コード例 #1
0
ファイル: HTTP.cs プロジェクト: SayHalou/ospy
        public override VisualTransaction[] GetTransactions(IPSession session)
        {
            List<HTTPMessage> messages = new List<HTTPMessage>();

            foreach (TransactionNode node in session.Nodes)
            {
                if (node.Name == "HTTPTransaction")
                {
                    TransactionNode subNode;

                    subNode = node.FindChild("Request", false);
                    if (subNode != null)
                        messages.Add(ParseNode(subNode, true));

                    subNode = node.FindChild("Response", false);
                    if (subNode != null)
                        messages.Add(ParseNode(subNode, false));

                    subNode = node.FindChild("Response2", false);
                    if (subNode != null)
                        messages.Add(ParseNode(subNode, false));
                }
            }

            return messages.ToArray();
        }
コード例 #2
0
ファイル: ConversationsForm.cs プロジェクト: SayHalou/ospy
        public ConversationsForm(IPSession[] sessions)
        {
            InitializeComponent();

            multiStreamView.Visible = false;

            this.sessions = sessions;

            multiStreamView.TransactionDoubleClick += new TransactionDoubleClickHandler(multiStreamView_TransactionDoubleClick);

            exportToXMLToolStripMenuItem.Enabled = false;
            submitToRepositoryToolStripMenuItem.Enabled = false;
        }
コード例 #3
0
ファイル: XMPP.cs プロジェクト: SayHalou/ospy
        public override bool HandleSession(IPSession session)
        {
            if (session.RemoteEndpoint.Port != XMPP_PORT)
                return false;

            PacketStream stream = session.GetNextStreamDirection();

            if (stream.PeekStringUTF8(8) != "<stream")
                return false;

            // FIXME

            return false;
        }
コード例 #4
0
        public void AddSession(IPSession session)
        {
            sessions.Add(session);

            session.NewTransactionNode += session_NewTransactionNode;

            foreach (IPPacket p in session.StreamIn.Packets)
            {
                packets[p.Index] = p;
            }

            foreach (IPPacket p in session.StreamOut.Packets)
            {
                packets[p.Index] = p;
            }

            foreach (TransactionFactory fac in factories)
            {
#if PRODUCTION
                try
                {
#endif
                if (fac.HandleSession(session))
                {
                    break;
                }
#if PRODUCTION
            }
            catch (Exception e)
            {
                string msg = String.Format("An unhandled exception occured while the parser {0} was parsing session {1}: {2}\n\nBacktrace:\n{3}\n\nPlease submit your trace to [email protected]",
                                           fac.GetType().Name, session, e.Message, e.StackTrace);
                MessageBox.Show(msg, "Parsing error", MessageBoxButtons.OK, MessageBoxIcon.Error);
            }
#endif

                session.ResetState();
            }

            session.AllNodesAdded();
        }
コード例 #5
0
ファイル: Oracle.cs プロジェクト: SayHalou/ospy
        public override bool HandleSession(IPSession session)
        {
            //List<Configuration.Setting> settings = Configuration.ParserConfiguration.Settings[Name()];
            //foreach(Configuration.Setting setting in settings)
            //    logger.AddMessage("Using property {0} with value {1}", setting.Property, setting.Value);
            PacketStream stream = session.GetNextStreamDirection();
            if ((session.RemoteEndpoint.Port == 1521) || (session.RemoteEndpoint.Port == redirPort)) {
                //we're either connected to the standard Oracle port or the redirected port
            }else
                return false;
            while (true) {
                try {
                    TransactionNode transaction = new TransactionNode("OracleTransaction");
                    transaction.Description = transaction.Name;
                    TransactionNode tnsNode = ExtractTNSData(stream, StreamDirection.OUT);
                    if(tnsNode != null)
                        transaction.AddChild(tnsNode);
                    //response stream
                    stream = session.GetNextStreamDirection();
                    if (stream.GetBytesAvailable() != 0) {
                        tnsNode = ExtractTNSData(stream, StreamDirection.IN);

                        if(tnsNode != null)
                            transaction.AddChild(tnsNode);
                    }
                    if(transaction.Children.Count > 0)
                        session.AddNode(transaction);
                    //request stream (if exists)
                    stream = session.GetNextStreamDirection();

                    if(stream.GetBytesAvailable() == 0)
                        break;
                } catch (EndOfStreamException) {
                    break;
                }

            }
            return true;
        }
コード例 #6
0
ファイル: IPSession.cs プロジェクト: wyrover/ospy
        public static IPSession[] ExtractAllFrom(IPPacket[] packets, TCPEvent[] events, IProgressFeedback progress)
        {
            //
            // Find sessions
            //
            progress.ProgressUpdate("Identifying sessions", 0);

            Dictionary <UInt32, IPSession> sessionById = new Dictionary <UInt32, IPSession>();
            List <UInt32> sessionIds = new List <UInt32>();

            int i = 0;

            foreach (IPPacket p in packets)
            {
                UInt32 id = p.ResourceId;

                IPSession session;

                if (sessionById.ContainsKey(id))
                {
                    session = sessionById[id];
                }
                else
                {
                    session         = new IPSession();
                    sessionById[id] = session;
                    sessionIds.Add(id);
                }

                session.AddPacket(p);
                i++;

                progress.ProgressUpdate("Identifying sessions",
                                        (int)((i / (float)packets.Length) * 100.0f));
            }

            //
            // Add the events to the appropriate sessions
            //

            // First off, sort them by timestamp
            Array.Sort(events);

            // Then match them with the sessions
            foreach (TCPEvent ev in events)
            {
                if (sessionById.ContainsKey(ev.ResourceId))
                {
                    sessionById[ev.ResourceId].AddEvent(ev);
                }
            }

            //
            // Build an ordered list of sessions
            //
            List <IPSession> result = new List <IPSession>();

            foreach (UInt32 id in sessionIds)
            {
                result.Add(sessionById[id]);
            }

            return(result.ToArray());
        }
コード例 #7
0
ファイル: MSN.cs プロジェクト: SayHalou/ospy
        private bool HandleSwitchboardSession(IPSession session)
        {
            List<PacketSlice> slices = new List<PacketSlice>(1);

            logger.AddMessage(String.Format("\r\n\r\nparsing session with remote endpoint: {0}\r\n", session.RemoteEndpoint));

            while (true)
            {
                PacketStream stream = session.GetNextStreamDirection();

                if (stream.GetBytesAvailable() == 0)
                {
                    stream = session.GetNextStreamDirection();
                    if (stream.GetBytesAvailable() == 0)
                    {
                        break;
                    }
                }

                IPPacket pkt = stream.CurPacket;
                PacketDirection direction = pkt.Direction;
                
                try
                {
                    string line = stream.PeekLineUTF8();

                    // Split the line up into CMD and the rest (being arguments, if any)
                    string[] tokens = line.Split(new char[] { ' ' }, 2);

                    logger.AddMessage(String.Format("{0} parsing command '{1}' (line: {2})",
                        (direction == PacketDirection.PACKET_DIRECTION_INCOMING) ? "<<" : ">>",
                        tokens[0], line));

                    // Set cmd and create an array of arguments if present
                    string cmd = tokens[0];
                    string[] arguments = new string[0];
                    if (tokens.Length > 1)
                    {
                        arguments = tokens[1].Split(new char[] { ' ' });
                    }

                    // Create command node
                    TransactionNode node = new TransactionNode("MSNSBCommand");
                    node.Description = cmd;

                    // Command field
                    stream.ReadBytes(StaticUtils.GetUTF8ByteCount(tokens[0]), slices);
                    node.AddField("Command", tokens[0], "Switchboard command.", slices);

                    if (arguments.Length > 0)
                    {
                        // Skip space between command and arguments
                        stream.ReadByte();

                        stream.ReadBytes(StaticUtils.GetUTF8ByteCount(tokens[1]), slices);

                        // Arguments fields
                        node.AddField("Arguments", tokens[1], "Arguments to command.", slices);
                    }

                    // Skip CRLF
                    stream.ReadBytes(2);

                    // Is there a payload?
                    bool hasPayload = false;
                    if (arguments.Length > 0)
                    {
                        List<string> payloadCommands =
                            (direction == PacketDirection.PACKET_DIRECTION_OUTGOING) ? payloadCommandsFromClient : payloadCommandsFromServer;

                        hasPayload = payloadCommands.Contains(cmd);
                    }

                    if (hasPayload)
                    {
                        int payloadLength = -1;

                        try
                        {
                            payloadLength = (int)Convert.ToUInt32(arguments[arguments.Length - 1]);
                        }
                        catch (FormatException)
                        {
                        }

                        if (payloadLength > 0)
                        {
                            TransactionNode payloadNode = new TransactionNode(node, "Payload");

                            logger.AddMessage(String.Format("Parsing {0} bytes of payload", payloadLength));

                            PayloadFormat format = PayloadFormat.TEXT;

                            string cmdUpper = cmd.ToUpper();
                            if (payloadCommandFormats.ContainsKey(cmdUpper))
                                format = payloadCommandFormats[cmdUpper];

                            if (format == PayloadFormat.MESSAGE)
                            {
                                SBParseMSG(stream, payloadNode, payloadLength);
                            }
                            else
                            {
                                string body = stream.ReadStringUTF8(payloadLength, slices);

                                switch (format)
                                {
                                    case PayloadFormat.SLP:
                                        payloadNode.AddTextField("MSNSLP", body, "MSNSLP data.", slices);
                                        break;
                                    case PayloadFormat.XML:
                                        payloadNode.AddXMLField("XML", body, "XML data.", slices);
                                        break;
                                    default:
                                        payloadNode.AddTextField("Text", body, "Text.", slices);
                                        break;
                                }
                            }
                        }
                    }

                    session.AddNode(node);
                }
                catch (EndOfStreamException e)
                {
                    logger.AddMessage(String.Format("MSNSwitchboard: EOS at {0} ({1})", stream.Position, e));
                    break;
                }
            }

            logger.AddMessage("done with session\r\n\r\n");

            return true;
        }
コード例 #8
0
ファイル: MSN.cs プロジェクト: SayHalou/ospy
 private void ReadAllP2PDirectMessages(IPSession session, PacketStream stream)
 {
     while (stream.GetBytesAvailable() > 0)
     {
         try
         {
             TransactionNode node = ReadNextP2PDirectMessage(stream, "MSNP2PDirectMessage");
             session.AddNode(node);
         }
         catch (EndOfStreamException e)
         {
             logger.AddMessage(String.Format("MSNP2PDirect: EOS at {0} ({1})", stream.Position, e));
             break;
         }
     }
 }
コード例 #9
0
ファイル: VisualSession.cs プロジェクト: SayHalou/ospy
 public VisualSession(IPSession session)
 {
     localEndpoint = session.LocalEndpoint;
     remoteEndpoint = session.RemoteEndpoint;
     transactions = new List<VisualTransaction>();
 }
コード例 #10
0
ファイル: RAPI.cs プロジェクト: SayHalou/ospy
        public override bool HandleSession(IPSession session)
        {
            if (session.LocalEndpoint == null || session.LocalEndpoint.Port != 990)
                return false;

            this.session = session;
            stream = session.GetNextStreamDirection();

            // The device should send the first DWORD of the handshake
            if (stream.CurPacket.Direction == PacketDirection.PACKET_DIRECTION_INCOMING)
            {
                HandleRapiHandshake();
            }

            if (stream.GetBytesAvailable() >= 4)
                HandleRapiSession();

            return true;
        }
コード例 #11
0
ファイル: MainForm.cs プロジェクト: SayHalou/ospy
        private void AnalyzePackets(object param)
        {
            IProgressFeedback progress = param as IProgressFeedback;

            //
            // Find all the sessions and create a PacketStream for each
            //
            Dictionary<UInt32, IPSession> sessions = new Dictionary<UInt32, IPSession>();
            List<UInt32> sessionList = new List<UInt32>();
            IPSession session;

            progress.ProgressUpdate("Identifying sessions", 0);

            int i = 0;
            foreach (IPPacket p in tmpPacketList)
            {
                UInt32 id = (UInt32) (p.ResourceId + p.RemoteEndpoint.Port);

                if (sessions.ContainsKey(id))
                    session = sessions[id];
                else
                {
                    session = new IPSession();
                    sessions[id] = session;
                    sessionList.Add(id);
                }

                session.AddPacket(p);
                i++;

                progress.ProgressUpdate("Identifying sessions",
                    (int) ((i / (float) tmpPacketList.Count) * 100.0f));
            }

            //
            // Add the events to the appropriate sessions
            //

            // First off, sort them by timestamp
            tmpEventList.Sort();

            // Then match them with the sessions
            foreach (TCPEvent ev in tmpEventList)
            {
                if (sessions.ContainsKey(ev.ResourceId))
                    sessions[ev.ResourceId].AddEvent(ev);
            }

            // Don't need these any more now
            tmpEventList.Clear();
            tmpPacketList.Clear();

            //
            // Iterate over them, in sequence, and hand each over to the parser.
            //
            i = 0;
            foreach (UInt32 id in sessionList)
            {
                session = sessions[id];
                packetParser.AddSession(session);

                i++;

                progress.ProgressUpdate("Parsing sessions",
                    (int)((i / (float)sessionList.Count) * 100.0f));
            }
        }
コード例 #12
0
ファイル: HTTP.cs プロジェクト: SayHalou/ospy
        public override bool HandleSession(IPSession session)
        {
            PacketStream stream = session.GetNextStreamDirection();
            string line;

            try
            {
                line = stream.PeekLineUTF8();
            }
            catch (EndOfStreamException)
            {
                return false;
            }

            string[] tokens = line.Split(new char[] { ' ' });
            if (!tokens[tokens.Length - 1].StartsWith("HTTP/1."))
            {
                return false;
            }

            // At this point it should be safe enough to assume we're
            // dealing with an HTTP session.

            while (true)
            {
                try
                {
                    TransactionNode transaction = new TransactionNode("HTTPTransaction");

                    TransactionNode request = ExtractHttpData(stream, HTTPTransactionType.REQUEST);
                    transaction.AddChild(request);

                    string desc = request.Description;

                    stream = session.GetNextStreamDirection();
                    if (stream.GetBytesAvailable() != 0)
                    {
                        TransactionNode response = ExtractHttpData(stream, HTTPTransactionType.RESPONSE);
                        transaction.AddChild(response);

                        if (response.Fields.ContainsKey("Result") &&
                            ((string)response.Fields["Result"]).StartsWith("100 "))
                        {
                            response = ExtractHttpData(stream, HTTPTransactionType.RESPONSE, "Response2");
                            transaction.AddChild(response);
                        }

                        desc += " => " + response.Description;
                    }

                    transaction.Description = desc;

                    session.AddNode(transaction);

                    stream = session.GetNextStreamDirection();
                    if (stream.GetBytesAvailable() == 0)
                        break;
                }
                catch (EndOfStreamException)
                {
                    logger.AddMessage("HTTP premature EOF");
                    break;
                }
                catch (ProtocolError)
                {
                    logger.AddMessage("HTTP protocol error");
                    break;
                }
            }

            return true;
        }
コード例 #13
0
ファイル: TransactionFactory.cs プロジェクト: SayHalou/ospy
 public abstract bool HandleSession(IPSession session);
コード例 #14
0
ファイル: VisualSession.cs プロジェクト: SayHalou/ospy
        public override VisualTransaction[] GetTransactions(IPSession session)
        {
            List<VisualTransaction> transactions = new List<VisualTransaction>(session.Events.Count);

            foreach (TCPEvent ev in session.Events)
            {
                VisualTransaction transaction = new VisualTransaction(0, ev.Timestamp);
                transaction.HeadlineText = ev.ToString();
                transactions.Add(transaction);
            }

            return transactions.ToArray();
        }
コード例 #15
0
ファイル: MSN.cs プロジェクト: SayHalou/ospy
        public override VisualTransaction[] GetTransactions(IPSession session)
        {
            List<VisualTransaction> messages = new List<VisualTransaction>();

            char[] bodyTrimChars = new char[] { '\r', '\n' };

            foreach (TransactionNode node in session.Nodes)
            {
                if (node.Name == "MSNSBCommand")
                {
                    IPPacket pkt = node.Slices[0].Packet;

                    VisualTransaction vt = new VisualTransaction(node.Index, pkt.Direction, pkt.Timestamp);

                    string headline = (string) node["Command"];

                    if (node.Fields.ContainsKey("Arguments"))
                        headline += " " + (string) node["Arguments"];

                    vt.HeadlineText = headline;

                    XmlHighlighter highlighter = null;

                    TransactionNode payloadNode = node.FindChild("Payload", false);
                    if (payloadNode != null)
                    {
                        string body = "";

                        if (payloadNode.Fields.ContainsKey("XML"))
                        {
                            highlighter = new XmlHighlighter(XmlHighlightColorScheme.VisualizationScheme);
                            XmlUtils.PrettyPrint((string)payloadNode["XML"], out body, highlighter);
                        }
                        else if (payloadNode.Fields.ContainsKey("Text"))
                        {
                            body = (string)payloadNode["Text"];
                        }
                        else if (payloadNode.Fields.ContainsKey("MSNSLP"))
                        {
                            body = (string)payloadNode["MSNSLP"];
                        }
                        else if (payloadNode.FindChild("Headers") != null)
                        {
                            TransactionNode headersNode = payloadNode.FindChild("Headers");

                            vt.HeaderRowsPerCol = Int32.MaxValue;

                            foreach (string name in headersNode.Fields.Keys)
                            {
                                vt.AddHeaderField(name, headersNode.Fields[name].ToString());
                            }

                            TransactionNode bodyNode = payloadNode.FindChild("Body");
                            if (bodyNode != null)
                            {
                                body = bodyNode.Fields[bodyNode.FieldNames[0]].ToString();

                                body = body.TrimEnd(bodyTrimChars);
                            }
                        }
                        else
                        {
                            body = String.Format("Unhandled payload format: {0}",
                                (payloadNode.FieldNames.Count > 0) ? payloadNode.FieldNames[0] : payloadNode.Children[0].Name);
                        }

                        vt.BodyText = body;

                        if (highlighter != null)
                            highlighter.HighlightRichTextBox(vt.BodyBox);
                    }

                    messages.Add(vt);
                }
            }

            return messages.ToArray();
        }
コード例 #16
0
ファイル: VisualSession.cs プロジェクト: SayHalou/ospy
        public override VisualTransaction[] GetTransactions(IPSession session)
        {
            List<VisualTransaction> transactions = new List<VisualTransaction>();

            session.ResetState();

            PacketStream stream1 = session.GetNextStreamDirection();
            PacketStream stream2 = session.GetNextStreamDirection();

            List<IPPacket> packets = new List<IPPacket>(stream1.Packets.Count + stream2.Packets.Count);
            packets.AddRange(stream1.Packets);
            packets.AddRange(stream2.Packets);
            packets.Sort();

            VisualTransaction transaction = null;
            MemoryStream previewData = new MemoryStream();
            int transferred = 0;

            foreach (IPPacket packet in packets)
            {
                if (transaction == null || (transaction != null && packet.Direction != transaction.Direction))
                {
                    if (transaction != null)
                    {
                        transaction.AddHeaderField("Size", transferred);

                        byte[] bytes = previewData.ToArray();
                        transaction.SetBodyFromPreviewData(bytes, bytes.Length);
                    }

                    transaction = new VisualTransaction(packet.Index, packet.Direction, packet.Timestamp);
                    transaction.AddHeaderField("Direction", packet.Direction);
                    transaction.HeaderRowsPerCol = 1;
                    transactions.Add(transaction);
                    previewData.SetLength(0);
                    transferred = 0;
                }

                transaction.EndTime = packet.Timestamp;

                previewData.Write(packet.Bytes, 0, packet.Bytes.Length);

                transferred += packet.Bytes.Length;
            }

            if (transaction != null)
            {
                transaction.AddHeaderField("Size", transferred);

                byte[] bytes = previewData.ToArray();
                transaction.SetBodyFromTruncatedPreviewData(bytes, transferred - bytes.Length);
            }

            return transactions.ToArray();
        }
コード例 #17
0
ファイル: MSN.cs プロジェクト: SayHalou/ospy
        public override VisualTransaction[] GetTransactions(IPSession session)
        {
            List<MSNSessionMessage> messages = new List<MSNSessionMessage>();
            Dictionary<UInt32, MSNP2PMessage> messageFromId = new Dictionary<UInt32, MSNP2PMessage>();

            foreach (TransactionNode node in session.Nodes)
            {
                if (node.Name.StartsWith("MSN"))
                {
                    TransactionNode chunk = node.FindChild("MSNP2PMessageChunk");
                    if (chunk != null)
                    {
                        MSNP2PMessage msg;

                        TransactionNode headers = chunk.FindChild("Headers");

                        UInt32 msgID = (UInt32)headers.Fields["MessageID"];
                        UInt32 chunkSize = (UInt32)headers.Fields["ChunkSize"];

                        if (messageFromId.ContainsKey(msgID))
                        {
                            msg = messageFromId[msgID];
                        }
                        else
                        {
                            PacketDirection direction =
                                headers.GetSlicesForFieldPath("SessionID")[0].Packet.Direction;

                            UInt32 sessionID = (UInt32)headers.Fields["SessionID"];
                            UInt32 flags = (UInt32)headers.Fields["Flags"];
                            UInt64 dataOffset = (UInt64)headers.Fields["DataOffset"];
                            UInt64 dataSize = (UInt64)headers.Fields["DataSize"];
                            UInt32 ackedMsgID = (UInt32)headers.Fields["AckedMsgID"];
                            UInt32 prevAckedMsgID = (UInt32)headers.Fields["PrevAckedMsgID"];
                            UInt64 ackedDataSize = (UInt64)headers.Fields["AckedDataSize"];

                            msg = new MSNP2PMessage(chunk.Index, direction, chunk.StartTime,
                                msgID, sessionID, flags, dataOffset, dataSize, ackedMsgID,
                                prevAckedMsgID, ackedDataSize);
                            messages.Add(msg);
                            messageFromId[msgID] = msg;
                        }

                        int maxPreview = 4096;

                        if (msg.Flags == 0x20)
                        {
                            maxPreview = 131072;
                        }

                        if (chunkSize > 0 && msg.Transferred < (ulong)maxPreview)
                        {
                            TransactionNode content = chunk.FindChild("Content");
                            //string fieldName = (msg.SessionID != 0) ? "Raw" : "MSNSLP";
                            byte[] bytes = (byte[])content.Fields[content.FieldNames[0]];

                            int n = bytes.Length;
                            int max = maxPreview - (int)msg.Transferred;
                            if (n > max)
                                n = max;

                            msg.PreviewData.Write(bytes, 0, bytes.Length);
                        }

                        msg.EndTime = chunk.EndTime;

                        msg.Transferred += chunkSize;
                    }
                    else
                    {
                        TransactionNode bodyNode = node.FindChild("Payload");
                        if (bodyNode != null && bodyNode.Fields.ContainsKey("MSNSLP"))
                        {
                            MSNSLPMessage msg = new MSNSLPMessage(bodyNode.Index,
                                bodyNode.GetSlicesForFieldPath("MSNSLP")[0].Packet.Direction,
                                bodyNode.StartTime, (string) bodyNode["MSNSLP"]);
                            messages.Add(msg);
                        }
                    }
                }
            }

            return messages.ToArray();
        }
コード例 #18
0
ファイル: VisualSession.cs プロジェクト: SayHalou/ospy
 public abstract VisualTransaction[] GetTransactions(IPSession session);
コード例 #19
0
ファイル: MSN.cs プロジェクト: SayHalou/ospy
        public override bool HandleSession(IPSession session)
        {
            logger.AddMessage(String.Format("session.LocalEndpoint={0}, session.RemoteEndpoint={1}",
                session.LocalEndpoint, session.RemoteEndpoint));
            if (session.RemoteEndpoint != null && session.RemoteEndpoint.Port == MSN_SB_PORT)
                return HandleSwitchboardSession(session);

            PacketStream stream = session.GetNextStreamDirection();

            if (stream.GetBytesAvailable() < 8)
                return false;

            List<PacketSlice> lenSlices = new List<PacketSlice>(1);
            UInt32 len = stream.ReadU32LE(lenSlices);
            if (len != 4)
                return false;

            List<PacketSlice> contentSlices = new List<PacketSlice>(1);
            string str = stream.ReadCStringASCII((int) len, contentSlices);
            if (str != "foo")
                return false;

            TransactionNode magicNode = new TransactionNode("MSNP2PDirectMagic");
            magicNode.Description = magicNode.Name;

            magicNode.AddField("Length", len, "Magic length.", lenSlices);
            magicNode.AddField("Magic", str, "Magic string.", contentSlices);

            TransactionNode requestNode = ReadNextP2PDirectMessage(stream, "Request");

            stream = session.GetNextStreamDirection();
            TransactionNode responseNode = ReadNextP2PDirectMessage(stream, "Response");

            TransactionNode handshakeNode = new TransactionNode("MSNP2PDirectHandshake");
            handshakeNode.Description = handshakeNode.Name;
            handshakeNode.AddChild(requestNode);
            handshakeNode.AddChild(responseNode);

            session.AddNode(magicNode);
            session.AddNode(handshakeNode);

            ReadAllP2PDirectMessages(session, session.GetNextStreamDirection());
            ReadAllP2PDirectMessages(session, session.GetNextStreamDirection());

            return true;
        }
コード例 #20
0
ファイル: PacketParser.cs プロジェクト: SayHalou/ospy
        public void AddSession(IPSession session)
        {
            sessions.Add(session);

            session.NewTransactionNode += session_NewTransactionNode;

            foreach (IPPacket p in session.StreamIn.Packets)
            {
                packets[p.Index] = p;
            }

            foreach (IPPacket p in session.StreamOut.Packets)
            {
                packets[p.Index] = p;
            }

            foreach (TransactionFactory fac in factories)
            {
#if !DEBUG
                try
                {
#endif
                    if (fac.HandleSession(session))
                        break;
#if !DEBUG
                }
                catch (Exception e)
                {
                    string msg = String.Format("An unhandled exception occured while the parser {0} was parsing session {1}: {2}\n\nBacktrace:\n{3}\n\nPlease submit your trace to [email protected]",
                        fac.GetType().Name, session, e.Message, e.StackTrace);
                    MessageBox.Show(msg, "Parsing error", MessageBoxButtons.OK, MessageBoxIcon.Error);
                }
#endif

                    session.ResetState();
            }

            session.AllNodesAdded();
        }
コード例 #21
0
ファイル: IPSession.cs プロジェクト: SayHalou/ospy
        public static IPSession[] ExtractAllFrom(IPPacket[] packets, TCPEvent[] events, IProgressFeedback progress)
        {
            //
            // Find sessions
            //
            progress.ProgressUpdate("Identifying sessions", 0);

            Dictionary<UInt32, IPSession> sessionById = new Dictionary<UInt32, IPSession>();
            List<UInt32> sessionIds = new List<UInt32>();

            int i = 0;
            foreach (IPPacket p in packets)
            {
                UInt32 id = p.ResourceId;

                IPSession session;

                if (sessionById.ContainsKey(id))
                {
                    session = sessionById[id];
                }
                else
                {
                    session = new IPSession();
                    sessionById[id] = session;
                    sessionIds.Add(id);
                }

                session.AddPacket(p);
                i++;

                progress.ProgressUpdate("Identifying sessions",
                    (int) ((i / (float) packets.Length) * 100.0f));
            }

            //
            // Add the events to the appropriate sessions
            //

            // First off, sort them by timestamp
            Array.Sort(events);

            // Then match them with the sessions
            foreach (TCPEvent ev in events)
            {
                if (sessionById.ContainsKey(ev.ResourceId))
                    sessionById[ev.ResourceId].AddEvent(ev);
            }

            //
            // Build an ordered list of sessions
            //
            List<IPSession> result = new List<IPSession>();
            foreach (UInt32 id in sessionIds)
                result.Add(sessionById[id]);

            return result.ToArray();
        }