/// <summary>
/// Creates a truncated TCP session where the initial 3 way handshake is missing
/// </summary>
/// <param name="sourceHost"></param>
/// <param name="destinationHost"></param>
/// <param name="tcpPacket"></param>
public NetworkTcpSession(NetworkHost sourceHost, NetworkHost destinationHost, Packets.TcpPacket tcpPacket, ISessionProtocolFinderFactory protocolFinderFactory)
{
//this part is used to create a cropped (truncated) session where the beginning is missing!
//this.synPacketTimestamp=tcpPacket.ParentFrame.Timestamp;
this.synPacketReceived = true;
this.synAckPacketReceived = true;
this.finPacketReceived = false;
this.sessionEstablished = false;//I will change this one soon,...
this.sessionClosed = false;
this.startFrameNumber = tcpPacket.ParentFrame.FrameNumber;
this.clientToServerTcpDataStream = null;
this.serverToClientTcpDataStream = null;
//now let's do a qualified guess of who is the server and who is client...
FiveTuple fiveTuple;
System.Collections.Generic.List <ApplicationLayerProtocol> sourcePortProtocols = new List <ApplicationLayerProtocol>(TcpPortProtocolFinder.GetProbableApplicationLayerProtocols(tcpPacket.SourcePort, tcpPacket.SourcePort));
System.Collections.Generic.List <ApplicationLayerProtocol> destinationPortProtocols = new List <ApplicationLayerProtocol>(TcpPortProtocolFinder.GetProbableApplicationLayerProtocols(tcpPacket.DestinationPort, tcpPacket.DestinationPort));
if (sourcePortProtocols.Count > destinationPortProtocols.Count) //packet is server -> client
//this.clientHost=destinationHost;
//this.serverHost=sourceHost;
//this.clientTcpPort=tcpPacket.DestinationPort;
//this.serverTcpPort=tcpPacket.SourcePort;
{
fiveTuple = new FiveTuple(destinationHost, tcpPacket.DestinationPort, sourceHost, tcpPacket.SourcePort, FiveTuple.TransportProtocol.TCP);
this.flow = new NetworkFlow(fiveTuple, tcpPacket.ParentFrame.Timestamp, tcpPacket.ParentFrame.Timestamp, 0, 0);
this.SetEstablished(tcpPacket.AcknowledgmentNumber, tcpPacket.SequenceNumber);
}
else if (destinationPortProtocols.Count > 0) //packet is client -> server
//this.clientHost=sourceHost;
//this.serverHost=destinationHost;
//this.clientTcpPort=tcpPacket.SourcePort;
//this.serverTcpPort=tcpPacket.DestinationPort;
{
fiveTuple = new FiveTuple(sourceHost, tcpPacket.SourcePort, destinationHost, tcpPacket.DestinationPort, FiveTuple.TransportProtocol.TCP);
this.flow = new NetworkFlow(fiveTuple, tcpPacket.ParentFrame.Timestamp, tcpPacket.ParentFrame.Timestamp, 0, 0);
this.SetEstablished(tcpPacket.SequenceNumber, tcpPacket.AcknowledgmentNumber);
}
else if (tcpPacket.SourcePort < tcpPacket.DestinationPort)//packet is server -> client
//this.clientHost=destinationHost;
//this.serverHost=sourceHost;
//this.clientTcpPort=tcpPacket.DestinationPort;
//this.serverTcpPort=tcpPacket.SourcePort;
{
fiveTuple = new FiveTuple(destinationHost, tcpPacket.DestinationPort, sourceHost, tcpPacket.SourcePort, FiveTuple.TransportProtocol.TCP);
this.flow = new NetworkFlow(fiveTuple, tcpPacket.ParentFrame.Timestamp, tcpPacket.ParentFrame.Timestamp, 0, 0);
this.SetEstablished(tcpPacket.AcknowledgmentNumber, tcpPacket.SequenceNumber);
}
else //packet is client -> server
//this.clientHost=sourceHost;
//this.serverHost=destinationHost;
//this.clientTcpPort=tcpPacket.SourcePort;
//this.serverTcpPort=tcpPacket.DestinationPort;
{
fiveTuple = new FiveTuple(sourceHost, tcpPacket.SourcePort, destinationHost, tcpPacket.DestinationPort, FiveTuple.TransportProtocol.TCP);
this.flow = new NetworkFlow(fiveTuple, tcpPacket.ParentFrame.Timestamp, tcpPacket.ParentFrame.Timestamp, 0, 0);
this.SetEstablished(tcpPacket.SequenceNumber, tcpPacket.AcknowledgmentNumber);
}
this.protocolFinder = protocolFinderFactory.CreateProtocolFinder(this.flow, this.startFrameNumber);
}
public static IEnumerable <ApplicationLayerProtocol> GetProbableApplicationLayerProtocols(ushort serverPort, ushort clientPort)
{
TcpPortProtocolFinder finder = new TcpPortProtocolFinder(null, null, clientPort, serverPort, 0, DateTime.MinValue, null);
return(finder.GetProbableApplicationLayerProtocols());
}
