public void Add(TcpStreamPacket streamPacket)
{
if (_address == null)
_address = streamPacket.Connection;
if (streamPacket.Connection.OriginalOrder == _address.OriginalOrder)
streamPacket.Direction = TcpDirection.SourceToDestination;
else
streamPacket.Direction = TcpDirection.DestinationToSource;
_packets.Add(streamPacket);
AnalyzePacket(streamPacket);
}
public void Add(TcpStreamPacket streamPacket)
{
if (_address == null)
{
_address = streamPacket.Connection;
}
if (streamPacket.Connection.OriginalOrder == _address.OriginalOrder)
{
streamPacket.Direction = TcpDirection.SourceToDestination;
}
else
{
streamPacket.Direction = TcpDirection.DestinationToSource;
}
_packets.Add(streamPacket);
AnalyzePacket(streamPacket);
}
public void Add(PPacket packet)
{
if (packet.Tcp == null)
return;
TcpStreamPacket streamPacket = new TcpStreamPacket(packet);
int i = _streams.IndexOfKey(streamPacket.Connection);
TcpStream0 stream;
if (i == -1)
{
stream = new TcpStream0();
stream.StreamNumber = _streams.Count + 1;
_streams.Add(streamPacket.Connection, stream);
}
else
{
stream = _streams.Values[i];
}
streamPacket.StreamNumber = stream.StreamNumber;
stream.Add(streamPacket);
_packets.Add(streamPacket);
}
public void Add(PPacket packet)
{
if (packet.Tcp == null)
{
return;
}
TcpStreamPacket streamPacket = new TcpStreamPacket(packet);
int i = _streams.IndexOfKey(streamPacket.Connection);
TcpStream0 stream;
if (i == -1)
{
stream = new TcpStream0();
stream.StreamNumber = _streams.Count + 1;
_streams.Add(streamPacket.Connection, stream);
}
else
{
stream = _streams.Values[i];
}
streamPacket.StreamNumber = stream.StreamNumber;
stream.Add(streamPacket);
_packets.Add(streamPacket);
}
private void AnalyzePacket(TcpStreamPacket streamPacket)
{
//TCP tcp = streamPacket.Packet.TCP;
TcpDatagram tcp = streamPacket.Packet.Ethernet.IpV4.Tcp;
streamPacket.PacketType = TcpPacketType.Unknow;
bool OpenConnectionPacketType = false;
bool CloseConnectionPacketType = false;
//if (tcp.Synchronize)
if (tcp.IsSynchronize)
{
OpenConnectionPacketType = true;
// ****** OpenConnection1 SYN seq = x ******
//if (!tcp.Ack)
if (!tcp.IsAcknowledgment)
{
streamPacket.PacketType = TcpPacketType.OpenConnection1;
_streamState.OpenState = TcpPacketType.OpenConnection1;
_streamState.InitialSourceSequence = _streamState.CurrentSourceSequence = tcp.SequenceNumber;
//streamPacket.Message("TCP open 1 : SYN seq = x (0x{0})", tcp.seq.zToHex());
if (streamPacket.Direction != TcpDirection.SourceToDestination)
//streamPacket.Message("error wrong direction");
streamPacket.AddError(TcpPacketError.ErrorBadDirection);
}
// ****** OpenConnection2 SYN seq = y, ACK x + 1 ******
else
{
if (streamPacket.Direction == TcpDirection.DestinationToSource)
{
streamPacket.PacketType = TcpPacketType.OpenConnection2;
_streamState.OpenState = TcpPacketType.OpenConnection2;
_streamState.InitialDestinationSequence = _streamState.CurrentDestinationSequence = tcp.SequenceNumber;
//streamPacket.Message("TCP open 2 : SYN seq = y (0x{0}), ACK x + 1 (0x{1})", tcp.seq.zToHex(), tcp.ack_seq.zToHex());
_streamState.CurrentSourceSequence++;
if (tcp.AcknowledgmentNumber != _streamState.CurrentSourceSequence)
//streamPacket.Message("warning ack (0x{0}) != source seq + 1 (0x{1})", tcp.ack_seq.zToHex(), CurrentSourceSequence.zToHex());
streamPacket.AddError(TcpPacketError.WarningOpenConnection2BadAck);
if (_streamState.LastPacketType != TcpPacketType.OpenConnection1)
//streamPacket.Message("warning message should be just after open connection step 1");
streamPacket.AddError(TcpPacketError.WarningOpenConnection2BadMessagePosition);
}
else
//streamPacket.Message("error wrong direction, TCP open 2, SYN seq = y (0x{0}), ACK x + 1 (0x{1})", tcp.seq.zToHex(), tcp.ack_seq.zToHex());
streamPacket.AddError(TcpPacketError.ErrorOpenConnection2BadDirection);
}
}
//else if (tcp.Finish)
else if (tcp.IsFin)
{
CloseConnectionPacketType = true;
// ****** CloseSourceConnection1 FIN seq = x ******
if (streamPacket.Direction == TcpDirection.SourceToDestination)
{
streamPacket.PacketType = TcpPacketType.CloseSourceConnection1;
_streamState.CloseSourceState = TcpPacketType.CloseSourceConnection1;
//streamPacket.Message("TCP close source connection step 1 : FIN seq = x (0x{0})", tcp.seq.zToHex());
if (tcp.SequenceNumber != _streamState.CurrentSourceSequence)
//streamPacket.Message("warning seq (0x{0}) != source seq (0x{1})", tcp.seq.zToHex(), CurrentSourceSequence.zToHex());
streamPacket.AddError(TcpPacketError.WarningCloseSourceConnection1BadSeq);
//if (tcp.Ack)
if (tcp.IsAcknowledgment)
//streamPacket.Message("warning ack should not be set");
streamPacket.AddError(TcpPacketError.WarningBadFlagAck);
}
// ****** CloseDestinationConnection1 FIN seq = y, ACK x + 1 ******
else // streamPacket.Direction == TcpDirection.DestinationToSource
{
streamPacket.PacketType = TcpPacketType.CloseDestinationConnection1;
_streamState.CloseDestinationState = TcpPacketType.CloseDestinationConnection1;
//streamPacket.Message("TCP close destination connection step 1 : FIN seq = y (0x{0}), ACK x + 1 (0x{1})", tcp.seq.zToHex(), tcp.ack_seq.zToHex());
if (tcp.SequenceNumber != _streamState.CurrentDestinationSequence)
//streamPacket.Message("warning seq (0x{0}) != destination seq (0x{1})", tcp.seq.zToHex(), CurrentDestinationSequence.zToHex());
streamPacket.AddError(TcpPacketError.WarningCloseDestinationConnection1BadSeq);
//if (!tcp.Ack)
if (!tcp.IsAcknowledgment)
//streamPacket.Message("warning ack should be set");
streamPacket.AddError(TcpPacketError.WarningBadFlagAck);
else if (tcp.AcknowledgmentNumber != _streamState.CurrentSourceSequence + 1)
//streamPacket.Message("warning ack (0x{0}) != source seq + 1 (0x{1})", tcp.ack_seq.zToHex(), CurrentSourceSequence.zToHex());
streamPacket.AddError(TcpPacketError.WarningCloseDestinationConnection1BadAck);
}
}
//else if (tcp.Ack)
else if (tcp.IsAcknowledgment)
{
// ****** OpenConnection3 ACK y + 1 ******
if (_streamState.LastPacketType == TcpPacketType.OpenConnection2 && streamPacket.Direction == TcpDirection.SourceToDestination)
{
OpenConnectionPacketType = true;
streamPacket.PacketType = TcpPacketType.OpenConnection3;
_streamState.OpenState = TcpPacketType.OpenConnection3;
_streamState.ConnectionOpened = true;
_streamState.CurrentDestinationSequence++;
//streamPacket.Message("TCP open 3 : ACK y + 1 (0x{0})", tcp.ack_seq.zToHex());
if (tcp.AcknowledgmentNumber != _streamState.InitialDestinationSequence + 1)
//streamPacket.Message("warning ack (0x{0}) != destination seq + 1 (0x{1})", tcp.ack_seq.zToHex(), CurrentDestinationSequence.zToHex());
streamPacket.AddError(TcpPacketError.WarningOpenConnection3BadAck);
}
// ****** CloseSourceConnection2 ACK x + 1 ******
else if (_streamState.CloseSourceState == TcpPacketType.CloseSourceConnection1 && streamPacket.Direction == TcpDirection.DestinationToSource)
{
CloseConnectionPacketType = true;
streamPacket.PacketType = TcpPacketType.CloseSourceConnection2;
_streamState.CloseSourceState = TcpPacketType.CloseSourceConnection2;
//streamPacket.Message("TCP close source connection step 2 : ACK x + 1 (0x{0})", tcp.ack_seq.zToHex());
if (tcp.AcknowledgmentNumber != _streamState.CurrentSourceSequence + 1)
//streamPacket.Message("warning ack (0x{0}) != source seq + 1 (0x{1})", tcp.ack_seq.zToHex(), CurrentSourceSequence.zToHex());
streamPacket.AddError(TcpPacketError.WarningCloseSourceConnection2BadAck);
}
// ****** CloseDestinationConnection2 ACK y + 1 ******
else if (_streamState.CloseDestinationState == TcpPacketType.CloseDestinationConnection1 && streamPacket.Direction == TcpDirection.SourceToDestination)
{
CloseConnectionPacketType = true;
streamPacket.PacketType = TcpPacketType.CloseDestinationConnection2;
_streamState.CloseDestinationState = TcpPacketType.CloseDestinationConnection2;
//streamPacket.Message("TCP close destination connection step 2 : ACK y + 1 (0x{0})", tcp.ack_seq.zToHex());
if (tcp.AcknowledgmentNumber != _streamState.CurrentDestinationSequence + 1)
//streamPacket.Message("warning ack (0x{0}) != destination seq + 1 (0x{1}) (ACK y + 1)", tcp.ack_seq.zToHex(), CurrentDestinationSequence.zToHex());
streamPacket.AddError(TcpPacketError.WarningCloseDestinationConnection2BadAck);
}
else
streamPacket.PacketType |= TcpPacketType.Ack;
}
//if (OpenConnectionPacketType || CloseConnectionPacketType)
//{
// if (tcp.DataLength > 0)
// {
// if (tcp.psh == 1)
// streamPacket.Message("error data with push option cannot be send with syn flag");
// else
// streamPacket.Message("error data with cannot be send with syn flag");
// }
// if (tcp.psh == 1)
// streamPacket.Message("error push option without data cannot be send with syn flag");
//}
//if (tcp.Push)
if (tcp.IsPush)
streamPacket.PacketType |= TcpPacketType.Push;
if (tcp.PayloadLength > 0)
streamPacket.PacketType |= TcpPacketType.Data;
_streamState.LastPacketType = streamPacket.PacketType;
streamPacket.StreamState = _streamState;
}
private void AnalyzePacket(TcpStreamPacket streamPacket)
{
//TCP tcp = streamPacket.Packet.TCP;
TcpDatagram tcp = streamPacket.Packet.Ethernet.IpV4.Tcp;
streamPacket.PacketType = TcpPacketType.Unknow;
bool OpenConnectionPacketType = false;
bool CloseConnectionPacketType = false;
//if (tcp.Synchronize)
if (tcp.IsSynchronize)
{
OpenConnectionPacketType = true;
// ****** OpenConnection1 SYN seq = x ******
//if (!tcp.Ack)
if (!tcp.IsAcknowledgment)
{
streamPacket.PacketType = TcpPacketType.OpenConnection1;
_streamState.OpenState = TcpPacketType.OpenConnection1;
_streamState.InitialSourceSequence = _streamState.CurrentSourceSequence = tcp.SequenceNumber;
//streamPacket.Message("TCP open 1 : SYN seq = x (0x{0})", tcp.seq.zToHex());
if (streamPacket.Direction != TcpDirection.SourceToDestination)
{
//streamPacket.Message("error wrong direction");
streamPacket.AddError(TcpPacketError.ErrorBadDirection);
}
}
// ****** OpenConnection2 SYN seq = y, ACK x + 1 ******
else
{
if (streamPacket.Direction == TcpDirection.DestinationToSource)
{
streamPacket.PacketType = TcpPacketType.OpenConnection2;
_streamState.OpenState = TcpPacketType.OpenConnection2;
_streamState.InitialDestinationSequence = _streamState.CurrentDestinationSequence = tcp.SequenceNumber;
//streamPacket.Message("TCP open 2 : SYN seq = y (0x{0}), ACK x + 1 (0x{1})", tcp.seq.zToHex(), tcp.ack_seq.zToHex());
_streamState.CurrentSourceSequence++;
if (tcp.AcknowledgmentNumber != _streamState.CurrentSourceSequence)
{
//streamPacket.Message("warning ack (0x{0}) != source seq + 1 (0x{1})", tcp.ack_seq.zToHex(), CurrentSourceSequence.zToHex());
streamPacket.AddError(TcpPacketError.WarningOpenConnection2BadAck);
}
if (_streamState.LastPacketType != TcpPacketType.OpenConnection1)
{
//streamPacket.Message("warning message should be just after open connection step 1");
streamPacket.AddError(TcpPacketError.WarningOpenConnection2BadMessagePosition);
}
}
else
{
//streamPacket.Message("error wrong direction, TCP open 2, SYN seq = y (0x{0}), ACK x + 1 (0x{1})", tcp.seq.zToHex(), tcp.ack_seq.zToHex());
streamPacket.AddError(TcpPacketError.ErrorOpenConnection2BadDirection);
}
}
}
//else if (tcp.Finish)
else if (tcp.IsFin)
{
CloseConnectionPacketType = true;
// ****** CloseSourceConnection1 FIN seq = x ******
if (streamPacket.Direction == TcpDirection.SourceToDestination)
{
streamPacket.PacketType = TcpPacketType.CloseSourceConnection1;
_streamState.CloseSourceState = TcpPacketType.CloseSourceConnection1;
//streamPacket.Message("TCP close source connection step 1 : FIN seq = x (0x{0})", tcp.seq.zToHex());
if (tcp.SequenceNumber != _streamState.CurrentSourceSequence)
{
//streamPacket.Message("warning seq (0x{0}) != source seq (0x{1})", tcp.seq.zToHex(), CurrentSourceSequence.zToHex());
streamPacket.AddError(TcpPacketError.WarningCloseSourceConnection1BadSeq);
}
//if (tcp.Ack)
if (tcp.IsAcknowledgment)
{
//streamPacket.Message("warning ack should not be set");
streamPacket.AddError(TcpPacketError.WarningBadFlagAck);
}
}
// ****** CloseDestinationConnection1 FIN seq = y, ACK x + 1 ******
else // streamPacket.Direction == TcpDirection.DestinationToSource
{
streamPacket.PacketType = TcpPacketType.CloseDestinationConnection1;
_streamState.CloseDestinationState = TcpPacketType.CloseDestinationConnection1;
//streamPacket.Message("TCP close destination connection step 1 : FIN seq = y (0x{0}), ACK x + 1 (0x{1})", tcp.seq.zToHex(), tcp.ack_seq.zToHex());
if (tcp.SequenceNumber != _streamState.CurrentDestinationSequence)
{
//streamPacket.Message("warning seq (0x{0}) != destination seq (0x{1})", tcp.seq.zToHex(), CurrentDestinationSequence.zToHex());
streamPacket.AddError(TcpPacketError.WarningCloseDestinationConnection1BadSeq);
}
//if (!tcp.Ack)
if (!tcp.IsAcknowledgment)
{
//streamPacket.Message("warning ack should be set");
streamPacket.AddError(TcpPacketError.WarningBadFlagAck);
}
else if (tcp.AcknowledgmentNumber != _streamState.CurrentSourceSequence + 1)
{
//streamPacket.Message("warning ack (0x{0}) != source seq + 1 (0x{1})", tcp.ack_seq.zToHex(), CurrentSourceSequence.zToHex());
streamPacket.AddError(TcpPacketError.WarningCloseDestinationConnection1BadAck);
}
}
}
//else if (tcp.Ack)
else if (tcp.IsAcknowledgment)
{
// ****** OpenConnection3 ACK y + 1 ******
if (_streamState.LastPacketType == TcpPacketType.OpenConnection2 && streamPacket.Direction == TcpDirection.SourceToDestination)
{
OpenConnectionPacketType = true;
streamPacket.PacketType = TcpPacketType.OpenConnection3;
_streamState.OpenState = TcpPacketType.OpenConnection3;
_streamState.ConnectionOpened = true;
_streamState.CurrentDestinationSequence++;
//streamPacket.Message("TCP open 3 : ACK y + 1 (0x{0})", tcp.ack_seq.zToHex());
if (tcp.AcknowledgmentNumber != _streamState.InitialDestinationSequence + 1)
{
//streamPacket.Message("warning ack (0x{0}) != destination seq + 1 (0x{1})", tcp.ack_seq.zToHex(), CurrentDestinationSequence.zToHex());
streamPacket.AddError(TcpPacketError.WarningOpenConnection3BadAck);
}
}
// ****** CloseSourceConnection2 ACK x + 1 ******
else if (_streamState.CloseSourceState == TcpPacketType.CloseSourceConnection1 && streamPacket.Direction == TcpDirection.DestinationToSource)
{
CloseConnectionPacketType = true;
streamPacket.PacketType = TcpPacketType.CloseSourceConnection2;
_streamState.CloseSourceState = TcpPacketType.CloseSourceConnection2;
//streamPacket.Message("TCP close source connection step 2 : ACK x + 1 (0x{0})", tcp.ack_seq.zToHex());
if (tcp.AcknowledgmentNumber != _streamState.CurrentSourceSequence + 1)
{
//streamPacket.Message("warning ack (0x{0}) != source seq + 1 (0x{1})", tcp.ack_seq.zToHex(), CurrentSourceSequence.zToHex());
streamPacket.AddError(TcpPacketError.WarningCloseSourceConnection2BadAck);
}
}
// ****** CloseDestinationConnection2 ACK y + 1 ******
else if (_streamState.CloseDestinationState == TcpPacketType.CloseDestinationConnection1 && streamPacket.Direction == TcpDirection.SourceToDestination)
{
CloseConnectionPacketType = true;
streamPacket.PacketType = TcpPacketType.CloseDestinationConnection2;
_streamState.CloseDestinationState = TcpPacketType.CloseDestinationConnection2;
//streamPacket.Message("TCP close destination connection step 2 : ACK y + 1 (0x{0})", tcp.ack_seq.zToHex());
if (tcp.AcknowledgmentNumber != _streamState.CurrentDestinationSequence + 1)
{
//streamPacket.Message("warning ack (0x{0}) != destination seq + 1 (0x{1}) (ACK y + 1)", tcp.ack_seq.zToHex(), CurrentDestinationSequence.zToHex());
streamPacket.AddError(TcpPacketError.WarningCloseDestinationConnection2BadAck);
}
}
else
{
streamPacket.PacketType |= TcpPacketType.Ack;
}
}
//if (OpenConnectionPacketType || CloseConnectionPacketType)
//{
// if (tcp.DataLength > 0)
// {
// if (tcp.psh == 1)
// streamPacket.Message("error data with push option cannot be send with syn flag");
// else
// streamPacket.Message("error data with cannot be send with syn flag");
// }
// if (tcp.psh == 1)
// streamPacket.Message("error push option without data cannot be send with syn flag");
//}
//if (tcp.Push)
if (tcp.IsPush)
{
streamPacket.PacketType |= TcpPacketType.Push;
}
if (tcp.PayloadLength > 0)
{
streamPacket.PacketType |= TcpPacketType.Data;
}
_streamState.LastPacketType = streamPacket.PacketType;
streamPacket.StreamState = _streamState;
}