public void Add(TcpStreamPacket streamPacket) { if (_address == null) _address = streamPacket.Connection; if (streamPacket.Connection.OriginalOrder == _address.OriginalOrder) streamPacket.Direction = TcpDirection.SourceToDestination; else streamPacket.Direction = TcpDirection.DestinationToSource; _packets.Add(streamPacket); AnalyzePacket(streamPacket); }
public void Add(TcpStreamPacket streamPacket) { if (_address == null) { _address = streamPacket.Connection; } if (streamPacket.Connection.OriginalOrder == _address.OriginalOrder) { streamPacket.Direction = TcpDirection.SourceToDestination; } else { streamPacket.Direction = TcpDirection.DestinationToSource; } _packets.Add(streamPacket); AnalyzePacket(streamPacket); }
public void Add(PPacket packet) { if (packet.Tcp == null) return; TcpStreamPacket streamPacket = new TcpStreamPacket(packet); int i = _streams.IndexOfKey(streamPacket.Connection); TcpStream0 stream; if (i == -1) { stream = new TcpStream0(); stream.StreamNumber = _streams.Count + 1; _streams.Add(streamPacket.Connection, stream); } else { stream = _streams.Values[i]; } streamPacket.StreamNumber = stream.StreamNumber; stream.Add(streamPacket); _packets.Add(streamPacket); }
public void Add(PPacket packet) { if (packet.Tcp == null) { return; } TcpStreamPacket streamPacket = new TcpStreamPacket(packet); int i = _streams.IndexOfKey(streamPacket.Connection); TcpStream0 stream; if (i == -1) { stream = new TcpStream0(); stream.StreamNumber = _streams.Count + 1; _streams.Add(streamPacket.Connection, stream); } else { stream = _streams.Values[i]; } streamPacket.StreamNumber = stream.StreamNumber; stream.Add(streamPacket); _packets.Add(streamPacket); }
private void AnalyzePacket(TcpStreamPacket streamPacket) { //TCP tcp = streamPacket.Packet.TCP; TcpDatagram tcp = streamPacket.Packet.Ethernet.IpV4.Tcp; streamPacket.PacketType = TcpPacketType.Unknow; bool OpenConnectionPacketType = false; bool CloseConnectionPacketType = false; //if (tcp.Synchronize) if (tcp.IsSynchronize) { OpenConnectionPacketType = true; // ****** OpenConnection1 SYN seq = x ****** //if (!tcp.Ack) if (!tcp.IsAcknowledgment) { streamPacket.PacketType = TcpPacketType.OpenConnection1; _streamState.OpenState = TcpPacketType.OpenConnection1; _streamState.InitialSourceSequence = _streamState.CurrentSourceSequence = tcp.SequenceNumber; //streamPacket.Message("TCP open 1 : SYN seq = x (0x{0})", tcp.seq.zToHex()); if (streamPacket.Direction != TcpDirection.SourceToDestination) //streamPacket.Message("error wrong direction"); streamPacket.AddError(TcpPacketError.ErrorBadDirection); } // ****** OpenConnection2 SYN seq = y, ACK x + 1 ****** else { if (streamPacket.Direction == TcpDirection.DestinationToSource) { streamPacket.PacketType = TcpPacketType.OpenConnection2; _streamState.OpenState = TcpPacketType.OpenConnection2; _streamState.InitialDestinationSequence = _streamState.CurrentDestinationSequence = tcp.SequenceNumber; //streamPacket.Message("TCP open 2 : SYN seq = y (0x{0}), ACK x + 1 (0x{1})", tcp.seq.zToHex(), tcp.ack_seq.zToHex()); _streamState.CurrentSourceSequence++; if (tcp.AcknowledgmentNumber != _streamState.CurrentSourceSequence) //streamPacket.Message("warning ack (0x{0}) != source seq + 1 (0x{1})", tcp.ack_seq.zToHex(), CurrentSourceSequence.zToHex()); streamPacket.AddError(TcpPacketError.WarningOpenConnection2BadAck); if (_streamState.LastPacketType != TcpPacketType.OpenConnection1) //streamPacket.Message("warning message should be just after open connection step 1"); streamPacket.AddError(TcpPacketError.WarningOpenConnection2BadMessagePosition); } else //streamPacket.Message("error wrong direction, TCP open 2, SYN seq = y (0x{0}), ACK x + 1 (0x{1})", tcp.seq.zToHex(), tcp.ack_seq.zToHex()); streamPacket.AddError(TcpPacketError.ErrorOpenConnection2BadDirection); } } //else if (tcp.Finish) else if (tcp.IsFin) { CloseConnectionPacketType = true; // ****** CloseSourceConnection1 FIN seq = x ****** if (streamPacket.Direction == TcpDirection.SourceToDestination) { streamPacket.PacketType = TcpPacketType.CloseSourceConnection1; _streamState.CloseSourceState = TcpPacketType.CloseSourceConnection1; //streamPacket.Message("TCP close source connection step 1 : FIN seq = x (0x{0})", tcp.seq.zToHex()); if (tcp.SequenceNumber != _streamState.CurrentSourceSequence) //streamPacket.Message("warning seq (0x{0}) != source seq (0x{1})", tcp.seq.zToHex(), CurrentSourceSequence.zToHex()); streamPacket.AddError(TcpPacketError.WarningCloseSourceConnection1BadSeq); //if (tcp.Ack) if (tcp.IsAcknowledgment) //streamPacket.Message("warning ack should not be set"); streamPacket.AddError(TcpPacketError.WarningBadFlagAck); } // ****** CloseDestinationConnection1 FIN seq = y, ACK x + 1 ****** else // streamPacket.Direction == TcpDirection.DestinationToSource { streamPacket.PacketType = TcpPacketType.CloseDestinationConnection1; _streamState.CloseDestinationState = TcpPacketType.CloseDestinationConnection1; //streamPacket.Message("TCP close destination connection step 1 : FIN seq = y (0x{0}), ACK x + 1 (0x{1})", tcp.seq.zToHex(), tcp.ack_seq.zToHex()); if (tcp.SequenceNumber != _streamState.CurrentDestinationSequence) //streamPacket.Message("warning seq (0x{0}) != destination seq (0x{1})", tcp.seq.zToHex(), CurrentDestinationSequence.zToHex()); streamPacket.AddError(TcpPacketError.WarningCloseDestinationConnection1BadSeq); //if (!tcp.Ack) if (!tcp.IsAcknowledgment) //streamPacket.Message("warning ack should be set"); streamPacket.AddError(TcpPacketError.WarningBadFlagAck); else if (tcp.AcknowledgmentNumber != _streamState.CurrentSourceSequence + 1) //streamPacket.Message("warning ack (0x{0}) != source seq + 1 (0x{1})", tcp.ack_seq.zToHex(), CurrentSourceSequence.zToHex()); streamPacket.AddError(TcpPacketError.WarningCloseDestinationConnection1BadAck); } } //else if (tcp.Ack) else if (tcp.IsAcknowledgment) { // ****** OpenConnection3 ACK y + 1 ****** if (_streamState.LastPacketType == TcpPacketType.OpenConnection2 && streamPacket.Direction == TcpDirection.SourceToDestination) { OpenConnectionPacketType = true; streamPacket.PacketType = TcpPacketType.OpenConnection3; _streamState.OpenState = TcpPacketType.OpenConnection3; _streamState.ConnectionOpened = true; _streamState.CurrentDestinationSequence++; //streamPacket.Message("TCP open 3 : ACK y + 1 (0x{0})", tcp.ack_seq.zToHex()); if (tcp.AcknowledgmentNumber != _streamState.InitialDestinationSequence + 1) //streamPacket.Message("warning ack (0x{0}) != destination seq + 1 (0x{1})", tcp.ack_seq.zToHex(), CurrentDestinationSequence.zToHex()); streamPacket.AddError(TcpPacketError.WarningOpenConnection3BadAck); } // ****** CloseSourceConnection2 ACK x + 1 ****** else if (_streamState.CloseSourceState == TcpPacketType.CloseSourceConnection1 && streamPacket.Direction == TcpDirection.DestinationToSource) { CloseConnectionPacketType = true; streamPacket.PacketType = TcpPacketType.CloseSourceConnection2; _streamState.CloseSourceState = TcpPacketType.CloseSourceConnection2; //streamPacket.Message("TCP close source connection step 2 : ACK x + 1 (0x{0})", tcp.ack_seq.zToHex()); if (tcp.AcknowledgmentNumber != _streamState.CurrentSourceSequence + 1) //streamPacket.Message("warning ack (0x{0}) != source seq + 1 (0x{1})", tcp.ack_seq.zToHex(), CurrentSourceSequence.zToHex()); streamPacket.AddError(TcpPacketError.WarningCloseSourceConnection2BadAck); } // ****** CloseDestinationConnection2 ACK y + 1 ****** else if (_streamState.CloseDestinationState == TcpPacketType.CloseDestinationConnection1 && streamPacket.Direction == TcpDirection.SourceToDestination) { CloseConnectionPacketType = true; streamPacket.PacketType = TcpPacketType.CloseDestinationConnection2; _streamState.CloseDestinationState = TcpPacketType.CloseDestinationConnection2; //streamPacket.Message("TCP close destination connection step 2 : ACK y + 1 (0x{0})", tcp.ack_seq.zToHex()); if (tcp.AcknowledgmentNumber != _streamState.CurrentDestinationSequence + 1) //streamPacket.Message("warning ack (0x{0}) != destination seq + 1 (0x{1}) (ACK y + 1)", tcp.ack_seq.zToHex(), CurrentDestinationSequence.zToHex()); streamPacket.AddError(TcpPacketError.WarningCloseDestinationConnection2BadAck); } else streamPacket.PacketType |= TcpPacketType.Ack; } //if (OpenConnectionPacketType || CloseConnectionPacketType) //{ // if (tcp.DataLength > 0) // { // if (tcp.psh == 1) // streamPacket.Message("error data with push option cannot be send with syn flag"); // else // streamPacket.Message("error data with cannot be send with syn flag"); // } // if (tcp.psh == 1) // streamPacket.Message("error push option without data cannot be send with syn flag"); //} //if (tcp.Push) if (tcp.IsPush) streamPacket.PacketType |= TcpPacketType.Push; if (tcp.PayloadLength > 0) streamPacket.PacketType |= TcpPacketType.Data; _streamState.LastPacketType = streamPacket.PacketType; streamPacket.StreamState = _streamState; }
private void AnalyzePacket(TcpStreamPacket streamPacket) { //TCP tcp = streamPacket.Packet.TCP; TcpDatagram tcp = streamPacket.Packet.Ethernet.IpV4.Tcp; streamPacket.PacketType = TcpPacketType.Unknow; bool OpenConnectionPacketType = false; bool CloseConnectionPacketType = false; //if (tcp.Synchronize) if (tcp.IsSynchronize) { OpenConnectionPacketType = true; // ****** OpenConnection1 SYN seq = x ****** //if (!tcp.Ack) if (!tcp.IsAcknowledgment) { streamPacket.PacketType = TcpPacketType.OpenConnection1; _streamState.OpenState = TcpPacketType.OpenConnection1; _streamState.InitialSourceSequence = _streamState.CurrentSourceSequence = tcp.SequenceNumber; //streamPacket.Message("TCP open 1 : SYN seq = x (0x{0})", tcp.seq.zToHex()); if (streamPacket.Direction != TcpDirection.SourceToDestination) { //streamPacket.Message("error wrong direction"); streamPacket.AddError(TcpPacketError.ErrorBadDirection); } } // ****** OpenConnection2 SYN seq = y, ACK x + 1 ****** else { if (streamPacket.Direction == TcpDirection.DestinationToSource) { streamPacket.PacketType = TcpPacketType.OpenConnection2; _streamState.OpenState = TcpPacketType.OpenConnection2; _streamState.InitialDestinationSequence = _streamState.CurrentDestinationSequence = tcp.SequenceNumber; //streamPacket.Message("TCP open 2 : SYN seq = y (0x{0}), ACK x + 1 (0x{1})", tcp.seq.zToHex(), tcp.ack_seq.zToHex()); _streamState.CurrentSourceSequence++; if (tcp.AcknowledgmentNumber != _streamState.CurrentSourceSequence) { //streamPacket.Message("warning ack (0x{0}) != source seq + 1 (0x{1})", tcp.ack_seq.zToHex(), CurrentSourceSequence.zToHex()); streamPacket.AddError(TcpPacketError.WarningOpenConnection2BadAck); } if (_streamState.LastPacketType != TcpPacketType.OpenConnection1) { //streamPacket.Message("warning message should be just after open connection step 1"); streamPacket.AddError(TcpPacketError.WarningOpenConnection2BadMessagePosition); } } else { //streamPacket.Message("error wrong direction, TCP open 2, SYN seq = y (0x{0}), ACK x + 1 (0x{1})", tcp.seq.zToHex(), tcp.ack_seq.zToHex()); streamPacket.AddError(TcpPacketError.ErrorOpenConnection2BadDirection); } } } //else if (tcp.Finish) else if (tcp.IsFin) { CloseConnectionPacketType = true; // ****** CloseSourceConnection1 FIN seq = x ****** if (streamPacket.Direction == TcpDirection.SourceToDestination) { streamPacket.PacketType = TcpPacketType.CloseSourceConnection1; _streamState.CloseSourceState = TcpPacketType.CloseSourceConnection1; //streamPacket.Message("TCP close source connection step 1 : FIN seq = x (0x{0})", tcp.seq.zToHex()); if (tcp.SequenceNumber != _streamState.CurrentSourceSequence) { //streamPacket.Message("warning seq (0x{0}) != source seq (0x{1})", tcp.seq.zToHex(), CurrentSourceSequence.zToHex()); streamPacket.AddError(TcpPacketError.WarningCloseSourceConnection1BadSeq); } //if (tcp.Ack) if (tcp.IsAcknowledgment) { //streamPacket.Message("warning ack should not be set"); streamPacket.AddError(TcpPacketError.WarningBadFlagAck); } } // ****** CloseDestinationConnection1 FIN seq = y, ACK x + 1 ****** else // streamPacket.Direction == TcpDirection.DestinationToSource { streamPacket.PacketType = TcpPacketType.CloseDestinationConnection1; _streamState.CloseDestinationState = TcpPacketType.CloseDestinationConnection1; //streamPacket.Message("TCP close destination connection step 1 : FIN seq = y (0x{0}), ACK x + 1 (0x{1})", tcp.seq.zToHex(), tcp.ack_seq.zToHex()); if (tcp.SequenceNumber != _streamState.CurrentDestinationSequence) { //streamPacket.Message("warning seq (0x{0}) != destination seq (0x{1})", tcp.seq.zToHex(), CurrentDestinationSequence.zToHex()); streamPacket.AddError(TcpPacketError.WarningCloseDestinationConnection1BadSeq); } //if (!tcp.Ack) if (!tcp.IsAcknowledgment) { //streamPacket.Message("warning ack should be set"); streamPacket.AddError(TcpPacketError.WarningBadFlagAck); } else if (tcp.AcknowledgmentNumber != _streamState.CurrentSourceSequence + 1) { //streamPacket.Message("warning ack (0x{0}) != source seq + 1 (0x{1})", tcp.ack_seq.zToHex(), CurrentSourceSequence.zToHex()); streamPacket.AddError(TcpPacketError.WarningCloseDestinationConnection1BadAck); } } } //else if (tcp.Ack) else if (tcp.IsAcknowledgment) { // ****** OpenConnection3 ACK y + 1 ****** if (_streamState.LastPacketType == TcpPacketType.OpenConnection2 && streamPacket.Direction == TcpDirection.SourceToDestination) { OpenConnectionPacketType = true; streamPacket.PacketType = TcpPacketType.OpenConnection3; _streamState.OpenState = TcpPacketType.OpenConnection3; _streamState.ConnectionOpened = true; _streamState.CurrentDestinationSequence++; //streamPacket.Message("TCP open 3 : ACK y + 1 (0x{0})", tcp.ack_seq.zToHex()); if (tcp.AcknowledgmentNumber != _streamState.InitialDestinationSequence + 1) { //streamPacket.Message("warning ack (0x{0}) != destination seq + 1 (0x{1})", tcp.ack_seq.zToHex(), CurrentDestinationSequence.zToHex()); streamPacket.AddError(TcpPacketError.WarningOpenConnection3BadAck); } } // ****** CloseSourceConnection2 ACK x + 1 ****** else if (_streamState.CloseSourceState == TcpPacketType.CloseSourceConnection1 && streamPacket.Direction == TcpDirection.DestinationToSource) { CloseConnectionPacketType = true; streamPacket.PacketType = TcpPacketType.CloseSourceConnection2; _streamState.CloseSourceState = TcpPacketType.CloseSourceConnection2; //streamPacket.Message("TCP close source connection step 2 : ACK x + 1 (0x{0})", tcp.ack_seq.zToHex()); if (tcp.AcknowledgmentNumber != _streamState.CurrentSourceSequence + 1) { //streamPacket.Message("warning ack (0x{0}) != source seq + 1 (0x{1})", tcp.ack_seq.zToHex(), CurrentSourceSequence.zToHex()); streamPacket.AddError(TcpPacketError.WarningCloseSourceConnection2BadAck); } } // ****** CloseDestinationConnection2 ACK y + 1 ****** else if (_streamState.CloseDestinationState == TcpPacketType.CloseDestinationConnection1 && streamPacket.Direction == TcpDirection.SourceToDestination) { CloseConnectionPacketType = true; streamPacket.PacketType = TcpPacketType.CloseDestinationConnection2; _streamState.CloseDestinationState = TcpPacketType.CloseDestinationConnection2; //streamPacket.Message("TCP close destination connection step 2 : ACK y + 1 (0x{0})", tcp.ack_seq.zToHex()); if (tcp.AcknowledgmentNumber != _streamState.CurrentDestinationSequence + 1) { //streamPacket.Message("warning ack (0x{0}) != destination seq + 1 (0x{1}) (ACK y + 1)", tcp.ack_seq.zToHex(), CurrentDestinationSequence.zToHex()); streamPacket.AddError(TcpPacketError.WarningCloseDestinationConnection2BadAck); } } else { streamPacket.PacketType |= TcpPacketType.Ack; } } //if (OpenConnectionPacketType || CloseConnectionPacketType) //{ // if (tcp.DataLength > 0) // { // if (tcp.psh == 1) // streamPacket.Message("error data with push option cannot be send with syn flag"); // else // streamPacket.Message("error data with cannot be send with syn flag"); // } // if (tcp.psh == 1) // streamPacket.Message("error push option without data cannot be send with syn flag"); //} //if (tcp.Push) if (tcp.IsPush) { streamPacket.PacketType |= TcpPacketType.Push; } if (tcp.PayloadLength > 0) { streamPacket.PacketType |= TcpPacketType.Data; } _streamState.LastPacketType = streamPacket.PacketType; streamPacket.StreamState = _streamState; }