//Helper function which returns the information contained in the TCP header as a //tree node private TreeNode MakeTCPTreeNode(TCPHeader tcpHeader) { TreeNode tcpNode = new TreeNode(); tcpNode.Text = "TCP"; tcpNode.Nodes.Add("Source Port: " + tcpHeader.SourcePort); tcpNode.Nodes.Add("Destination Port: " + tcpHeader.DestinationPort); tcpNode.Nodes.Add("Sequence Number: " + tcpHeader.SequenceNumber); if (tcpHeader.AcknowledgementNumber != "") { tcpNode.Nodes.Add("Acknowledgement Number: " + tcpHeader.AcknowledgementNumber); } tcpNode.Nodes.Add("Header Length: " + tcpHeader.HeaderLength); tcpNode.Nodes.Add("Flags: " + tcpHeader.Flags); tcpNode.Nodes.Add("Window Size: " + tcpHeader.WindowSize); tcpNode.Nodes.Add("Checksum: " + tcpHeader.Checksum); if (tcpHeader.UrgentPointer != "") { tcpNode.Nodes.Add("Urgent Pointer: " + tcpHeader.UrgentPointer); } //udpNode.Nodes.Add("Data: " + ByteArrayToString(udpHeader.Data)); tcpNode.Nodes.Add("Data: " + ByteArrayToString(tcpHeader.Data)); return(tcpNode); }
private void ParseData(byte[] byteData, int nReceived) { TreeNode rootNode = new TreeNode(); TreeNode tcpOrudpNode = new TreeNode(); //Since all protocol packets are encapsulated in the IP datagram //so we start by parsing the IP header and see what protocol data //is being carried by it IPHeader ipHeader = new IPHeader(byteData, nReceived); //IPAddress IPsrc = NetCode.NetCode.ToIPAddress("10.226.38.232"); IPAddress IPsrc = NetCode.NetCode.ToIPAddress("10.226.41.152"); IPAddress IPsrcMy = NetCode.NetCode.ToIPAddress("10.226.42.35"); IPAddress IPsrcSanjat = NetCode.NetCode.ToIPAddress("10.226.43.104"); IPAddress IPsrcSanjatLaptop = NetCode.NetCode.ToIPAddress("10.226.38.232"); IPAddress IPsrcPriyanka = NetCode.NetCode.ToIPAddress("10.226.41.152"); IPAddress IPsrcList1 = NetCode.NetCode.ToIPAddress("192.168.0.10"); TreeNode ipNode = MakeIPTreeNode(ipHeader); //string str1 = ipHeader.SourceAddress.ToString(); //if (str1 == IPsrc.ToString()) //{ // MessageBox.Show("Found"); //} //if (ipHeader.SourceAddress.ToString() == IPsrc.ToString()) rootNode.Nodes.Add(ipNode); //Now according to the protocol being carried by the IP datagram we parse //the data field of the datagram //int intAddress = BitConverter.ToInt32(IPAddress.Parse(address).GetAddressBytes(), 0); // string ipAddress = new IPAddress(BitConverter.GetBytes(intAddress)).ToString(); PORT_SRC_ADDRESS = 0; PORT_DEST_ADDRESS = 0; //if (ipHeader.SourceAddress.ToString() == IPsrc.ToString()) switch (ipHeader.ProtocolType) { case Protocol.TCP: TCPHeader tcpHeader = new TCPHeader(ipHeader.Data, //IPHeader.Data stores the data being //carried by the IP datagram ipHeader.MessageLength); //Length of the data field TreeNode tcpNode = MakeTCPTreeNode(tcpHeader); rootNode.Nodes.Add(tcpNode); tcpOrudpNode = (TreeNode)tcpNode.Clone(); Array.Resize(ref (PACKET_DATA), tcpHeader.MessageLength); PACKET_DATA = tcpHeader.Data; PORT_SRC_ADDRESS = Convert.ToInt64(tcpHeader.DestinationPort); PORT_DEST_ADDRESS = Convert.ToInt64(tcpHeader.SourcePort); //If the port is equal to 53 then the underlying protocol is DNS //Note: DNS can use either TCP or UDP thats why the check is done twice if (tcpHeader.DestinationPort == "53" || tcpHeader.SourcePort == "53") { TreeNode dnsNode = MakeDNSTreeNode(tcpHeader.Data, (int)tcpHeader.MessageLength); rootNode.Nodes.Add(dnsNode); // tcpOrudpNode = (TreeNode)dnsNode.Clone(); } break; case Protocol.UDP: UDPHeader udpHeader = new UDPHeader(ipHeader.Data, //IPHeader.Data stores the data being //carried by the IP datagram (int)ipHeader.MessageLength); //Length of the data field TreeNode udpNode = MakeUDPTreeNode(udpHeader); tcpOrudpNode = (TreeNode)udpNode.Clone();; Array.Resize(ref (PACKET_DATA), udpHeader.Data.Length); PACKET_DATA = udpHeader.Data; rootNode.Nodes.Add(udpNode); PORT_SRC_ADDRESS = Convert.ToInt64(udpHeader.DestinationPort); PORT_DEST_ADDRESS = Convert.ToInt64(udpHeader.SourcePort); //If the port is equal to 53 then the underlying protocol is DNS //Note: DNS can use either TCP or UDP thats why the check is done twice if (udpHeader.DestinationPort == "53" || udpHeader.SourcePort == "53") { TreeNode dnsNode = MakeDNSTreeNode(udpHeader.Data, //Length of UDP header is always eight bytes so we subtract that out of the total //length to find the length of the data Convert.ToInt32(udpHeader.Length) - 8); rootNode.Nodes.Add(dnsNode); // tcpOrudpNode = (TreeNode)dnsNode.Clone(); } break; case Protocol.Unknown: rootNode.Nodes.Add(ipHeader.ProtocolType.ToString()); break; } AddTreeNode addTreeNode = new AddTreeNode(OnAddTreeNode); rootNode.Text = ipHeader.SourceAddress.ToString() + "-" + ipHeader.DestinationAddress.ToString(); //Thread safe adding of the nodes treeView.Invoke(addTreeNode, new object[] { rootNode }); // Resolve various host names string _srcstr = ipHeader.SourceAddress.ToString(); //if (!SOURCEIP.Contains(_srcstr))// || !SOURCEIP.Contains("->")) try { SOURCEIP.Add(_srcstr, "?"); } catch (Exception ex) { } //SOURCEIP.Sort(); if (!backgroundWorker1.IsBusy) { //listBox1.Refresh(); SOURCEIP_COPY = SOURCEIP; //textBox6.Text = SOURCEIP_COPY.Count.ToString(); backgroundWorker1.RunWorkerAsync(); } // Filter by sorting individual condition string _str = ipHeader.SourceAddress.ToString() + ":" + ipHeader.DestinationAddress.ToString(); bool _PortFound = false; bool _ProtocolFound = false; bool _IPFound = false; if (checkBox_Port.Checked == true && textBox_PORT.Text != null) { if (PORT_DEST_ADDRESS == Convert.ToInt32(textBox_PORT.Text) || PORT_SRC_ADDRESS == Convert.ToInt32(textBox_PORT.Text)) { FILTERED_PORT.Add(_str); _PortFound = true; } } if (checkBox_Protocol.Checked == true) { int _Protocol = -1; if ((CMB_box == "TCP") && (ipHeader.ProtocolType == Protocol.TCP)) { _Protocol = Convert.ToInt16(Protocol.TCP); PROTOCOL = "TCP"; } else if ((CMB_box == "UDP") && (ipHeader.ProtocolType == Protocol.UDP)) { _Protocol = Convert.ToInt16(Protocol.UDP); PROTOCOL = "UDP"; } else { PROTOCOL = "UNKNOWN"; } if (Convert.ToInt16(ipHeader.ProtocolType) == _Protocol) { FILTERED_PROTOCOL.Add(_str); _ProtocolFound = true; } } else { PROTOCOL = "TCP/UDP"; } if (checkBox_IP.Checked == true && textBox_IP.Text != null) { //if (ipHeader.SourceAddress.ToString() == textBox_IP.Text || ipHeader.DestinationAddress.ToString() == textBox_IP.Text) if (_str.Contains(textBox_IP.Text) && _str.Contains(textBox_IPE.Text)) { FILTERED_IP.Add(_str); _IPFound = true; } } /////////////////////////////////////// filter common part as per filter condition bool UPDATE_FLG = false; PARSE_PROCESS_STAT = true; if (checkBox_Port.Checked == false && checkBox_Protocol.Checked == false && checkBox_IP.Checked == false) { FILTERED.Add(_str); UPDATE_FLG = true; } else if (checkBox_Port.Checked == true && checkBox_Protocol.Checked == false && checkBox_IP.Checked == false) { if (_PortFound == true) { FILTERED.Add(_str); UPDATE_FLG = true; } } else if (checkBox_Port.Checked == false && checkBox_Protocol.Checked == true && checkBox_IP.Checked == false) { if (_ProtocolFound == true) { FILTERED.Add(_str); UPDATE_FLG = true; } } else if (checkBox_Port.Checked == false && checkBox_Protocol.Checked == false && checkBox_IP.Checked == true) { if (_IPFound == true) { FILTERED.Add(_str); UPDATE_FLG = true; } } else if (checkBox_Port.Checked == true && checkBox_Protocol.Checked == true && checkBox_IP.Checked == false) { if (_PortFound == true && _ProtocolFound == true && _IPFound == false) { FILTERED.Add(_str); UPDATE_FLG = true; } } else if (checkBox_Port.Checked == true && checkBox_Protocol.Checked == false && checkBox_IP.Checked == true) { if (_PortFound == true && _ProtocolFound == true && _IPFound == true) { FILTERED.Add(_str); UPDATE_FLG = true; } } else if (checkBox_Port.Checked == false && checkBox_Protocol.Checked == true && checkBox_IP.Checked == true) { //foreach (string element in FILTERED_IP) if (_PortFound == false && _ProtocolFound == true && _IPFound == true) { FILTERED.Add(_str); UPDATE_FLG = true; } } else if (checkBox_Port.Checked == true && checkBox_Protocol.Checked == true && checkBox_IP.Checked == true) { //foreach (string element in FILTERED_PORT) if (_PortFound == true && _ProtocolFound == true && _IPFound == true) { FILTERED.Add(_str); UPDATE_FLG = true; } } //Remove the entry which contains my own IP if (checkBox_MyIP.Checked == true && FILTERED.Count > 0) { if (FILTERED[FILTERED.Count - 1].ToString().Contains(InterfaceIP)) { FILTERED.RemoveAt(FILTERED.Count - 1); UPDATE_FLG = false; } } if (UPDATE_FLG == true && FILTERED.Count > 0) { UPDATE_FLG = false; FILTERED[FILTERED.Count - 1] = _str;// +" [" + PORT_SRC_ADDRESS + ":" + PORT_DEST_ADDRESS + "]"; //FILTERED.Sort(); if (checkBox_rmvDuplicates.Checked == true) { FILTERED = RemoveDuplicates(FILTERED); } TreeNode _FilteredRootNode = new TreeNode(); IPHeader _ipHeader = new IPHeader(byteData, nReceived); TreeNode _ipNode = MakeIPTreeNode(_ipHeader); _FilteredRootNode.Nodes.Add(_ipNode); _FilteredRootNode.Nodes.Add(tcpOrudpNode); AddTreeNode _addTreeNode = new AddTreeNode(_OnAddTreeNode); string _DATA = ByteArrayToString(PACKET_DATA); _FilteredRootNode.Text = _ipHeader.SourceAddress.ToString() + "->" + _ipHeader.DestinationAddress.ToString() + "[" + _DATA + "]"; string _SourceInfo = _ipHeader.SourceAddress.ToString() + "[" + PORT_SRC_ADDRESS + "]"; string _DestInfo = _ipHeader.DestinationAddress.ToString() + "[" + PORT_DEST_ADDRESS + "]"; string _strdummy = ""; //Thread safe adding of the nodes treeView1.Invoke(_addTreeNode, new object[] { _FilteredRootNode }); if (checkBoxSave.Checked) { if (textBoxClient.Text != null && textBoxServer.Text != null) { if (_SourceInfo.Contains(textBoxServer.Text) && _DestInfo.Contains(textBoxClient.Text)) { PCK_CTR1++; _strdummy = "Client<-Server,"; if (checkBoxHeader.Checked) { _strdummy = _strdummy + PROTOCOL + "," + _DestInfo + "<-" + _SourceInfo + ","; } _strdummy = _strdummy + _DATA; Log("log.txt", _strdummy); } else if (textBoxClient.Text == textBoxServer.Text) { if (_SourceInfo.Contains(textBoxClient.Text) || _DestInfo.Contains(textBoxServer.Text)) { PCK_CTR2++; _strdummy = "**Client->Server,"; if (checkBoxHeader.Checked) { _strdummy = _strdummy + PROTOCOL + "," + _SourceInfo + "->" + _DestInfo + ","; } _strdummy = _strdummy + _DATA; Log("log.txt", _strdummy); } else if (_SourceInfo.Contains(textBoxClient.Text) && _DestInfo.Contains(textBoxServer.Text)) { PCK_CTR2++; _strdummy = "Client->Server,"; if (checkBoxHeader.Checked) { _strdummy = _strdummy + PROTOCOL + "," + _SourceInfo + "->" + _DestInfo + ","; } _strdummy = _strdummy + _DATA; Log("log.txt", _strdummy); } } } } } PARSE_PROCESS_STAT = false; }