private static void device_OnPacketArrival(object sender, CaptureEventArgs e)
{
var packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
var tcpPacket = PacketDotNet.TcpPacket.GetEncapsulated(packet);
if (tcpPacket != null)
{
if (tcpPacket.PayloadData.GetLength(0) >= 1)
{
var requestPayLoad = Encoding.UTF8.GetString(tcpPacket.PayloadData);
string startStr = "GET";
string endStr = "HTTP";
int startIndex = requestPayLoad.IndexOf(startStr) + startStr.Length;
int endIndex = requestPayLoad.IndexOf(endStr);
string url = string.Format(@"http://{0}{1}", serverIpAddress, requestPayLoad.Substring(startIndex, endIndex - startIndex).Trim());
if (!historyMessage.ContainsKey(url))
{
var request = WebRequest.Create(url);
var response = request.GetResponse();
using (var stream = response.GetResponseStream())
{
var image = Image.FromStream(stream);
image.Save(imageSavePath);
Console.WriteLine(DateTime.Now + " : " + imageSavePath);
}
historyMessage.Add(url, true);
}
else // If contains, just remove it, so that it will not make historyMessage too huge
{
historyMessage.Remove(url);
}
}
}
}
/// <summary>
/// Prints the time and length of each received packet
/// </summary>
private static void device_OnPacketArrival(object sender, CaptureEventArgs e)
{
var time = e.Packet.Timeval.Date;
var len = e.Packet.Data.Length;
Console.WriteLine("{0}:{1}:{2},{3} Len={4}",
time.Hour, time.Minute, time.Second, time.Millisecond, len);
}
private static void device_OnPacketArrival(object sender, CaptureEventArgs e)
{
DateTime time = e.Packet.Timeval.Date;
int len = e.Packet.Data.Length;
Console.WriteLine("bytes : {0}", len);
Console.WriteLine("{0}:{1}:{2},{3} Len={4}",
time.Hour, time.Minute, time.Second, time.Millisecond, len);
/*if (sender.Equals(deviceMasterSent))
devicesPacketLengthS[0] += len;
else if (sender.Equals(deviceMasterRecv))
devicesPacketLengthR[0] += len;*/
if (sender.Equals(device1Sent))
devicesPacketLengthS[1] += len;
else if (sender.Equals(device1Recv))
devicesPacketLengthR[1] += len;
else if (sender.Equals(device2Sent))
devicesPacketLengthS[2] += len;
else if (sender.Equals(device2Recv))
devicesPacketLengthR[2] += len;
else if (sender.Equals(device3Sent))
devicesPacketLengthS[3] += len;
else if (sender.Equals(device3Recv))
devicesPacketLengthR[3] += len;
}
static void device_OnPaketArrival(object sender, CaptureEventArgs e)
{
Packet packet = Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
var tcpPacket = TcpPacket.GetEncapsulated(packet);
// TcpPacket tcpPacket = packet.Extract(typeof(TcpPacket)) as TcpPacket;
//string KeyWord = "qwe";
if (tcpPacket != null) {
String SPort = tcpPacket.SourcePort.ToString();
var DPort = tcpPacket.DestinationPort.ToString();
var Data = Encoding.Unicode.GetString(tcpPacket.PayloadData); //Encoding.ASCII.GetString(tcpPacket.PayloadData).ToString();
if (OptionTCP.UnsafeCompareByte(tcpPacket.PayloadData, KeyWord))
{ //if if (OptionTCP.UnsafeCompareByte(tcpPacket.PayloadData, KeyWord) && SPort = tcpPacket.SourcePort.ToString() == 1768)
Console.WriteLine("eeeeeeeess");
try
{
System.Diagnostics.Process proc = new System.Diagnostics.Process();
proc.StartInfo.FileName = "dropTcpPacket.exe";
proc.StartInfo.Arguments = StegWord;
proc.Start();
}
catch (Exception exp) {
Console.WriteLine("errro .. {0}", exp.ToString());
}
}
else Console.WriteLine("nnnnnnnnoo: {0}", Encoding.Unicode.GetString(KeyWord));
Console.WriteLine("Sport: {0}, DPort: {1}, Data: {2}", SPort, DPort, Data);
Console.WriteLine("==========================================================");
}
}
private static void device_OnPacketArrival(object sender, CaptureEventArgs e)
{
var packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
var tcpPacket = PacketDotNet.TcpPacket.GetEncapsulated(packet);
if (tcpPacket != null)
{
if (tcpPacket.PayloadData.GetLength(0) >= 1)
{
var requestPayLoad = Encoding.UTF8.GetString(tcpPacket.PayloadData);
string endStr = string.Format(",{0:yyyy-MM-dd}", DateTime.Now.Date);
//string endStr = string.Format(",{0:yyyy-MM-dd}", new DateTime(2015, 7, 18));
int endIndex = requestPayLoad.IndexOf(endStr);
if (endIndex >= 0)
{
string potentialPriceString = requestPayLoad.Substring(0, endIndex);
string startStr = ",";
int startIndex = potentialPriceString.LastIndexOf(startStr);
string price = potentialPriceString.Substring(startIndex + 1);
WritePrice(price);
Console.WriteLine(DateTime.Now.ToString() + ": " + price);
}
}
}
}
void captureDevice_OnPacketArrival(object sender, SharpPcap.CaptureEventArgs e)
{
lock (QueueLock)
{
PacketQueue.Add(e.Packet);
}
}
private static void device_OnPacketArrival(object sender, CaptureEventArgs e)
{
try
{
var packet = Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
var tcpPacket = TcpPacket.GetEncapsulated(packet);
if (tcpPacket.PayloadData != null && tcpPacket.PayloadData.Length > 0)
{
bool isClientPacket = IsFromClient(tcpPacket);
bool IsPacketComplete = FlagCheck(tcpPacket.AllFlags);
var buffer = isClientPacket ? ClientBuffer : ServerBuffer;
// Console.WriteLine("Flag :{0} \t Size: {2} \t IsClient: {3}", IsPacketComplete, tcpPacket.AcknowledgmentNumber, tcpPacket.PayloadData.Length, isClientPacket);
if (IsPacketComplete)
{
buffer.Append(tcpPacket.PayloadData);
phandler.Packethandler(buffer.GetPacketAndReset(), isClientPacket);
}
else
{
buffer.Append(tcpPacket.PayloadData);
}
}
}
catch{ }
}
/// <summary>
/// Dumps each received packet to a pcap file
/// </summary>
private static void device_PcapOnPacketArrival(object sender, SharpPcap.CaptureEventArgs e)
{
SyslogMessage msg = null;
try
{
Packet link = Packet.ParsePacket(LinkLayers.Ethernet, e.Packet.Data);
EthernetPacket ethernet = (EthernetPacket)link;
IpPacket ip = (IpPacket)ethernet.PayloadPacket;
UdpPacket udp = (UdpPacket)ip.PayloadPacket;
msg = new SyslogMessage(udp);
outputFile.WriteLine(System.Text.Encoding.ASCII.GetString(udp.PayloadData));
}
catch (Exception ex)
{
EventLog.WriteEntry("SwsyslogService", ex.ToString(), EventLogEntryType.Error);
}
// if the output file is ready to write, write the log file ...
if (msg != null && outputFile.BaseStream.CanWrite)
{
//outputFile.WriteLine(msg.ToString());
}
_logEntryCount++;
}
static void captureDevice_OnPacketArrival(object sender, CaptureEventArgs e)
{
lock (PacketProcessMutex)
{
TcpPacket tcpPacket = TcpPacket.GetEncapsulated(Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data) as EthernetPacket);
if (tcpPacket.Psh)
{
PacketDirection direction = (tcpPacket.SourcePort == 8995 || (tcpPacket.SourcePort > 20050 && tcpPacket.SourcePort < 20100)) ? PacketDirection.Server2Client : PacketDirection.Client2Server;
byte[] data = new byte[tcpPacket.Bytes.Length - tcpPacket.Header.Length];
Array.Copy(tcpPacket.Bytes, tcpPacket.Header.Length, data, 0, data.Length);
// calculate session id
int sessionid = tcpPacket.DestinationPort * tcpPacket.SourcePort;
CaptureSession session = CaptureSessionList.Instance.Find(s => s.ID == sessionid);
if (session == null)
{
bool login = false;
if((direction == PacketDirection.Server2Client && tcpPacket.SourcePort == 8995) || (direction == PacketDirection.Client2Server && tcpPacket.DestinationPort == 8995))
login = true;
session = new CaptureSession(sessionid, (login ? (byte)0 : (byte)4));
CaptureSessionList.Instance.Add(session);
}
session.PacketReceived(data, direction);
}
}
}
//check the packet is port 808
void device_OnPacketArrival(object sender, CaptureEventArgs e)
{
if (e.Packet.Data.Length < 20)
return;
Packet p = null;
TcpPacket tcp = null;
try
{
p = Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
tcp = TcpPacket.GetEncapsulated(p);
}
catch
{
return;
}
if (tcp == null)
return;
ushort portToFind = 808;
if (tcp.DestinationPort == portToFind || tcp.DestinationPort == portToFind)
{
UpdateUiHandler handler = new UpdateUiHandler(SetCommunicating);
Object[] args = new Object[] { true };
this.BeginInvoke(handler, args);
}
}
public static void Resolve(object sender, CaptureEventArgs e)
{
var result = Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
var packet = result as EthernetPacket;
if (packet?.Type == EthernetPacketType.Arp)
PostDashEvent(packet);
}
private static void device_OnPacketArrival(object sender, CaptureEventArgs e)
{
DateTime time = e.Packet.Timeval.Date;
var packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
var udpPacket = PacketDotNet.UdpPacket.GetEncapsulated(packet); //PacketDotNet.TcpPacket.GetEncapsulated(packet);
if (udpPacket != null)
{
var ipPacket = (PacketDotNet.IpPacket)udpPacket.ParentPacket;
System.Net.IPAddress srcIp = ipPacket.SourceAddress;
System.Net.IPAddress dstIp = ipPacket.DestinationAddress;
// MessageBox.Show(srcIp.ToString() + " " + dstIp.ToString());
int srcPort = udpPacket.SourcePort;
int dstPort = udpPacket.DestinationPort;
if ((srcPort == 53) || (dstPort == 53))
{
IPEndPoint a = new IPEndPoint(ipPacket.SourceAddress, srcPort);
response = new Response(a, udpPacket.PayloadData);
if ((response.header.QR == false))// && (srcIp == IPAddress.Parse("10.12.11.74")))
{
Console.WriteLine("Got an Question...");
display();
dnsSnifferTableAdapters.req_tableTableAdapter reqta = new MyDnsSniffer.dnsSnifferTableAdapters.req_tableTableAdapter();
reqta.Insert(Convert.ToDecimal(response.header.ID), Convert.ToDecimal(srcPort), dstIp.ToString(), response.Questions[0].QName.ToString(),time);
}
else if ((response.header.QR == true))// && (dstIp == IPAddress.Parse("10.12.11.74")))
{
Console.WriteLine("Got an Answer..");
if (response.Answers.Count > 0)
{
Console.WriteLine("Got an Answer..");
display();
}
dnsSnifferTableAdapters.res_tableTableAdapter resta = new MyDnsSniffer.dnsSnifferTableAdapters.res_tableTableAdapter();
foreach (AnswerRR answerRR in response.Answers)
{
resta.Insert(Convert.ToDecimal(response.header.ID), Convert.ToDecimal(dstPort), srcIp.ToString(), r_id, answerRR.NAME.ToString(), answerRR.RECORD.ToString(), time);
}
dnsSnifferTableAdapters.additional_host_ipTableAdapter addta = new MyDnsSniffer.dnsSnifferTableAdapters.additional_host_ipTableAdapter();
foreach (AdditionalRR additionalRR in response.Additionals)
{
if(additionalRR.RECORD.ToString()!="not-used")
addta.Insert(r_id,additionalRR.NAME.ToString(), additionalRR.RECORD.ToString());
}
r_id++;
}
}
}
}
private static void device_OnPacketArrival(object sender, CaptureEventArgs e)
{
DateTime time = e.Packet.Timeval.Date;
int len = e.Packet.Data.Length;
devicesPacketLengthS[0] += len;
Console.WriteLine("bytes : {0}", len);
Console.WriteLine("{0}:{1}:{2},{3} Len={4}",
time.Hour, time.Minute, time.Second, time.Millisecond, len);
}
static void dev_OnPacketArrival(object sender, SharpPcap.CaptureEventArgs e)
{
var time = e.Packet.Timeval.Date;
var len = e.Packet.Data.Length;
Console.WriteLine("{0}:{1}:{2},{3} Len={4}",
time.Hour, time.Minute, time.Second, time.Millisecond, len);
Console.WriteLine(e.Packet.ToString());
}
/// <summary>
/// 在线捕获时 数据包到达时进行的操作
/// </summary>
private void device_OnPacketArrival(object sender, CaptureEventArgs e)
{
packetArrival(sender, e);
//在线捕获的时候同时进行包的保存
if (device.DumpOpened)
{
device.Dump(e.Packet);
}
}
static void localAreaNetworkNIC_OnPacketArrival(object sender, CaptureEventArgs e)
{
//DateTime time = e.Packet.Timeval.Date;
//int len = e.Packet.Data.Length;
//string content = ByteArrayToString(e.Packet.Data);
//Console.WriteLine("{0}:{1}:{2},{3} Len={4}: {5}",
// time.Hour, time.Minute, time.Second, time.Millisecond, len, content);
var packet = Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
if (e.Packet.LinkLayerType == LinkLayers.Ethernet)
{
EthernetPacket ethernetPacket = (EthernetPacket)packet;
PhysicalAddress destMacAddress = ethernetPacket.DestinationHwAddress;
PhysicalAddress srcMacAddress = ethernetPacket.SourceHwAddress;
//Console.WriteLine("Mac: {0} -> {1}", srcMacAddress, destMacAddress);
}
IpPacket ipPacket = IpPacket.GetEncapsulated(packet);
if (ipPacket != null)
{
IPAddress srcIpAddress = ipPacket.SourceAddress;
IPAddress destIpAddress = ipPacket.DestinationAddress;
//Console.WriteLine("IP: {0} -> {1}", srcIpAddress, destIpAddress);
TcpPacket tcpPacket = TcpPacket.GetEncapsulated(packet);
if (tcpPacket != null)
{
int srcPort = tcpPacket.SourcePort;
int destPort = tcpPacket.DestinationPort;
//Console.WriteLine("TCP Port: {0} -> {1}", srcPort, destPort);
byte[] tcpBody = RipHeader(tcpPacket.Bytes, tcpPacket.Header);
string packetString = ByteArrayToString(tcpBody);
if (packetString.Contains("HTTP"))
{
Console.WriteLine("IP: {0} -> {1}", srcIpAddress, destIpAddress);
Console.WriteLine("TCP Port: {0} -> {1}", srcPort, destPort);
Console.WriteLine(ByteArrayToString(tcpBody));
}
}
//UdpPacket udpPacket = UdpPacket.GetEncapsulated(packet);
//if (udpPacket != null)
//{
// int srcPort = udpPacket.SourcePort;
// int destPort = udpPacket.DestinationPort;
// Console.WriteLine("UDP Port: {0} -> {1}", srcPort, destPort);
//}
}
//string packetString = PacketString(packet);
//Console.WriteLine(packetString);
//Console.WriteLine();
}
private static void device_OnPacketArrival(object sender, CaptureEventArgs e)
{
var time = e.Packet.Timeval.Date;
var len = e.Packet.Data.Length;
Console.WriteLine("{0}:{1}:{2},{3} Len={4}",
time.Hour, time.Minute, time.Second, time.Millisecond, len);
Console.WriteLine(e.Packet.ToString());
var p = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
Console.WriteLine(p.ToString(PacketDotNet.StringOutputType.VerboseColored));
}
private static void device_OnPacketArrival(object sender, CaptureEventArgs e)
{
var packet = Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
while (packet != null) {
var arpPacket = packet as ARPPacket;
if (arpPacket != null) {
HandleArpPacket(arpPacket);
}
packet = packet.PayloadPacket;
}
}
/// <summary>
/// Dumps each received packet to a pcap file
/// </summary>
private static void device_PcapOnPacketArrival(object sender, SharpPcap.CaptureEventArgs e)
{
ICaptureDevice device = (ICaptureDevice)sender;
//if device has a dump file opened
if (device.DumpOpened)
{
device.Dump(e.Packet);
}
_packetCount++;
}
private void device_OnPacketArrival(object sender, CaptureEventArgs e)
{
try
{
Packet p = Packet.ParsePacket(LinkLayers.Ethernet, e.Packet.Data);
Program.CurrentProject.data.stackPacketsFIFO.Add(p);
}
catch
{
// Paquete perdido
}
}
private static void device_OnPacketArrival(object sender, CaptureEventArgs e)
{
var packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
if(packet is PacketDotNet.EthernetPacket)
{
var eth = ((PacketDotNet.EthernetPacket)packet);
Console.WriteLine("Original Eth packet: " + eth.ToString());
//Manipulate ethernet parameters
eth.SourceHwAddress = PhysicalAddress.Parse("00-11-22-33-44-55");
eth.DestinationHwAddress = PhysicalAddress.Parse("00-99-88-77-66-55");
var ip = PacketDotNet.IpPacket.GetEncapsulated(packet);
if(ip != null)
{
Console.WriteLine("Original IP packet: " + ip.ToString());
//manipulate IP parameters
ip.SourceAddress = System.Net.IPAddress.Parse("1.2.3.4");
ip.DestinationAddress = System.Net.IPAddress.Parse("44.33.22.11");
ip.TimeToLive = 11;
var tcp = PacketDotNet.TcpPacket.GetEncapsulated(packet);
if (tcp != null)
{
Console.WriteLine("Original TCP packet: " + tcp.ToString());
//manipulate TCP parameters
tcp.SourcePort = 9999;
tcp.DestinationPort = 8888;
tcp.Syn = !tcp.Syn;
tcp.Fin = !tcp.Fin;
tcp.Ack = !tcp.Ack;
tcp.WindowSize = 500;
tcp.AcknowledgmentNumber = 800;
tcp.SequenceNumber = 800;
}
var udp = PacketDotNet.UdpPacket.GetEncapsulated(packet);
if (udp != null)
{
Console.WriteLine("Original UDP packet: " + udp.ToString());
//manipulate UDP parameters
udp.SourcePort = 9999;
udp.DestinationPort = 8888;
}
}
Console.WriteLine("Manipulated Eth packet: " + eth.ToString());
}
}
public void device_OnPacketArrival(object sender, CaptureEventArgs eCap)
{
try
{
ByteArraySegment raw = new ByteArraySegment(eCap.Packet.Data);
EthernetPacket ethernetPacket = new EthernetPacket(raw);
IpPacket ipPacket = (IpPacket)ethernetPacket.PayloadPacket;
TcpPacket tcp = (TcpPacket)ipPacket.PayloadPacket;
if (ipPacket != null && tcp != null)
{
string destIp = ipPacket.DestinationAddress.ToString();
if (destIp == captureIp)
{
//Client -> Server
MainWindow.pp.AppendClientData(tcp.PayloadData);
// ReSharper disable CSharpWarnings::CS0642
while (MainWindow.pp.ProcessClientData()) ;
// ReSharper restore CSharpWarnings::CS0642
}
else
{
//Do a check for a new game Connection. Each handshake starts with a dword 1 packet from the server.
byte[] test = { 0x01, 0x00, 0x00, 0x00 };
if (StructuralComparisons.StructuralEqualityComparer.Equals(test, tcp.PayloadData))
{
//New Connection detected.
//We should reset State and Security Info
MainWindow.pp.Init();
MainWindow.pp.State = 0;
MainWindow.ClearPackets();
}
//Sever -> Client
MainWindow.pp.AppendServerData(tcp.PayloadData);
// ReSharper disable CSharpWarnings::CS0642
while (MainWindow.pp.ProcessServerData()) ;
// ReSharper restore CSharpWarnings::CS0642
}
}
}
catch (Exception ex)
{
MainWindow.SetText("device_OnPacketArrival failure. \n Message:" + ex);
}
}
private void device_OnPacketArrival(object sender, SharpPcap.CaptureEventArgs e)
{
if (e.Packet.LinkLayerType == PacketDotNet.LinkLayers.Ethernet)
{
PacketDotNet.Packet packet;
long TotalPacketSize = e.Packet.Data.Length;
BytesRead += TotalPacketSize;
++PacketsSeen;
if ((PacketsSeen > 0) && ((PacketsSeen % 10000) == 0))
{
DebugLog.ConsoleWindow.SelectedIndex = DebugLog.ConsoleWindow.Items.Count - 1;
int Progress = (int)((float)BytesRead / (float)CaptureFileSize * 100);
ProgressBar.Value = Progress;
Application.DoEvents();
}
try
{
packet = PacketDotNet.Packet.ParsePacket(e.Packet);
}
catch
{
return;
}
var ethernetPacket = (PacketDotNet.EthernetPacket)packet;
var udpPacket = PacketDotNet.UdpPacket.GetEncapsulated(packet);
if (udpPacket != null)
{
var ipPacket = (PacketDotNet.IpPacket)udpPacket.ParentPacket;
System.Net.IPAddress srcIp = ipPacket.SourceAddress;
System.Net.IPAddress dstIp = ipPacket.DestinationAddress;
byte[] Payload = udpPacket.PayloadData;
Int32 l = udpPacket.Length - udpPacket.Header.GetLength(0);
if (l > 0)
{
Array.Resize(ref Payload, l);
StreamProcessor.ProcessPacket(srcIp, dstIp, udpPacket.SourcePort, udpPacket.DestinationPort, Payload, packet.Timeval.Date);
}
}
}
}
private static void onPacketArrival(object sender, CaptureEventArgs e)
{
var packet = Packet.ParsePacket (e.Packet.LinkLayerType, e.Packet.Data);
// Test for TCP packet.
TcpPacket tcpPacket = packet.Extract (typeof(TcpPacket)) as TcpPacket;
if (tcpPacket != null) {
runTcpParsers (tcpPacket);
} else {
// Test for UDP packet
UdpPacket udpPacket = packet.Extract(typeof(UdpPacket)) as UdpPacket;
if (udpPacket != null) {
runUdpParsers (udpPacket);
}
}
}
/// <summary>
/// Prints the source and dest MAC addresses of each received Ethernet frame
/// </summary>
private static void device_OnPacketArrival(object sender, CaptureEventArgs e)
{
if(e.Packet.LinkLayerType == PacketDotNet.LinkLayers.Ethernet)
{
var packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
var ethernetPacket = (PacketDotNet.EthernetPacket)packet;
Console.WriteLine("{0} At: {1}:{2}: MAC:{3} -> MAC:{4}",
packetIndex,
e.Packet.Timeval.Date.ToString(),
e.Packet.Timeval.Date.Millisecond,
ethernetPacket.SourceHwAddress,
ethernetPacket.DestinationHwAddress);
packetIndex++;
}
}
private void device_OnPacketArrival(object sender, CaptureEventArgs e)
{
if (e.Device.LinkType != LinkLayers.Ethernet)
return;
var ethernetPacket = new EthernetPacket(new ByteArraySegment(e.Packet.Data));
var ipPacket = ethernetPacket.PayloadPacket as IpPacket;
if (ipPacket == null)
return;
OnPacketReceived(ipPacket);
var device = (WinPcapDevice) sender;
if (device.Statistics.DroppedPackets == _droppedPackets &&
device.Statistics.InterfaceDroppedPackets == _interfaceDroppedPackets) return;
_droppedPackets = device.Statistics.DroppedPackets;
_interfaceDroppedPackets = device.Statistics.InterfaceDroppedPackets;
File.AppendAllText("TCP",
$"DroppedPackets {device.Statistics.DroppedPackets}, InterfaceDroppedPackets {device.Statistics.InterfaceDroppedPackets}");
}
private void OnPacketArrival(object sender, CaptureEventArgs e)
{
var tcp = (TcpPacket) Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data).Extract(typeof (TcpPacket));
var ipv4 = (IPv4Packet) tcp.ParentPacket;
var sourceAddress = ipv4.SourceAddress.ToString();
var data = tcp.PayloadData;
if (sourceAddress == _serverIp)
{
if (IsZlibStartPacket(data))
_libFaolanCompression = new LibFaolanCompression();
if (_libFaolanCompression == null)
throw new Exception("_libFaolanCompression == null");
var decompressedData = _libFaolanCompression.Inflate(data);
if (decompressedData == null)
throw new Exception("decompressedData == null");
if (decompressedData.Length == 0)
return;
foreach (var cp in _serverWireProtocol.CreateMessages(decompressedData))
_capturedPackets.Add(new PacketWrapper(_packetCounter++, ipv4, tcp.SourcePort, tcp.DestinationPort,
(ConanPacket) cp));
}
else if (sourceAddress == _clientIp)
{
// Client sometimes sends the zlib start packet, but never actually uses compression (anymore)
if (IsZlibStartPacket(data))
{
Console.WriteLine("Client send zlib start packet");
return;
}
foreach (var cp in _clientWireProtocol.CreateMessages(data))
_capturedPackets.Add(new PacketWrapper(_packetCounter++, ipv4, tcp.SourcePort, tcp.DestinationPort,
(ConanPacket) cp));
}
else
throw new Exception("Weird stuff is happening");
}
/// <summary>
/// Prints the time, length, src ip, src port, dst ip and dst port
/// for each TCP/IP packet received on the network
/// </summary>
private static void device_OnPacketArrival(object sender, CaptureEventArgs e)
{
var time = e.Packet.Timeval.Date;
var len = e.Packet.Data.Length;
var packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
var tcpPacket = PacketDotNet.TcpPacket.GetEncapsulated(packet);
if(tcpPacket != null)
{
var ipPacket = (PacketDotNet.IpPacket)tcpPacket.ParentPacket;
System.Net.IPAddress srcIp = ipPacket.SourceAddress;
System.Net.IPAddress dstIp = ipPacket.DestinationAddress;
int srcPort = tcpPacket.SourcePort;
int dstPort = tcpPacket.DestinationPort;
Console.WriteLine("{0}:{1}:{2},{3} Len={4} {5}:{6} -> {7}:{8}",
time.Hour, time.Minute, time.Second, time.Millisecond, len,
srcIp, srcPort, dstIp, dstPort);
}
}
void device_OnPacketArrival(object sender, CaptureEventArgs e)
{
var linkPacket = Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
var ipPacket = linkPacket.PayloadPacket as IpPacket;
if (ipPacket == null)
return;
var ipData = ipPacket.BytesHighPerformance;
var ipData2 = new ArraySegment<byte>(ipData.Bytes, ipData.Offset, ipData.Length);
OnPacketReceived(ipData2);
var device = (WinPcapDevice)sender;
if (device.Statistics.DroppedPackets != _droppedPackets || device.Statistics.InterfaceDroppedPackets != _interfaceDroppedPackets)
{
_droppedPackets = device.Statistics.DroppedPackets;
_interfaceDroppedPackets = device.Statistics.InterfaceDroppedPackets;
OnWarning(string.Format("DroppedPackets {0}, InterfaceDroppedPackets {1}", device.Statistics.DroppedPackets, device.Statistics.InterfaceDroppedPackets));
}
}
private void OnPacketArrival(object sender, CaptureEventArgs args)
{
Packet packet = Packet.ParsePacket(args.Packet.LinkLayerType, args.Packet.Data);
TcpPacket tcpPacket = (TcpPacket)packet.Extract(typeof (TcpPacket));
if (tcpPacket == null) return;
//Make sure we are only getting nexus stuff
if ((tcpPacket.DestinationPort == 2001 || tcpPacket.SourcePort == 2001) ||
(tcpPacket.DestinationPort == 2000 || tcpPacket.SourcePort == 2000))
{
if (tcpPacket.PayloadData != null && tcpPacket.PayloadData.Length > 0 && tcpPacket.PayloadData[0] == 0xAA)
{
EventSink.InvokeNexusPacket(
new NexusPacketEventArgs(
tcpPacket.PayloadData,
(tcpPacket.DestinationPort == 2001 || tcpPacket.DestinationPort == 2000)
)
);
}
}
}
private void OnPacketArrival(object sender, CaptureEventArgs e)
{
DateTime time = e.Packet.Timeval.Date;
int len = e.Packet.Data.Length;
RawCapture rawCapture = e.Packet;
Packet packet = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data);
TcpPacket tcpPacket = (TcpPacket)packet.Extract(typeof(TcpPacket));
if (tcpPacket != null)
{
/// Filtering HTTP Packet using source port and desination port
if (IsHttpPacket(tcpPacket))
{
if (tcpPacket.Psh && tcpPacket.Ack)
{
seqNumbers.Enqueue(tcpPacket.AcknowledgmentNumber);
}
// If arrived packet is the first packet of the Http packet
if (IsFirstPacket(tcpPacket))
{
if (packet.PayloadPacket.PayloadPacket.PayloadData.Length != 0)
{
try
{
readyAssembleHttpPacket.Add(new HttpPacket(packet));
}
catch (ArgumentException exep)
{
// Debug.WriteLine(exep.Message);
}
}
}
else
{
foreach (HttpPacket element in readyAssembleHttpPacket)
{
if (element.NextSequenceNumber == tcpPacket.SequenceNumber && !element.IsAssembleEnded)
{
// Check assembling work is done
if(element.AssembleTcpPacket(packet))
{
HttpPacketArriveEvnetArgs packetEvent = new HttpPacketArriveEvnetArgs(element);
OnHttpPacketArrived(packetEvent);
}
}
}
}
}
}
}
void HandleOnPacketArrival (object sender, CaptureEventArgs e)
{
}
private static void device_OnPacketArrival(object sender, CaptureEventArgs e)
{
var packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
if(packet is PacketDotNet.EthernetPacket)
{
var ip = PacketDotNet.IpPacket.GetEncapsulated(packet);
if(ip != null)
{
var tcp = PacketDotNet.TcpPacket.GetEncapsulated(packet);
if (tcp != null && tcp.PayloadData != null && tcp.PayloadData.Length > 0)
{
lock(Tcp_packets_holder._lock)
{
Tcp_packets_holder.Packets.Add(new Packet() { Ip = ip, Tcp = tcp });
}
}
}
}
}
/// <summary>
/// 抓包方法
/// </summary>
private void device_OnPacketArrival(object sender, CaptureEventArgs e)
{
PcapPorcessContext(e.Packet);
}
void readerDevice_OnPacketArrival(object sender, CaptureEventArgs e)
{
rawCapturesList.Add(e.Packet);
CustomerPacket curpacket = AchieiveNewPacket(e.Packet);
if (packets == null)
{
packets = new ObservableCollection<CustomerPacket>();
packets.Add(curpacket);
this.ViewBody.ItemsSource = packets;
}
else
{
try
{
//此处可能会有溢出
packets.Add(curpacket);
}
catch
{
this.continueGetPacket = false;
}
finally
{
}
}
}
private void device_OnPacketArrival(object sender, SharpPcap.CaptureEventArgs e)
{
// Parse our ip
IPAddress[] toMonitor;
try
{
Packet packet = Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
TcpPacket tcp = packet.Extract(typeof(TcpPacket)) as TcpPacket;
if (tcp != null)
{
IpPacket ipPacket = (IpPacket)tcp.ParentPacket;
FontFamily lcFamily = null;
lcFamily = new FontFamily("Lucida Console");
if (lcFamily == null)
{
lcFamily = new FontFamily(GenericFontFamilies.Monospace);
}
System.Drawing.Font font = new Font(lcFamily, 8);
//mainForm.WriteLine(string.Format("From IP: {0} {1}",ipPacket.DestinationAddress.ToString(), ipPacket.DestinationAddress.AddressFamily.ToString()));
if (IsMonitoringIpAddresses && !string.IsNullOrEmpty(txt_Ip.Text))
{
foreach (string ip in Globals.SplitIPList(txt_Ip.Text))
{
// Try to parse
IPAddress a = null;
if (IPAddress.TryParse(ip, out a))
{
}
//mainForm.WriteLine(string.Format("Parsed to {0}", Globals.ToUncompressedString(a)));
//if (ipPacket.DestinationAddress.ToString() == ip || ipPacket.SourceAddress.ToString() == ip)
if (Globals.ToUncompressedString(ipPacket.DestinationAddress) == Globals.ToUncompressedString(a) || Globals.ToUncompressedString(ipPacket.SourceAddress) == Globals.ToUncompressedString(a))
{
//mainForm.WriteLine("Matched IP", Color.Red);
// get the process using this ip and port
ProcessUsingIP = TcpHelper.GetProcessCommunicatingWithRemoteIP(ipPacket.DestinationAddress);
if (ProcessUsingIP != null)
{
//mainForm.WriteLine(string.Format("Got Process {0}", ProcessUsingIP.ProcessName));
byte[] pMem = null;
if (Globals.TryGetAllProcessMemoryBytes(ProcessUsingIP, out pMem))
{
//mainForm.WriteLine(Globals.FormatBytes(pMem).Trim());
}
}
// Write it out
if (Globals.FormatBytes(tcp.PayloadData).Trim() != "{ 0x };")
{
if (ipPacket.SourceAddress.ToString() == ip)
{
mainForm.WriteLine(string.Format("From Ip {0} port {1} to Ip {2} port {3}", ipPacket.SourceAddress, tcp.SourcePort, ipPacket.DestinationAddress, tcp.DestinationPort), Color.Blue);
mainForm.WriteLine(Globals.FormatBytes(tcp.PayloadData), Color.Red);
mainForm.WriteLine(string.Format("Data Raw Hex Output - length={0} bytes", tcp.PayloadData.Length), Color.Red);
mainForm.WriteLine(Globals.NiceHexOutput(tcp.PayloadData), Color.Red, font);
}
else
{
mainForm.WriteLine(string.Format("From Ip {0} port {1} to Ip {2} port {3}", ipPacket.SourceAddress, tcp.SourcePort, ipPacket.DestinationAddress, tcp.DestinationPort), Color.Blue);
mainForm.WriteLine(Globals.FormatBytes(tcp.PayloadData), Color.Green);
mainForm.WriteLine(string.Format("Data Raw Hex Output - length={0} bytes", tcp.PayloadData.Length), Color.Green);
mainForm.WriteLine(Globals.NiceHexOutput(tcp.PayloadData), Color.Green, font);
}
}
}
}
}
else
{
// Write it all out
if (Globals.FormatBytes(tcp.PayloadData).Trim() != "{ 0x };")
{
mainForm.WriteLine(string.Format("From Ip {0} port {1} to Ip {2} port {3}", ipPacket.SourceAddress, tcp.SourcePort, ipPacket.DestinationAddress, tcp.DestinationPort), Color.Blue);
mainForm.WriteLine(Globals.FormatBytes(tcp.PayloadData), Color.Black);
mainForm.WriteLine(string.Format("Data Raw Hex Output - length={0} bytes", tcp.PayloadData.Length), Color.Black);
mainForm.WriteLine(Globals.NiceHexOutput(tcp.PayloadData), Color.Black, font);
}
}
}
}
catch { }
}