private void parseData(IPHeader ipHeader, TCPHeader tcpHeader, string content, bool isRequest)
{
string destionationIP = ipHeader.DestinationAddress.ToString();
int destinationPort = Int32.Parse(tcpHeader.DestinationPort);
string sourceIP = ipHeader.SourceAddress.ToString();
int sourcePort = Int32.Parse(tcpHeader.SourcePort);
if (!isRequest)
{
int index = content.IndexOf("\r\n\r\n");
if (index != -1)
{
content = content.Substring(0, index).Trim();
}
}
string[] lines = content.Split(new char[] { '\r', '\n' });
if (isRequest && lines != null && lines.Length > 0)
{
Hashtable httpRequest = new Hashtable();
targetIP = destionationIP;
targetPort = destinationPort;
httpRequest.Add("REQUEST_IP_SOURCE", sourceIP);
httpRequest.Add("REQUEST_PORT_SOURCE", sourcePort);
httpRequest.Add("REQUEST_IP_DESTINATION", destionationIP);
httpRequest.Add("REQUEST_PORT_DESTINATION", destinationPort);
for (int i = 0; i < lines.Length; i++)
{
if (lines[i] != null && lines[i].Length > 0)
{
if (lines[i].StartsWith("GET "))
{
string value = lines[i].Substring("GET ".Length);
int index = value.IndexOf(" ");
if (index != -1)
{
value = value.Substring(0, index);
}
httpRequest.Add("REQUEST_URL", value);
}
else
{
int index = lines[i].IndexOf(":");
if (index > 0)
{
string key = lines[i].Substring(0, index).Trim();
string value = lines[i].Substring(index + 1).Trim();
if (!httpRequest.ContainsKey(key))
{
httpRequest.Add(key, value);
}
}
}
}
}
receiveRequest(httpRequest);
}
else if (!isRequest && lines != null && lines.Length > 0)
{
if (targetIP != null && targetIP.Equals(sourceIP) && targetPort == sourcePort)
{
Hashtable httpResponse = new Hashtable();
httpResponse.Add("RESPONSE_IP_SOURCE", sourceIP);
httpResponse.Add("RESPONSE_PORT_SOURCE", sourcePort);
httpResponse.Add("RESPONSE_IP_DESTINATION", destionationIP);
httpResponse.Add("RESPONSE_PORT_DESTINATION", destinationPort);
for (int i = 0; i < lines.Length; i++)
{
if (lines[i] != null && lines[i].Length > 0)
{
if (lines[i].StartsWith("HTTP/1.1 "))
{
string value = lines[i].Substring("HTTP/1.1 ".Length);
httpResponse.Add("REQUEST_CODE", value);
}
else
{
int index = lines[i].IndexOf(":");
if (index > 0)
{
string key = lines[i].Substring(0, index).Trim();
string value = lines[i].Substring(index + 1).Trim();
if (!httpResponse.ContainsKey(key))
{
httpResponse.Add(key, value);
}
}
}
}
}
receiveResponse(httpResponse);
}
}
}
private void parseData(IPHeader ipHeader, TCPHeader tcpHeader, string content, bool isRequest)
{
string destionationIP = ipHeader.DestinationAddress.ToString();
int destinationPort = Int32.Parse(tcpHeader.DestinationPort);
string sourceIP = ipHeader.SourceAddress.ToString();
int sourcePort = Int32.Parse(tcpHeader.SourcePort);
if (!isRequest) {
int index = content.IndexOf("\r\n\r\n");
if (index != -1) {
content = content.Substring(0, index).Trim();
}
}
string[] lines = content.Split(new char[] { '\r', '\n' });
if (isRequest && lines != null && lines.Length>0) {
Hashtable httpRequest = new Hashtable();
targetIP = destionationIP;
targetPort = destinationPort;
httpRequest.Add("REQUEST_IP_SOURCE", sourceIP);
httpRequest.Add("REQUEST_PORT_SOURCE", sourcePort);
httpRequest.Add("REQUEST_IP_DESTINATION", destionationIP);
httpRequest.Add("REQUEST_PORT_DESTINATION", destinationPort);
for (int i = 0; i < lines.Length; i++) {
if (lines[i] != null && lines[i].Length > 0) {
if (lines[i].StartsWith("GET ")) {
string value = lines[i].Substring("GET ".Length);
int index = value.IndexOf(" ");
if (index != -1) value = value.Substring(0, index);
httpRequest.Add("REQUEST_URL", value);
}
else {
int index = lines[i].IndexOf(":");
if (index > 0) {
string key = lines[i].Substring(0, index).Trim();
string value = lines[i].Substring(index + 1).Trim();
if (!httpRequest.ContainsKey(key)) httpRequest.Add(key, value);
}
}
}
}
receiveRequest(httpRequest);
}
else if (!isRequest && lines != null && lines.Length > 0) {
if (targetIP != null && targetIP.Equals(sourceIP) && targetPort == sourcePort) {
Hashtable httpResponse = new Hashtable();
httpResponse.Add("RESPONSE_IP_SOURCE", sourceIP);
httpResponse.Add("RESPONSE_PORT_SOURCE", sourcePort);
httpResponse.Add("RESPONSE_IP_DESTINATION", destionationIP);
httpResponse.Add("RESPONSE_PORT_DESTINATION", destinationPort);
for (int i = 0; i < lines.Length; i++) {
if (lines[i] != null && lines[i].Length > 0) {
if (lines[i].StartsWith("HTTP/1.1 ")) {
string value = lines[i].Substring("HTTP/1.1 ".Length);
httpResponse.Add("REQUEST_CODE", value);
}
else {
int index = lines[i].IndexOf(":");
if (index > 0) {
string key = lines[i].Substring(0, index).Trim();
string value = lines[i].Substring(index + 1).Trim();
if (!httpResponse.ContainsKey(key)) httpResponse.Add(key, value);
}
}
}
}
receiveResponse(httpResponse);
}
}
}
private void ParseData(byte[] byteData, int nReceived)
{
IPHeader ipHeader = new IPHeader(byteData, nReceived);
switch (ipHeader.ProtocolType)
{
/*case Protocol.TCP: {
* TCPHeader tcpHeader = new TCPHeader(ipHeader.Data, ipHeader.MessageLength);
* if (tcpHeader.Flags.Equals("0x18 (PSH, ACK)")) {
* byte[] data = new byte[(int)ipHeader.MessageLength];
* for (int i = 0; i < data.Length; i++) data[i] = tcpHeader.Data[i];
* string content = Encoding.ASCII.GetString(data);
* if (content.StartsWith("GET ")) parseData(ipHeader, tcpHeader, content, true);
* else if (content.StartsWith("HTTP/1.1 ")) parseData(ipHeader, tcpHeader, content, false);
* }
* break;
* }*/
case Protocol.UDP: {
UDPHeader udpHeader = new UDPHeader(ipHeader.Data, ipHeader.MessageLength);
int destinationPort = Int32.Parse(udpHeader.DestinationPort);
int sourcePort = Int32.Parse(udpHeader.SourcePort);
if (destinationPort == 53 || sourcePort == 53)
{
byte[] fillBuffer = new byte[ipHeader.MessageLength];
string result = string.Empty;
for (int i = 0, c = 0; i < fillBuffer.Length; i++)
{
int byteInt = ipHeader.Data[i];
if (byteInt < 32)
{
if (c > 3 && result.Length > 0)
{
result += ".";
}
else
{
c++;
}
}
else if (byteInt > 32 && byteInt < 127)
{
result += (char)byteInt;
}
}
char[] charArray = result.ToCharArray();
char oldChar = '.';
for (int i = 0; i < charArray.Length; i++)
{
if (i > 3 && charArray[i] != oldChar && charArray[i - 1] == oldChar && charArray[i - 2] == oldChar)
{
result = string.Empty;
for (int j = i; j < charArray.Length; j++)
{
result += charArray[j];
}
break;
}
oldChar = charArray[i];
}
result = result.Replace(".....", "");
Console.WriteLine("DNS: " + result);
}
break;
}
default: {
break;
}
}
}
private void ParseData(byte[] byteData, int nReceived)
{
IPHeader ipHeader = new IPHeader(byteData, nReceived);
switch (ipHeader.ProtocolType) {
/*case Protocol.TCP: {
TCPHeader tcpHeader = new TCPHeader(ipHeader.Data, ipHeader.MessageLength);
if (tcpHeader.Flags.Equals("0x18 (PSH, ACK)")) {
byte[] data = new byte[(int)ipHeader.MessageLength];
for (int i = 0; i < data.Length; i++) data[i] = tcpHeader.Data[i];
string content = Encoding.ASCII.GetString(data);
if (content.StartsWith("GET ")) parseData(ipHeader, tcpHeader, content, true);
else if (content.StartsWith("HTTP/1.1 ")) parseData(ipHeader, tcpHeader, content, false);
}
break;
}*/
case Protocol.UDP: {
UDPHeader udpHeader = new UDPHeader(ipHeader.Data, ipHeader.MessageLength);
int destinationPort = Int32.Parse(udpHeader.DestinationPort);
int sourcePort = Int32.Parse(udpHeader.SourcePort);
if (destinationPort == 53 || sourcePort == 53) {
byte[] fillBuffer = new byte[ipHeader.MessageLength];
string result = string.Empty;
for (int i = 0, c=0; i < fillBuffer.Length; i++) {
int byteInt = ipHeader.Data[i];
if (byteInt < 32) {
if (c > 3 && result.Length > 0) result += ".";
else c++;
}
else if (byteInt > 32 && byteInt < 127) result += (char)byteInt;
}
char[] charArray = result.ToCharArray();
char oldChar = '.';
for (int i = 0; i < charArray.Length; i++) {
if (i > 3 && charArray[i] != oldChar && charArray[i-1] == oldChar && charArray[i-2] == oldChar) {
result = string.Empty;
for (int j = i; j < charArray.Length; j++) result += charArray[j];
break;
}
oldChar = charArray[i];
}
result = result.Replace(".....", "");
Console.WriteLine("DNS: " + result);
}
break;
}
default: {
break;
}
}
}
