLogin == 1 || pqll.QqLogin == 2)
{
lock (pqllList.SyncRoot)
{
pqllList.Add(pqll);
//这里写存入数据库的代码
saveAllData.SaveAll(saveAllData.MyConnect, pqll);
}
}
}
//员工行为
if (rowsLinebuffer[1] == "TCP" || rowsLinebuffer[1] == "HTTP")
{
pb = new ProcessingBehave();
String key = pb.Analysis(rowData, ht, pbList);
if (!key.Equals("key"))
{
ht.Remove(key);
countBehave++;
saveAllData.SaveAll(saveAllData.MyConnect, pb);
}
}
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
this.qqNoticeLabel.Text = "已捕获QQ上下线记录" + countQQ + "条";
this.staffNoticeLabel.Text = "已捕获影音娱乐记录" + countBehave + "条";
}