コード例 #1
0
        //Helper function which returns the information contained in the TCP header as a
        //tree node
        private TreeNode MakeTCPTreeNode(TCPHeader tcpHeader)
        {
            TreeNode tcpNode = new TreeNode();

            tcpNode.Text = "TCP";

            tcpNode.Nodes.Add("Source Port: " + tcpHeader.SourcePort);
            tcpNode.Nodes.Add("Destination Port: " + tcpHeader.DestinationPort);
            tcpNode.Nodes.Add("Sequence Number: " + tcpHeader.SequenceNumber);

            if (tcpHeader.AcknowledgementNumber != "")
            {
                tcpNode.Nodes.Add("Acknowledgement Number: " + tcpHeader.AcknowledgementNumber);
            }

            tcpNode.Nodes.Add("Header Length: " + tcpHeader.HeaderLength);
            tcpNode.Nodes.Add("Flags: " + tcpHeader.Flags);
            tcpNode.Nodes.Add("Window Size: " + tcpHeader.WindowSize);
            tcpNode.Nodes.Add("Checksum: " + tcpHeader.Checksum);

            if (tcpHeader.UrgentPointer != "")
            {
                tcpNode.Nodes.Add("Urgent Pointer: " + tcpHeader.UrgentPointer);
            }

            //udpNode.Nodes.Add("Data: " + ByteArrayToString(udpHeader.Data));
            tcpNode.Nodes.Add("Data: " + ByteArrayToString(tcpHeader.Data));
            return(tcpNode);
        }
コード例 #2
0
        private void ParseData(byte[] byteData, int nReceived)
        {
            TreeNode rootNode     = new TreeNode();
            TreeNode tcpOrudpNode = new TreeNode();

            //Since all protocol packets are encapsulated in the IP datagram
            //so we start by parsing the IP header and see what protocol data
            //is being carried by it
            IPHeader ipHeader = new IPHeader(byteData, nReceived);

            //IPAddress IPsrc = NetCode.NetCode.ToIPAddress("10.226.38.232");
            IPAddress IPsrc = NetCode.NetCode.ToIPAddress("10.226.41.152");

            IPAddress IPsrcMy           = NetCode.NetCode.ToIPAddress("10.226.42.35");
            IPAddress IPsrcSanjat       = NetCode.NetCode.ToIPAddress("10.226.43.104");
            IPAddress IPsrcSanjatLaptop = NetCode.NetCode.ToIPAddress("10.226.38.232");
            IPAddress IPsrcPriyanka     = NetCode.NetCode.ToIPAddress("10.226.41.152");
            IPAddress IPsrcList1        = NetCode.NetCode.ToIPAddress("192.168.0.10");

            TreeNode ipNode = MakeIPTreeNode(ipHeader);

            //string str1 = ipHeader.SourceAddress.ToString();
            //if (str1 == IPsrc.ToString())
            //{
            //    MessageBox.Show("Found");
            //}

            //if (ipHeader.SourceAddress.ToString() == IPsrc.ToString())

            rootNode.Nodes.Add(ipNode);

            //Now according to the protocol being carried by the IP datagram we parse
            //the data field of the datagram
            //int intAddress = BitConverter.ToInt32(IPAddress.Parse(address).GetAddressBytes(), 0);
            //    string ipAddress = new IPAddress(BitConverter.GetBytes(intAddress)).ToString();

            PORT_SRC_ADDRESS  = 0;
            PORT_DEST_ADDRESS = 0;

            //if (ipHeader.SourceAddress.ToString() == IPsrc.ToString())
            switch (ipHeader.ProtocolType)
            {
            case Protocol.TCP:

                TCPHeader tcpHeader = new TCPHeader(ipHeader.Data,              //IPHeader.Data stores the data being
                                                                                //carried by the IP datagram
                                                    ipHeader.MessageLength);    //Length of the data field

                TreeNode tcpNode = MakeTCPTreeNode(tcpHeader);

                rootNode.Nodes.Add(tcpNode);
                tcpOrudpNode = (TreeNode)tcpNode.Clone();
                Array.Resize(ref (PACKET_DATA), tcpHeader.MessageLength);
                PACKET_DATA       = tcpHeader.Data;
                PORT_SRC_ADDRESS  = Convert.ToInt64(tcpHeader.DestinationPort);
                PORT_DEST_ADDRESS = Convert.ToInt64(tcpHeader.SourcePort);


                //If the port is equal to 53 then the underlying protocol is DNS
                //Note: DNS can use either TCP or UDP thats why the check is done twice
                if (tcpHeader.DestinationPort == "53" || tcpHeader.SourcePort == "53")
                {
                    TreeNode dnsNode = MakeDNSTreeNode(tcpHeader.Data, (int)tcpHeader.MessageLength);
                    rootNode.Nodes.Add(dnsNode);
                    //  tcpOrudpNode = (TreeNode)dnsNode.Clone();
                }

                break;

            case Protocol.UDP:

                UDPHeader udpHeader = new UDPHeader(ipHeader.Data,                  //IPHeader.Data stores the data being
                                                                                    //carried by the IP datagram
                                                    (int)ipHeader.MessageLength);   //Length of the data field

                TreeNode udpNode = MakeUDPTreeNode(udpHeader);
                tcpOrudpNode = (TreeNode)udpNode.Clone();;
                Array.Resize(ref (PACKET_DATA), udpHeader.Data.Length);
                PACKET_DATA = udpHeader.Data;

                rootNode.Nodes.Add(udpNode);

                PORT_SRC_ADDRESS  = Convert.ToInt64(udpHeader.DestinationPort);
                PORT_DEST_ADDRESS = Convert.ToInt64(udpHeader.SourcePort);



                //If the port is equal to 53 then the underlying protocol is DNS
                //Note: DNS can use either TCP or UDP thats why the check is done twice
                if (udpHeader.DestinationPort == "53" || udpHeader.SourcePort == "53")
                {
                    TreeNode dnsNode = MakeDNSTreeNode(udpHeader.Data,
                                                       //Length of UDP header is always eight bytes so we subtract that out of the total
                                                       //length to find the length of the data
                                                       Convert.ToInt32(udpHeader.Length) - 8);

                    rootNode.Nodes.Add(dnsNode);
                    //   tcpOrudpNode = (TreeNode)dnsNode.Clone();
                }

                break;

            case Protocol.Unknown:
                rootNode.Nodes.Add(ipHeader.ProtocolType.ToString());
                break;
            }


            AddTreeNode addTreeNode = new AddTreeNode(OnAddTreeNode);

            rootNode.Text = ipHeader.SourceAddress.ToString() + "-" +
                            ipHeader.DestinationAddress.ToString();

            //Thread safe adding of the nodes
            treeView.Invoke(addTreeNode, new object[] { rootNode });


            // Resolve various host names
            string _srcstr = ipHeader.SourceAddress.ToString();



            //if (!SOURCEIP.Contains(_srcstr))// || !SOURCEIP.Contains("->"))
            try
            {
                SOURCEIP.Add(_srcstr, "?");
            }
            catch (Exception ex)
            { }
            //SOURCEIP.Sort();



            if (!backgroundWorker1.IsBusy)
            {
                //listBox1.Refresh();
                SOURCEIP_COPY = SOURCEIP;

                //textBox6.Text = SOURCEIP_COPY.Count.ToString();
                backgroundWorker1.RunWorkerAsync();
            }



            // Filter by sorting individual condition
            string _str = ipHeader.SourceAddress.ToString() + ":" + ipHeader.DestinationAddress.ToString();

            bool _PortFound     = false;
            bool _ProtocolFound = false;
            bool _IPFound       = false;


            if (checkBox_Port.Checked == true && textBox_PORT.Text != null)
            {
                if (PORT_DEST_ADDRESS == Convert.ToInt32(textBox_PORT.Text) || PORT_SRC_ADDRESS == Convert.ToInt32(textBox_PORT.Text))
                {
                    FILTERED_PORT.Add(_str); _PortFound = true;
                }
            }


            if (checkBox_Protocol.Checked == true)
            {
                int _Protocol = -1;
                if ((CMB_box == "TCP") && (ipHeader.ProtocolType == Protocol.TCP))
                {
                    _Protocol = Convert.ToInt16(Protocol.TCP); PROTOCOL = "TCP";
                }
                else if ((CMB_box == "UDP") && (ipHeader.ProtocolType == Protocol.UDP))
                {
                    _Protocol = Convert.ToInt16(Protocol.UDP); PROTOCOL = "UDP";
                }
                else
                {
                    PROTOCOL = "UNKNOWN";
                }

                if (Convert.ToInt16(ipHeader.ProtocolType) == _Protocol)
                {
                    FILTERED_PROTOCOL.Add(_str); _ProtocolFound = true;
                }
            }
            else
            {
                PROTOCOL = "TCP/UDP";
            }


            if (checkBox_IP.Checked == true && textBox_IP.Text != null)
            {
                //if (ipHeader.SourceAddress.ToString() == textBox_IP.Text || ipHeader.DestinationAddress.ToString() == textBox_IP.Text)
                if (_str.Contains(textBox_IP.Text) && _str.Contains(textBox_IPE.Text))
                {
                    FILTERED_IP.Add(_str); _IPFound = true;
                }
            }


            /////////////////////////////////////// filter common part as per filter condition
            bool UPDATE_FLG = false;

            PARSE_PROCESS_STAT = true;
            if (checkBox_Port.Checked == false && checkBox_Protocol.Checked == false && checkBox_IP.Checked == false)
            {
                FILTERED.Add(_str); UPDATE_FLG = true;
            }
            else if (checkBox_Port.Checked == true && checkBox_Protocol.Checked == false && checkBox_IP.Checked == false)
            {
                if (_PortFound == true)
                {
                    FILTERED.Add(_str); UPDATE_FLG = true;
                }
            }
            else if (checkBox_Port.Checked == false && checkBox_Protocol.Checked == true && checkBox_IP.Checked == false)
            {
                if (_ProtocolFound == true)
                {
                    FILTERED.Add(_str); UPDATE_FLG = true;
                }
            }
            else if (checkBox_Port.Checked == false && checkBox_Protocol.Checked == false && checkBox_IP.Checked == true)
            {
                if (_IPFound == true)
                {
                    FILTERED.Add(_str); UPDATE_FLG = true;
                }
            }
            else if (checkBox_Port.Checked == true && checkBox_Protocol.Checked == true && checkBox_IP.Checked == false)
            {
                if (_PortFound == true && _ProtocolFound == true && _IPFound == false)
                {
                    FILTERED.Add(_str); UPDATE_FLG = true;
                }
            }
            else if (checkBox_Port.Checked == true && checkBox_Protocol.Checked == false && checkBox_IP.Checked == true)
            {
                if (_PortFound == true && _ProtocolFound == true && _IPFound == true)
                {
                    FILTERED.Add(_str); UPDATE_FLG = true;
                }
            }
            else if (checkBox_Port.Checked == false && checkBox_Protocol.Checked == true && checkBox_IP.Checked == true)
            {
                //foreach (string element in FILTERED_IP)
                if (_PortFound == false && _ProtocolFound == true && _IPFound == true)
                {
                    FILTERED.Add(_str); UPDATE_FLG = true;
                }
            }
            else if (checkBox_Port.Checked == true && checkBox_Protocol.Checked == true && checkBox_IP.Checked == true)
            {
                //foreach (string element in FILTERED_PORT)
                if (_PortFound == true && _ProtocolFound == true && _IPFound == true)
                {
                    FILTERED.Add(_str); UPDATE_FLG = true;
                }
            }

            //Remove the entry which contains my own IP
            if (checkBox_MyIP.Checked == true && FILTERED.Count > 0)
            {
                if (FILTERED[FILTERED.Count - 1].ToString().Contains(InterfaceIP))
                {
                    FILTERED.RemoveAt(FILTERED.Count - 1); UPDATE_FLG = false;
                }
            }


            if (UPDATE_FLG == true && FILTERED.Count > 0)
            {
                UPDATE_FLG = false;

                FILTERED[FILTERED.Count - 1] = _str;// +"  [" + PORT_SRC_ADDRESS + ":" + PORT_DEST_ADDRESS + "]";

                //FILTERED.Sort();
                if (checkBox_rmvDuplicates.Checked == true)
                {
                    FILTERED = RemoveDuplicates(FILTERED);
                }



                TreeNode _FilteredRootNode = new TreeNode();

                IPHeader _ipHeader = new IPHeader(byteData, nReceived);
                TreeNode _ipNode   = MakeIPTreeNode(_ipHeader);


                _FilteredRootNode.Nodes.Add(_ipNode);

                _FilteredRootNode.Nodes.Add(tcpOrudpNode);


                AddTreeNode _addTreeNode = new AddTreeNode(_OnAddTreeNode);

                string _DATA = ByteArrayToString(PACKET_DATA);
                _FilteredRootNode.Text = _ipHeader.SourceAddress.ToString() + "->" + _ipHeader.DestinationAddress.ToString() + "[" + _DATA + "]";

                string _SourceInfo = _ipHeader.SourceAddress.ToString() + "[" + PORT_SRC_ADDRESS + "]";
                string _DestInfo   = _ipHeader.DestinationAddress.ToString() + "[" + PORT_DEST_ADDRESS + "]";
                string _strdummy   = "";


                //Thread safe adding of the nodes
                treeView1.Invoke(_addTreeNode, new object[] { _FilteredRootNode });
                if (checkBoxSave.Checked)
                {
                    if (textBoxClient.Text != null && textBoxServer.Text != null)
                    {
                        if (_SourceInfo.Contains(textBoxServer.Text) && _DestInfo.Contains(textBoxClient.Text))
                        {
                            PCK_CTR1++;
                            _strdummy = "Client<-Server,";
                            if (checkBoxHeader.Checked)
                            {
                                _strdummy = _strdummy + PROTOCOL + "," + _DestInfo + "<-" + _SourceInfo + ",";
                            }
                            _strdummy = _strdummy + _DATA;

                            Log("log.txt", _strdummy);
                        }
                        else if (textBoxClient.Text == textBoxServer.Text)
                        {
                            if (_SourceInfo.Contains(textBoxClient.Text) || _DestInfo.Contains(textBoxServer.Text))
                            {
                                PCK_CTR2++;

                                _strdummy = "**Client->Server,";
                                if (checkBoxHeader.Checked)
                                {
                                    _strdummy = _strdummy + PROTOCOL + "," + _SourceInfo + "->" + _DestInfo + ",";
                                }
                                _strdummy = _strdummy + _DATA;


                                Log("log.txt", _strdummy);
                            }
                            else if (_SourceInfo.Contains(textBoxClient.Text) && _DestInfo.Contains(textBoxServer.Text))
                            {
                                PCK_CTR2++;

                                _strdummy = "Client->Server,";
                                if (checkBoxHeader.Checked)
                                {
                                    _strdummy = _strdummy + PROTOCOL + "," + _SourceInfo + "->" + _DestInfo + ",";
                                }
                                _strdummy = _strdummy + _DATA;


                                Log("log.txt", _strdummy);
                            }
                        }
                    }
                }
            }
            PARSE_PROCESS_STAT = false;
        }