//Helper function which returns the information contained in the UDP header as a //tree node private TreeNode MakeUDPTreeNode(UDPHeader udpHeader) { TreeNode udpNode = new TreeNode(); udpNode.Text = "UDP"; udpNode.Nodes.Add("Source Port: " + udpHeader.SourcePort); udpNode.Nodes.Add("Destination Port: " + udpHeader.DestinationPort); udpNode.Nodes.Add("Length: " + udpHeader.Length); udpNode.Nodes.Add("Checksum: " + udpHeader.Checksum); return(udpNode); }
public void ParseData(byte[] byteData, int nReceived) { TreeNode rootNode = new TreeNode(); AdFunctions adfunc_call = new AdFunctions(); //Since all protocol packets are encapsulated in the IP datagram //so we start by parsing the IP header and see what protocol data //is being carried by it IPHeader ipHeader = new IPHeader(byteData, nReceived); TreeNode ipNode = MakeIPTreeNode(ipHeader); rootNode.Nodes.Add(ipNode); //Now according to the protocol being carried by the IP datagram we parse //the data field of the datagram switch (ipHeader.ProtocolType) { case Protocol.TCP: TCPHeader tcpHeader = new TCPHeader(ipHeader.Data, //IPHeader.Data stores the data being //carried by the IP datagram ipHeader.MessageLength); //Length of the data field TreeNode tcpNode = MakeTCPTreeNode(tcpHeader); rootNode.Nodes.Add(tcpNode); //If the port is equal to 53 then the underlying protocol is DNS //Note: DNS can use either TCP or UDP thats why the check is done twice if (tcpHeader.DestinationPort == "53" || tcpHeader.SourcePort == "53") { TreeNode dnsNode = MakeDNSTreeNode(tcpHeader.Data, (int)tcpHeader.MessageLength); rootNode.Nodes.Add(dnsNode); } break; case Protocol.UDP: UDPHeader udpHeader = new UDPHeader(ipHeader.Data, //IPHeader.Data stores the data being //carried by the IP datagram (int)ipHeader.MessageLength); //Length of the data field //Вывов функции по определению подозрительных UDP пакетов adfunc_call.susp_node(Convert.ToInt32(udpHeader.Length), rootNode); TreeNode udpNode = MakeUDPTreeNode(udpHeader); rootNode.Nodes.Add(udpNode); //If the port is equal to 53 then the underlying protocol is DNS //Note: DNS can use either TCP or UDP thats why the check is done twice if (udpHeader.DestinationPort == "53" || udpHeader.SourcePort == "53") { TreeNode dnsNode = MakeDNSTreeNode(udpHeader.Data, //Length of UDP header is always eight bytes so we subtract that out of the total //length to find the length of the data Convert.ToInt32(udpHeader.Length) - 8); rootNode.Nodes.Add(dnsNode); } break; case Protocol.Unknown: MessageBox.Show("Unknown protocol receaved. Maybe someone is trying to get access to your computer."); break; } AddTreeNode addTreeNode = new AddTreeNode(OnAddTreeNode); rootNode.Text = "From " + ipHeader.SourceAddress.ToString() + " to " + ipHeader.DestinationAddress.ToString(); //Adfunc call pack_count += 1; adfunc_call.Ip_List(ipHeader.SourceAddress.ToString(), ipHeader.DestinationAddress.ToString()); //Thread safe adding of the nodes treeView.Invoke(addTreeNode, new object[] { rootNode }); }