public PPacket(Packet packet, long packetNumber, TimeSpan relativeTime)
{
_packet = packet;
_packetNumber = packetNumber;
_relativeTime = relativeTime;
EthernetDatagram ethernet = packet.Ethernet;
if (ethernet != null)
{
_ethernetType = ethernet.EtherType;
_ethernetTypeCode = GetEthernetTypeCode(ethernet.EtherType);
//_ipv4 = packet.Ethernet.IpV4;
//if (_ipv4 != null)
if (ethernet.EtherType == PcapDotNet.Packets.Ethernet.EthernetType.IpV4)
{
_ipv4 = packet.Ethernet.IpV4;
_source = _ipv4.Source;
_destination = _ipv4.Destination;
_ipProtocol = _ipv4.Protocol;
_ipProtocolCode = GetIPProtocolCode(_ipv4.Protocol);
//_tcp = _ipv4.Tcp;
//if (_tcp != null)
if (_ipv4.Protocol == IpV4Protocol.Tcp)
{
_tcp = _ipv4.Tcp;
_sourcePort = _tcp.SourcePort;
_destinationPort = _tcp.DestinationPort;
}
}
}
}
public TcpConnection(Packet packet)
{
if (packet.Ethernet == null)
{
throw new Exception("error creating TcpStreamAddress packet is not ethernet");
}
EthernetDatagram ethernet = packet.Ethernet;
//if (ip == null)
if (ethernet.EtherType != PcapDotNet.Packets.Ethernet.EthernetType.IpV4)
{
throw new Exception("error creating TcpStreamAddress packet is not ipv4");
}
IpV4Datagram ip = ethernet.IpV4;
//if (tcp == null)
if (ip.Protocol != IpV4Protocol.Tcp)
{
throw new Exception("error creating TcpStreamAddress packet is not tcp");
}
TcpDatagram tcp = ip.Tcp;
//_source = new TcpAddress(ip.Source, tcp.SourcePort);
_source = new TcpAddress(ethernet.Source, ip.Source, tcp.SourcePort);
//_destination = new TcpAddress(ip.Destination, tcp.DestinationPort);
_destination = new TcpAddress(ethernet.Destination, ip.Destination, tcp.DestinationPort);
SetOrder();
}
/// <summary>
/// Update ctrl with packet information
/// Increment frame_id by one
/// </summary>
/// <param name="packet">The packet to handle</param>
/// <param name="frame_id">The frame id, for UI display</param>
/// <param name="ctrl">The control to display information</param>
public static void HandlePacket(Packet packet, ref UInt64 frame_id, object[] ctrl)
{
EthernetDatagram ethernet = packet.Ethernet;
if (ethernet == null)
{
return;
}
switch (ethernet.EtherType)
{
case EthernetType.IpV4: {
IpV4Datagram ip = ethernet.IpV4;
IPParser.HandleIPV4(packet, ip, ref frame_id, ctrl);
break;
}
case EthernetType.Arp: {
ArpDatagram arp = ethernet.Arp;
ArpParser.HandleARP(packet, arp, ref frame_id, ctrl);
break;
}
default:
break;
}
}
/// <summary>
/// Handle ARP packets
/// </summary>
/// <param name="packet">The EthernetDatagram</param>
/// <param name="arp">The ArpDatagram to parse</param>
public static void HandleARP(Packet packet, ArpDatagram arp,
ref UInt64 frame_id, object[] ctrl)
{
ListViewItem item = new ListViewItem(frame_id.ToString());
frame_id++;
List <string> packet_info = new List <string>();
ListView frames = (ListView)ctrl[0];
EthernetDatagram ethernet = packet.Ethernet;
packet_info.Add(packet.Timestamp.ToString("hh:mm:ss.fff tt"));
packet_info.Add(arp.SenderProtocolIpV4Address.ToString());
packet_info.Add(arp.TargetProtocolIpV4Address.ToString());
packet_info.Add(ethernet.Source.ToString());
packet_info.Add(ethernet.Destination.ToString());
packet_info.Add("ARP");
packet_info.Add(arp.Length.ToString());
// update UI
if (item != null)
{
item.SubItems.AddRange(packet_info.ToArray());
object[] param = new object[2];
param[0] = frames;
object[] o = new object[3];
o[0] = item;
o[1] = ctrl[1];
o[2] = packet;
param[1] = o;
frames.BeginInvoke(new ParserHelper.UIHandlerEx(ParserHelper.UpdateFrameUI), param);
}
}
public void ProcessICMP(EthernetDatagram packet)
{
IpV4Datagram ip = null;
if (packet.EtherType == EthernetType.VLanTaggedFrame)
{
ip = packet.VLanTaggedFrame.IpV4;
}
else
{
ip = packet.IpV4;
}
IcmpDatagram icmp = ip.Icmp;
if (icmp.MessageType == IcmpMessageType.Echo && ip.Destination.Equals(_adapter.IP))
{
SendIcmpEchoReply(ip.Source, packet.Source, icmp);
}
else if (icmp.MessageType == IcmpMessageType.EchoReply)
{
if (_current_state == ICMP_STATE.WAIT_ECHO && ip.Source.Equals(_target_ip) && ip.Destination.Equals(_adapter.IP))
{
ushort SequenceNumber = (ushort)(icmp.Variable & 0xFFFF);
if (SequenceNumber == _current_icmp_sequence_num)
{
_ping_echo_wait_handle.Set();
}
}
}
}
//public static void Test_DumpPacketsToFile_03(string dumpFile, string deviceName = null, bool detail = false)
//{
// // from project SavingPacketsToADumpFile
// _tr.WriteLine("Test_DumpPacketsToFile_03");
// string filter = "";
// //string filter = "not tcp portrange 52000-53000 and not net 0.0.0.0 mask 255.0.0.0";
// //string dumpFile = @"dump\dump.pcap";
// dumpFile = GetPath(dumpFile);
// _tr.WriteLine("dump to file \"{0}\"", dumpFile);
// PacketDevice device = SelectDevice(deviceName);
// if (device == null)
// return;
// __communicator = null;
// //_rs.OnAbortExecution += new OnAbortEvent(OnAbortExecution);
// _rs.OnAbortExecution = OnAbortExecution;
// try
// {
// using (__communicator = device.Open(65536, PacketDeviceOpenAttributes.Promiscuous, 1000))
// {
// using (PacketDumpFile dump = __communicator.OpenDump(dumpFile))
// {
// _tr.WriteLine("Listening on " + device.Description + "...");
// __communicator.SetFilter(filter);
// //PPacketManager ppacketManager = new PPacketManager();
// __communicator.ReceivePackets(0, packet =>
// {
// dump.Dump(packet);
// //PrintPacketHandler2(ppacketManager.CreatePPacket(packet), detail);
// PrintIpAdressList(packet);
// });
// }
// }
// }
// catch (Exception ex)
// {
// _tr.WriteLine(ex.Message);
// }
// finally
// {
// //_rs.OnAbortExecution -= new OnAbortEvent(OnAbortExecution);
// }
//}
private static void PrintPacketHandler1(Packet packet)
{
_tr.Write("{0:yyyy-MM-dd HH:mm:ss.fff}", packet.Timestamp);
EthernetDatagram ethernet = packet.Ethernet;
if (ethernet != null)
{
_tr.WriteLine(" eth : src {0} dst {1} type {2,-10} pl {3,5}", ethernet.Source, ethernet.Destination, ethernet.EtherType, ethernet.PayloadLength);
IpV4Datagram ipv4 = ethernet.IpV4;
if (ipv4 != null)
{
_tr.WriteLine(" ipv4 : src {0} dst {1} type {2,-10} pl {3,5}", ipv4.Source, ethernet.Destination, ethernet.EtherType, ethernet.PayloadLength);
}
//IpV4Datagram ip = packet.Ethernet.IpV4;
//UdpDatagram udp = ip.Udp;
// print ip addresses and udp ports
//_tr.Write(ip.Source + ":" + udp.SourcePort + " -> " + ip.Destination + ":" + udp.DestinationPort);
}
else
{
_tr.WriteLine(" not ethernet");
}
}
async void ReceiveResposnes()
{
await Task.Run(() =>
{
Packet pck;
do
{
if (!receiveTask)
{
return;
}
PacketCommunicatorReceiveResult result = communicator.ReceivePacket(out pck);
switch (result)
{
case PacketCommunicatorReceiveResult.Timeout:
continue;
case PacketCommunicatorReceiveResult.Ok:
{
if (pck.DataLink.Kind != DataLinkKind.Ethernet)
{
continue;
}
EthernetDatagram ed = pck.Ethernet;
if (ed.EtherType != EthernetType.Arp)
{
continue;
}
ArpDatagram arppck = ed.Arp;
if (arppck.Operation != ArpOperation.Reply)
{
continue;
}
NetworkHost host = new NetworkHost {
IP = arppck.SenderProtocolIpV4Address.ToString(), MAC = ed.Source.ToString()
};
OnCaptureHost?.Invoke(host);
continue;
}
default:
throw new InvalidOperationException("The result " + result + " shoudl never be reached here");
}
} while (true);
});
}
/// <summary>
/// Handle IPV4 packets, including TCP and UDP packets
/// </summary>
/// <param name="packet">The IpV4Datagram to parse</param>
public static void HandleIPV4(Packet packet, IpV4Datagram ip,
ref UInt64 frame_id, object[] ctrl)
{
ListViewItem item = new ListViewItem(frame_id.ToString());
frame_id++;
List <string> packet_info = new List <string>();
ListView frames = (ListView)ctrl[0];
EthernetDatagram ethernet = packet.Ethernet;
switch (ip.Protocol)
{
case IpV4Protocol.Udp: {
UdpDatagram udp = ip.Udp;
packet_info.Add(packet.Timestamp.ToString("hh:mm:ss.fff tt"));
packet_info.Add(ip.Source + ":" + udp.SourcePort);
packet_info.Add(ip.Destination + ":" + udp.DestinationPort);
packet_info.Add(ethernet.Source.ToString());
packet_info.Add(ethernet.Destination.ToString());
packet_info.Add("UDP");
packet_info.Add(udp.Length.ToString());
break;
}
case IpV4Protocol.Tcp: {
TcpDatagram tcp = ip.Tcp;
packet_info.Add(packet.Timestamp.ToString("hh:mm:ss.fff tt"));
packet_info.Add(ip.Source + ":" + tcp.SourcePort);
packet_info.Add(ip.Destination + ":" + tcp.DestinationPort);
packet_info.Add(ethernet.Source.ToString());
packet_info.Add(ethernet.Destination.ToString());
packet_info.Add("TCP");
packet_info.Add(tcp.Length.ToString());
break;
}
default: {
item = null;
break;
}
}
// update UI
if (item != null)
{
item.SubItems.AddRange(packet_info.ToArray());
object[] param = new object[2];
param[0] = frames;
object[] o = new object[3];
o[0] = item;
o[1] = ctrl[1];
o[2] = packet;
param[1] = o;
frames.BeginInvoke(new ParserHelper.UIHandlerEx(ParserHelper.UpdateFrameUI), param);
}
}
// Callback function invoked by Pcap.Net for every incoming packet
private static void PacketHandler(Packet packet)
{
string packSource = packet.Ethernet.Source.ToString();
if (myDevices[0].IPAddress != packet.IpV4.Source.ToString() && myDevices[0].MacAddress != packSource && myDevices[1].MacAddress != packSource)
{
//Console.WriteLine(packet.Timestamp.ToString("yyyy-MM-dd hh:mm:ss.fff") + " length:" + packet.Length + "IP:" + packet.IpV4);
int threadID = System.Threading.Thread.CurrentThread.ManagedThreadId; //fetch current thread ID
MyDevice devObj = GetDevice(threadID, "mine");
EthernetDatagram ed = packet.Ethernet;
if (ed.EtherType == EthernetType.Arp)//Checking if the packet type is arp
{
Console.WriteLine("ARP packet MAC src=" + packet.Ethernet.Source.ToString());
//Console.WriteLine("ARP Packet");
//Console.WriteLine("TARGET ADDRESS: " + packet.Ethernet.Arp.TargetProtocolIpV4Address);
//Console.WriteLine("DEST: " + packet.IpV4.Destination);
//IPAddress ipSrc = IPAddress.Parse(packet.Ethernet.Arp.TargetProtocolIpV4Address);
//Console.WriteLine("ipSrc: " + packet.Ethernet.Arp.TargetProtocolIpV4Address.ToString());
////if (CheckAddress(packet, "Arp"))
////{
// ArpPoison(packet, devObj);
////}
Console.WriteLine("A=" + RemoveDots(packet.Ethernet.Source.ToString()));
Console.WriteLine("B=" + devObj.MacAddress);
Console.WriteLine("C=" + GetDevice(threadID, "other").MacAddress);
if (!(RemoveDots(packet.Ethernet.Source.ToString()).Equals(devObj.MacAddress) || RemoveDots(packet.Ethernet.Source.ToString()).Equals(GetDevice(threadID, "other").MacAddress)))
{
ArpPoison(packet, devObj);
}
}
else//packet type is icmp
{
if (ed.IpV4.Protocol == IpV4Protocol.InternetControlMessageProtocol)
{
Console.WriteLine("ICMP packet IP DEST=" + packet.Ethernet.IpV4.Destination.ToString());
HandleIcmp(packet, threadID);
}
else
{
if (packet.Ethernet.IpV4.Protocol == IpV4Protocol.Tcp)
{
Console.WriteLine("TCP packet");
HandleTcp(packet, threadID);
}
//else
//{
// Console.WriteLine("Packet not recognized");
//}
}
}
}
}
protected override bool CompareField(XElement field, Datagram datagram)
{
EthernetDatagram ethernetDatagram = (EthernetDatagram)datagram;
switch (field.Name())
{
case "eth.dst":
CompareEthernetAddress(field, ethernetDatagram.Destination);
break;
case "eth.src":
CompareEthernetAddress(field, ethernetDatagram.Source);
break;
case "eth.type":
field.AssertNoFields();
field.AssertShowDecimal((ushort)ethernetDatagram.EtherType);
break;
case "eth.trailer":
// TODO: Support RARP.
if (ethernetDatagram.EtherType != EthernetType.ReverseArp)
{
field.AssertValue(ethernetDatagram.Trailer);
}
break;
case "eth.fcs":
// TODO: Support RARP.
if (ethernetDatagram.EtherType != EthernetType.ReverseArp)
{
field.AssertValue(ethernetDatagram.FrameCheckSequence);
}
break;
case "eth.padding":
field.AssertNoFields();
// TODO: Support RARP.
if (ethernetDatagram.EtherType != EthernetType.ReverseArp)
{
field.AssertValue(ethernetDatagram.Padding);
}
break;
default:
throw new InvalidOperationException("Invalid etherent field " + field.Name());
}
return(true);
}
/// <summary>
/// Packet parser dispatcher
/// </summary>
/// <param name="packet">The packet to be parsed</param>
/// <param name="ctrl">Contorls to update details with</param>
public static void ParsePacket(Packet packet, object[] ctrl)
{
if (packet == null || ctrl == null ||
ctrl[0] == null || ctrl[1] == null)
{
return;
}
EthernetDatagram ethernet = packet.Ethernet;
List <ListViewItem> items = new List <ListViewItem>();
ListViewItem item = new ListViewItem("Ethernet");
string estr = "Etype = " + ethernet.EtherType;
estr += ", DestinationAddress = " + ethernet.Destination;
estr += ", SourceAddress = " + ethernet.Source;
item.SubItems.Add(estr);
items.Add(item);
ListView f_details = (ListView)ctrl[0];
f_details.Items.Clear();
object[] param = new object[2];
param[0] = f_details;
param[1] = items;
f_details.BeginInvoke(new ParserHelper.UIHandler(ParserHelper.UpdateDetailsUI), param);
switch (ethernet.EtherType)
{
case EthernetType.IpV4: {
IpV4Datagram ip = ethernet.IpV4;
IPParser.ParseIPPacket(ip, ctrl);
break;
}
case EthernetType.Arp: {
ArpDatagram arp = ethernet.Arp;
ArpParser.ParseARPPacket(arp, ctrl);
break;
}
default:
break;
}
// Save packet for layed analyze
SnifferMain.packet = packet;
}
private void PrintEthernet(PPacket ppacket)
{
EthernetDatagram ethernet = ppacket.Packet.Ethernet;
if (ethernet == null)
return;
_dataLength -= 14;
WriteTitle("[ethernet frame]");
WriteValues(6, "destination MAC address", ethernet.Destination, "header length", 14);
//WriteValues(6, "source MAC address", ethernet.Source, "data length", _dataLength);
WriteValues(6, "source MAC address", ethernet.Source);
WriteValues(2, "ether type", "0x" + ((ushort)ethernet.EtherType).zToHex() + " " + ppacket.EthernetTypeCode);
WriteTitle("[ethernet data]");
WritePayloadData(48, ethernet.Payload.zAsEnumerableWithCounter(_dataEnum.Index));
}
public Packet CreateDnsReply(EthernetDatagram etherpacket, IpV4Address newAddress)
{
var ipPacket = etherpacket.IpV4;
var udpPacket = ipPacket.Udp;
var dnsPacket = udpPacket.Dns;
if (!dnsPacket.IsQuery)
{
throw new Exception("Packet should be a dns query!");
}
EthernetLayer ethernetLayer = new EthernetLayer
{
Source = etherpacket.Destination,
Destination = etherpacket.Source,
};
IpV4Layer ipLayer = new IpV4Layer
{
Source = ipPacket.Destination,
CurrentDestination = ipPacket.Source,
};
UdpLayer udpLayer = new UdpLayer
{
SourcePort = udpPacket.DestinationPort,
DestinationPort = udpPacket.SourcePort
};
DnsResourceData resourceData = new DnsResourceDataIpV4(newAddress);
DnsDataResourceRecord resourceRecord = new DnsDataResourceRecord(dnsPacket.Queries[0].DomainName,
dnsPacket.Queries[0].DnsType,
dnsPacket.Queries[0].DnsClass,
60,
resourceData);
DnsLayer dnsLayer = new DnsLayer
{
Queries = dnsPacket.Queries,
IsQuery = false,
IsResponse = true,
Id = dnsPacket.Id,
Answers = new[] { resourceRecord }
};
PacketBuilder builder = new PacketBuilder(ethernetLayer, ipLayer, udpLayer, dnsLayer);
return(builder.Build(DateTime.Now));
}
private void MapEthernetData(EthernetDatagram datagram)
{
this.SourceIp = datagram.Source.ToString();
this.DestinationIp = datagram.Destination.ToString();
switch (datagram.EtherType)
{
case EthernetType.IpV4:
this.MapIpV4Data(datagram.IpV4);
break;
default:
throw new Exception($"Unsupported EtherType. ({datagram.EtherType})");
}
}
protected virtual void NetifLevel2LayerIPv4(EthernetDatagram datagram, IpV4Datagram ip)
{
byte[] packet_data = g_getIPv4DatagramBuffer(ip);
int packet_offset = g_getIPv4DatagramOffset(ip);
int packet_size = ip.Length;
if (packet_size > 0)
{
IPFrame frame = IPv4Layer.ParseFrame(new BufferSegment(packet_data, packet_offset, packet_size), true);
if (frame != null)
{
frame.SourceMacAddress = datagram.Source;
frame.DestinationMacAddress = datagram.Destination;
this.OnSniffer(frame);
}
}
}
private void f_details_ItemSelectionChanged(object sender, ListViewItemSelectionChangedEventArgs e)
{
if (e.IsSelected)
{
ListViewItem item = e.Item;
EthernetDatagram ethernet = packet.Ethernet;
switch (item.Text)
{
case "Ethernet":
{
// Update Ethernet details
if (ethernet != null)
{
PacketParser.DumpPacket(ethernet, h_details);
}
break;
}
case "IPV4":
{
// Update IPV4 details
if (ethernet != null)
{
IpV4Datagram ip = packet.Ethernet.IpV4;
PacketParser.DumpPacket(ip, h_details);
}
break;
}
case "Payload Length":
{
PacketParser.DumpPacket(payload, h_details);
break;
}
default:
{
// Otherwise, use the last datagram
PacketParser.DumpPacket(datagram, h_details);
break;
}
}
}
}
private static string GetConnString(PcapDotNet.Packets.Packet packet)
{
String srcIp = "";
String dstIp = "";
TcpDatagram tcp = null;
EthernetDatagram eth = packet.Ethernet;
switch (eth.EtherType)
{
case EthernetType.IpV4:
IpV4Datagram ip = eth.IpV4;
tcp = ip.Tcp;
srcIp = ip.Source.ToString();
dstIp = ip.Destination.ToString();
break;
case EthernetType.IpV6:
IpV6Datagram ip6 = eth.IpV6;
tcp = ip6.Tcp;
srcIp = ip6.Source.ToString();
dstIp = ip6.CurrentDestination.ToString();
break;
default:
Console.WriteLine("We should never see anything not ipv4 or ipv6 since we filtered by tcp");
return("");
}
StringBuilder sb = new StringBuilder();
sb.Append(srcIp);
sb.Append(":");
sb.Append(tcp.SourcePort);
sb.Append(" to ");
sb.Append(dstIp);
sb.Append(":");
sb.Append(tcp.DestinationPort);
return(sb.ToString());
}
protected override bool CompareField(XElement field, Datagram datagram)
{
EthernetDatagram ethernetDatagram = (EthernetDatagram)datagram;
switch (field.Name())
{
case "eth.dst":
CompareEthernetAddress(field, ethernetDatagram.Destination);
break;
case "eth.src":
CompareEthernetAddress(field, ethernetDatagram.Source);
break;
case "eth.type":
field.AssertShowHex((ushort)ethernetDatagram.EtherType);
break;
case "eth.trailer":
if (ethernetDatagram.Trailer != null)
{
field.AssertValue(ethernetDatagram.Trailer);
}
break;
case "":
if (ethernetDatagram.Trailer != null)
{
field.AssertValue(ethernetDatagram.FrameCheckSequence);
}
break;
default:
throw new InvalidOperationException("Invalid etherent field " + field.Name());
}
return(true);
}
protected virtual void NetifLevel2LayerArp(EthernetDatagram datagram, ArpDatagram arp)
{
}
private void HandlePacket(PcapDotNet.Packets.Packet packet)
{
//give up if 10 errors are seen to prevent unexpected crashes
if (numErrors > 10)
{
return;
}
String srcIp = "";
TcpDatagram tcp = null;
EthernetDatagram eth = packet.Ethernet;
int dataStart = eth.HeaderLength;
switch (eth.EtherType)
{
case EthernetType.IpV4:
IpV4Datagram ip = eth.IpV4;
tcp = ip.Tcp;
srcIp = ip.Source.ToString();
dataStart += ip.HeaderLength + tcp.RealHeaderLength;
break;
case EthernetType.IpV6:
IpV6Datagram ip6 = eth.IpV6;
tcp = ip6.Tcp;
srcIp = ip6.Source.ToString();
dataStart += 40 + tcp.RealHeaderLength;
Console.WriteLine("IPv6?");
break;
default:
Console.WriteLine("We should never see anything not ipv4 or ipv6 since we filtered by tcp");
return;
}
ushort srcPort = tcp.SourcePort;
int dataBytes = tcp.PayloadLength;
bool syn = tcp.IsSynchronize;
//Console.WriteLine("dataStart={0} dataByes={1} srcPort={2} syn={3} srcIp={4}",dataStart,dataBytes,srcPort,syn,srcIp);
if (syn && dataBytes == 0)
{
ct = new ServiceCore.CryptoTransformHeroes();
ClearBuffer();
if (myIp == srcIp)
{
int dstPort = tcp.DestinationPort;
encryptDict.TryGetValue(dstPort, out encrypt);
serviceDict.TryGetValue(dstPort, out serviceType);
}
else
{
encryptDict.TryGetValue(srcPort, out encrypt);
serviceDict.TryGetValue(srcPort, out serviceType);
}
Console.WriteLine("TCP connection starting with type {0} to {1}", encrypt, serviceType);
SawSyn = true;
return;
}
else if (!SawSyn)
{
Console.WriteLine("Haven't seen SYN yet from {0}", srcPort);
return;
}
if (encrypt == EncryptionType.Relay || encrypt == EncryptionType.Pipe)
{
Console.WriteLine("Cannot handle type {0} from {1}", encrypt, serviceType);
return;
}
if (dataBytes == 6 || dataBytes == 0)
{
//Console.WriteLine("Ping from port {0}", srcPort);
ClearBuffer();
return;
}
//String timestamp = packet.Timestamp.ToString("yyyy-MM-dd hh:mm:ss.fff");
//Console.WriteLine("{0}: {1} bytes={2}", timestamp, connString, dataBytes);
recvSize.AddLast(dataBytes);
Buffer.BlockCopy(packet.Buffer, dataStart, buffer, bufLen, dataBytes);
ArraySegment <byte> dataSeg = new ArraySegment <byte>(buffer, bufLen, dataBytes);
Devcat.Core.Net.Message.Packet p = new Devcat.Core.Net.Message.Packet(dataSeg);
if (encrypt == EncryptionType.Normal)
{
long salt = p.InstanceId;
ct.Decrypt(dataSeg, salt);
}
bufLen += dataBytes;
while (bufLen != 0)
{
dataSeg = new ArraySegment <byte>(buffer, 0, bufLen);
p = new Devcat.Core.Net.Message.Packet(dataSeg);
int pLen = 0;
try
{
pLen = p.Length + p.BodyOffset;
if (pLen == 0)
{
ClearBuffer();
//Console.WriteLine("Received ping");
return;
}
else
{
//Console.WriteLine("bufLen={0} pLen={1} recvSize={2}", bufLen, pLen, recvSizeToString());
}
}
catch (System.Runtime.Serialization.SerializationException)
{
//Console.WriteLine("{0}: Bad length {1}", connString, e.Message);
RemovePacket();
numErrors++;
continue;
}
if (pLen > bufLen)
{
return;
}
if (pLen <= 3 || pLen == 6)
{
//ClearBuffer();
ShortenBuffer(pLen);
numErrors++;
Console.WriteLine("{0}: Invalid data packet with Length={1}", connString, pLen);
continue;
}
//Console.WriteLine("Read {0} bytes but need {1} bytes, creating object", bufLen, pLen);
dataSeg = new ArraySegment <byte>(buffer, 0, pLen);
p = new Devcat.Core.Net.Message.Packet(dataSeg);
try
{
Console.WriteLine(p);
if (srcIp == myIp)
{
Console.WriteLine("Client->{0}:", serviceType);
}
else
{
Console.WriteLine("Server {0}:", serviceType);
}
if (classNames.Count == 0)
{
ProcessTypeConverter(p);
Console.WriteLine("Received TypeConverter");
//String reverse = reverseConnString(connString);
//Console.WriteLine("Sending TypeConverter to Client {0}",reverse);
//portHandler[reverse].processTypeConverter(p);
}
else
{
mf.Handle(p, null);
}
ShortenBuffer(pLen);
}
catch (InvalidOperationException e)
{
Console.WriteLine(e);
String errMsg = e.Message;
String className = "";
int categoryId = p.CategoryId;
ShortenBuffer(pLen);
MatchCollection mc;
if (classNames.TryGetValue(categoryId, out className))
{
LogUnhandledClass(className);
return;
}
mc = Regex.Matches(errMsg, @"\.([^,\.]{2,})(,|$)");
if (mc.Count != 0)
{
className = mc[0].Groups[1].ToString();
LogUnhandledClass(className);
return;
}
Console.WriteLine("{0}: Unknown class error {1}", connString, errMsg);
}
catch (System.Runtime.Serialization.SerializationException e)
{
Console.WriteLine("{0}: The packet wasn't ready {1}", connString, e.Message);
RemovePacket();
numErrors++;
}
catch (System.ArgumentOutOfRangeException e)
{
Console.WriteLine("{0}: The packet was too short: {1}", connString, e.Message);
ShortenBuffer(pLen);
numErrors++;
}
catch (System.ArgumentException e)
{
Console.WriteLine("{0}: Serializing failed bacause a dict was made with 2 identical keys: {1}", connString, e.StackTrace);
ClearBuffer();
numErrors++;
}
}
}
private static void PrintPacketDetailHandlerOld(PPacket ppacket)
{
EthernetDatagram ethernet = ppacket.Packet.Ethernet;
if (ethernet == null)
{
_tr.WriteLine("---------------------------------------------[not ethernet packet]---------------------------------------------");
_tr.WriteLine("---------------------------------------------------------------------------------------------------------------");
_tr.WriteLine();
return;
}
_tr.WriteLine("----------------------------------[ethernet type II frame (64 to 1518 bytes)]----------------------------------");
_tr.WriteLine("| dest MAC address src MAC address ether type data (46-1500 bytes) length CRC checksum total length |");
_tr.WriteLine("| XX:XX:XX:XX:XX:XX XX:XX:XX:XX:XX:XX XX XX XX XX XX XX XX XX ... XX XX XX XX |");
_tr.WriteLine("---------------------------------------------------------------------------------------------------------------");
StringBuilder sb = new StringBuilder();
sb.Append("|");
byte[] buffer = ppacket.Packet.Buffer;
int i = 0;
foreach (byte b in buffer)
{
if (i == 6 || i == 12)
{
sb.Append(" ");
}
else if (i == 14)
{
sb.Append(" ");
}
else if (i == 20)
{
sb.Append(" ... ");
sb.AppendFormat(" {0,6} ", ethernet.PayloadLength);
break;
}
sb.Append(" ");
sb.Append(b.zToHex());
i++;
}
//for (i = buffer.Length - 4; i < buffer.Length; i++)
//{
// byte b = buffer[i];
// sb.Append(" ");
// sb.Append(b.zToHex());
//}
sb.Append(" ");
// total length
sb.AppendFormat(" {0,6} |", ppacket.Packet.Count);
_tr.WriteLine(sb.ToString());
_tr.WriteLine("---------------------------------------------------------------------------------------------------------------");
sb.Clear();
sb.AppendFormat("| {0} {1} {2} ", ethernet.Destination, ethernet.Source, ((ushort)ethernet.EtherType).zToHex());
i = 0;
foreach (byte b in ethernet.Payload)
{
if (i++ == 6)
{
break;
}
sb.Append(" ");
sb.Append(b.zToHex());
}
sb.Append(" ... ");
sb.AppendFormat(" {0,6} ", ethernet.PayloadLength);
if (ethernet.FrameCheckSequence != null)
{
foreach (byte b in ethernet.FrameCheckSequence)
{
sb.Append(" ");
sb.Append(b.zToHex());
}
}
else
{
sb.Append(" ");
}
sb.AppendFormat(" {0,6} |", ppacket.Packet.Count);
_tr.WriteLine(sb.ToString());
_tr.WriteLine("| {0,-25} |", ppacket.EthernetTypeCode);
_tr.WriteLine("---------------------------------------------------------------------------------------------------------------");
IpV4Datagram ip = ethernet.IpV4;
if (ip == null)
{
_tr.WriteLine("-----------------------------------------------[not ipv4 packet]-----------------------------------------------");
_tr.WriteLine("---------------------------------------------------------------------------------------------------------------");
_tr.WriteLine();
return;
}
buffer = ip.ToArray();
_tr.WriteLine("------------------------------------------[ipv4 header]-------------------------------------------");
_tr.WriteLine("| 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 |");
_tr.WriteLine("| version | ihl | dscp | ecn | total length |");
_tr.WriteLine("| identification | flags | fragment offset |");
_tr.WriteLine("| time to live | protocol | header checksum |");
_tr.WriteLine("| source ip address |");
_tr.WriteLine("| destination ip address |");
_tr.WriteLine("| options (if ihl > 5) |");
_tr.WriteLine("--------------------------------------------------------------------------------------------------");
sb.Clear();
for (i = 0; i < 4; i++)
{
sb.AppendFormat("| {0} ", buffer[i].zToHex());
}
sb.Append(" |");
_tr.WriteLine(sb.ToString());
sb.Clear();
for (i = 4; i < 8; i++)
{
sb.AppendFormat("| {0} ", buffer[i].zToHex());
}
sb.Append(" |");
_tr.WriteLine(sb.ToString());
sb.Clear();
for (i = 8; i < 12; i++)
{
sb.AppendFormat("| {0} ", buffer[i].zToHex());
}
sb.Append(" |");
_tr.WriteLine(sb.ToString());
sb.Clear();
for (i = 12; i < 16; i++)
{
sb.AppendFormat("| {0} ", buffer[i].zToHex());
}
sb.Append(" |");
_tr.WriteLine(sb.ToString());
sb.Clear();
for (i = 16; i < 20; i++)
{
sb.AppendFormat("| {0} ", buffer[i].zToHex());
}
sb.Append(" |");
_tr.WriteLine(sb.ToString());
_tr.WriteLine("--------------------------------------------------------------------------------------------------");
//_tr.WriteLine("| version | ihl | dscp | ecn | total length |");
//_tr.WriteLine("| 4 | 15 | dscp | ecn | 12345 |");
_tr.WriteLine("| {0} | {1,2} | 0x{2} | | {3,5} |",
ip.Version, ip.HeaderLength / 4, ip.TypeOfService.zToHex(), ip.TotalLength);
//_tr.WriteLine("| identification | flags | fragment offset |");
//_tr.WriteLine("| 0x0000 | flags | 0x0000 |");
_tr.WriteLine("| 0x{0} | | 0x{1} |", ip.Identification.zToHex(), ip.Fragmentation.Offset.zToHex());
//_tr.WriteLine("| time to live | protocol | header checksum |");
//_tr.WriteLine("| 0x00 | 0x00 | 0x0000 |");
_tr.WriteLine("| 0x{0} | 0x{1} | 0x{2} |",
ip.Ttl.zToHex(), ((byte)ip.Protocol).zToHex(), ip.HeaderChecksum.zToHex());
//_tr.WriteLine("| source ip address |");
//_tr.WriteLine("| 123.123.123.123 |");
_tr.WriteLine("| {0,-15} |", ip.Source);
_tr.WriteLine("| {0,-15} |", ip.Destination);
_tr.WriteLine("-------------------------------------------[ipv4 data]--------------------------------------------");
// | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ... |
sb.Clear();
sb.Append("|");
i = 0;
foreach (byte b in ip.Payload)
{
if (++i == 31)
{
break;
}
sb.Append(" ");
sb.Append(b.zToHex());
}
if (i != 31)
{
for (; i < 30; i++)
{
sb.Append(" ");
}
sb.Append(" |");
}
else
{
sb.Append(" ... |");
}
_tr.WriteLine(sb.ToString());
_tr.WriteLine("--------------------------------------------------------------------------------------------------");
_tr.WriteLine();
////************* 0 3 0.465083 192.168.0.1 52581 173.194.66.94 443 TCP ACK 0x0001 0x4B2091F9 0x4B2091FA 0x4695DD86 0x401A .
////_tr.WriteLine("group no time source port destination port protocal flags length sequence next seq ack number window urgent");
//StringBuilder sb = new StringBuilder();
////_tr.Write("{0,5} {1,5} {2,10:0.000000}", ppacket.GroupNumber, ppacket.PacketNumber, ppacket.RelativeTime.TotalSeconds);
//sb.AppendFormat("{0,5} {1,5} {2,10:0.000000}", ppacket.GroupNumber, ppacket.PacketNumber, ppacket.RelativeTime.TotalSeconds);
//sb.AppendFormat(" {0,-15} {1,5} {2,-15} {3,5} {4,-10}", ppacket.Source, ppacket.SourcePort, ppacket.Destination, ppacket.DestinationPort, ppacket.ProtocolCode);
//if (detail)
//{
// TcpDatagram tcp = ppacket.Tcp;
// if (tcp != null && ppacket.Ipv4.Protocol == IpV4Protocol.Tcp)
// {
// sb.AppendFormat(" {0,-20}", ppacket.GetTcpFlagsString());
// sb.AppendFormat(" {0,6}", tcp.PayloadLength > 0 ? "0x" + ((short)tcp.PayloadLength).zToHex() : null);
// sb.AppendFormat(" 0x{0} {1,10} {2,10} {3,6} {4,6}", ppacket.Tcp.SequenceNumber.zToHex(), tcp.NextSequenceNumber != tcp.SequenceNumber ? "0x" + tcp.NextSequenceNumber.zToHex() : null,
// tcp.AcknowledgmentNumber != 0 ? "0x" + tcp.AcknowledgmentNumber.zToHex() : null, "0x" + tcp.Window.zToHex(),
// tcp.UrgentPointer != 0 ? "0x" + tcp.UrgentPointer.zToHex() : null);
// int i = 0;
// int maxDataChar = 50;
// foreach (byte b in tcp.Payload)
// {
// if (++i > maxDataChar)
// break;
// if (b >= 32 && b <= 126)
// sb.Append(((char)b).ToString());
// else
// sb.Append(".");
// }
// }
// else if (ppacket.Packet.Ethernet == null)
// sb.Append(" not ethernet");
//}
//_tr.WriteLine(sb.ToString());
}
public static CategorizeInfo SortPacket(PcapDotNet.Packets.Packet raw)
{
// Get a packet from raw data.
// Be a little lazy and assume that only Ethernet DLL protcol is used.
EthernetDatagram packet = raw.Ethernet;
CategorizeInfo info = new CategorizeInfo
{
NetworkLayer = new Dictionary <string, long>(),
TransportLayer = new Dictionary <string, long>(),
ApplicationLayer = new Dictionary <string, long>()
};
#region Network Layer
switch (packet.EtherType)
{
case EthernetType.Arp:
info.NetworkLayer.Increment("ARP");
break;
case EthernetType.IpV4:
info.NetworkLayer.Increment("IPv4");
break;
case EthernetType.IpV6:
info.NetworkLayer.Increment("IPv6");
break;
default:
info.NetworkLayer.Increment("Others");
break;
}
#endregion
#region Transport Layer
IpV4Datagram ipv4pk = null;
if (packet.EtherType == EthernetType.IpV4)
{
ipv4pk = packet.IpV4;
switch (ipv4pk.Protocol)
{
case IpV4Protocol.Tcp:
info.TransportLayer.Increment("TCP");
break;
case IpV4Protocol.Udp:
info.TransportLayer.Increment("UDP");
break;
default:
info.TransportLayer.Increment("Others");
break;
}
}
#endregion
#region Application Layer
if (ipv4pk != null)
{
if (ipv4pk.Protocol == IpV4Protocol.Tcp)
{
TcpDatagram tcpPk = ipv4pk.Tcp;
string s = new ASCIIEncoding().GetString(tcpPk.Payload.ToArray());
if (s.IndexOf("HTTP") > 0)
{ // Found HTTP head
info.ApplicationLayer.Increment("HTTP Header");
}
else
{
info.ApplicationLayer.Increment("Others");
}
}
}
#endregion
return(info);
}
public List <Packet> ParsePcapFile(string path)
{
List <Packet> list = new List <Packet>();
OfflinePacketDevice selectedDevice = new OfflinePacketDevice(path);
// открытие файла для парсинга
using (PacketCommunicator communicator =
selectedDevice.Open(65536, // считает полностью весь пакет 65536 max size of packet
PacketDeviceOpenAttributes.Promiscuous, // какие - то непонятные флаги)
1000)) // время чтения
{
using (var filter = communicator.CreateFilter("ether broadcast"))
{
communicator.SetFilter(filter);
bool endOfFile = false;
// разираем полученные пакеты по одному
do
{
PcapDotNet.Packets.Packet packet;
var myPacket = new Packet();
PacketCommunicatorReceiveResult result = communicator.ReceivePacket(out packet);
switch (result)
{
case PacketCommunicatorReceiveResult.Eof:
{
endOfFile = true;
break;
}
case PacketCommunicatorReceiveResult.Timeout:
break; // Timeout
case PacketCommunicatorReceiveResult.Ok:
{
IpV4Datagram ip = packet.Ethernet.IpV4;
TcpDatagram tcp = ip.Tcp;
EthernetDatagram ethernet = packet.Ethernet;
// common fields
myPacket.Protocol = "Ethernet";
myPacket.SourceAddress = ip.Source.ToString();
myPacket.SourcePort = tcp.SourcePort.ToString();
myPacket.DestinationAddress = ip.Destination.ToString();
myPacket.DestinationPort = tcp.DestinationPort.ToString();
myPacket.TimeStamp = packet.Timestamp;
myPacket.Length = packet.Length;
myPacket.Data = packet.Buffer;
// unusual fields
StringBuilder properties = new StringBuilder();
// MAC адресс получателя
properties.AppendLine("MAC address of destination : " + ethernet.Destination.ToString());
//
properties.AppendLine("EtherType : " + ethernet.EtherType.ToString());
// Длинна заголовков
properties.AppendLine("HeaderLength : " + ethernet.HeaderLength.ToString());
// Длинна полезной загрузки
properties.AppendLine("PayloadLength : " + ethernet.PayloadLength.ToString());
// MAC адресс отправителя
properties.AppendLine("Source Mac address : " + ethernet.Source.ToString());
myPacket.Header = properties.ToString();
list.Add(myPacket);
continue;
}
default:
throw new InvalidOperationException("The result " + result +
" shoudl never be reached here");
}
} while (!endOfFile);
}
}
return(list);
}
public virtual void Listen()
{
while (true)
{
lock (this.m_syncobj)
{
if (this.m_disposed)
{
break;
}
}
if (this.SupportTwoLayerLinks)
{
#if !NO_USAGE_PCAP_NET
// Retrieve the packets
PacketCommunicatorReceiveResult result = this.m_packetCommunicator.ReceivePacket(out Packet packet);
switch (result)
{
case PacketCommunicatorReceiveResult.Timeout:
// Timeout elapsed
continue;
case PacketCommunicatorReceiveResult.Ok:
{
EthernetDatagram datagram = packet.Ethernet; // 以太网数据报
switch (datagram.EtherType)
{
case EthernetType.IpV4:
NetifLevel2LayerIPv4(datagram, datagram.IpV4);
break;
case EthernetType.IpV6:
break;
case EthernetType.Arp:
NetifLevel2LayerArp(datagram, datagram.Arp);
break;
default:
break;
}
}
break;
default:
break;
}
#endif
}
else
{
int packet_size = 0;
try
{
EndPoint localEP = this.m_socket.LocalEndPoint;
packet_size = this.m_socket.ReceiveFrom(this.m_buffer, 0, this.m_buffer.Length, SocketFlags.None, ref localEP);
}
catch (Exception)
{
continue;
}
if (packet_size <= 0)
{
continue;
}
IPFrame frame = IPv4Layer.ParseFrame(new BufferSegment(this.m_buffer, 0, packet_size), true);
if (frame != null)
{
this.OnSniffer(frame);
}
}
}
}
private void PacketHandler(Packet packet)
{
this.count = ""; this.time = ""; this.source = ""; this.destination = ""; this.protocol = ""; this.length = "";
paqueter = packet;
EthernetDatagram eth = packet.Ethernet;
IpV4Datagram ip = packet.Ethernet.IpV4;
TcpDatagram tcp = ip.Tcp;
UdpDatagram udp = ip.Udp;
HttpDatagram httpPacket = null;
if (ip.Protocol.ToString().Equals("Tcp"))
{
count = packet.Count.ToString();
time = packet.Timestamp.ToString();
this.source = ip.Source.ToString();
this.destination = ip.Destination.ToString();
length = eth.Length.ToString();
protocol = ip.Protocol.ToString();
}
else
{
if ((ip.Protocol.ToString().Equals("Udp")))
{
count = packet.Count.ToString();
time = packet.Timestamp.ToString();
this.source = ip.Source.ToString();
this.destination = ip.Destination.ToString();
length = eth.Length.ToString();
protocol = ip.Protocol.ToString();
}
}
if (ip.Protocol.ToString().Equals("Tcp") && (save.Checked))
{
int _source = tcp.SourcePort;
int _destination = tcp.DestinationPort;
if (tcp.PayloadLength != 0)
{
payload = new byte[tcp.PayloadLength];
tcp.Payload.ToMemoryStream().Read(payload, 0, tcp.PayloadLength);
if (_destination == 80)
{
Packet1 packet1 = new Packet1();
int i = Array.IndexOf(payload, (byte)32, 6);
byte[] t = new byte[i - 5];
Array.Copy(payload, 5, t, 0, i - 5);
packet1.Name = System.Text.ASCIIEncoding.ASCII.GetString(t);
if (!packets.ContainsKey(_source))
{
packets.Add(_source, packet1);
}
}
else
if (_source == 80)
{
if (packets.ContainsKey(_destination))
{
Packet1 packet1 = packets[_destination];
if (packet1.Data == null)
{
if ((httpPacket.Header != null) && (httpPacket.Header.ContentLength != null))
{
packet1.Data = new byte[(uint)httpPacket.Header.ContentLength.ContentLength];
Array.Copy(httpPacket.Body.ToMemoryStream().ToArray(), packet1.Data, httpPacket.Body.Length);
packet1.Order = (uint)(tcp.SequenceNumber + payload.Length - httpPacket.Body.Length);
packet1.Data_Length = httpPacket.Body.Length;
for (int i = 0; i < packet1.TempPackets.Count; i++)
{
Temp tempPacket = packet1.TempPackets[i];
Array.Copy(tempPacket.data, 0, packet1.Data, tempPacket.tempSeqNo - packet1.Order, tempPacket.data.Length);
packet1.Data_Length += tempPacket.data.Length;
}
}
else
{
Temp tempPacket = new Temp();
tempPacket.tempSeqNo = (uint)tcp.SequenceNumber;
tempPacket.data = new byte[payload.Length];
Array.Copy(payload, tempPacket.data, payload.Length);
packet1.TempPackets.Add(tempPacket);
}
}
else if (packet1.Data_Length != packet1.Data.Length)
{
Array.Copy(payload, 0, packet1.Data, tcp.SequenceNumber - packet1.Order, payload.Length);
packet1.Data_Length += payload.Length;
}
if (packet1.Data != null)
{
if (packet1.Data_Length == packet1.Data.Length)
{
using (BinaryWriter writer = new BinaryWriter(File.Open(fullpath + Directory.CreateDirectory(Path.GetFileName(packet1.Name)), FileMode.Create)))
{
writer.Write(packet1.Data);
}
packets.Remove(_destination);
}
}
}
}
}
}
}
private void listView1_SelectedIndexChanged(object sender, EventArgs e)
{
if (listView1.SelectedItems.Count > 0)
{
int indice = listView1.Items.IndexOf(listView1.SelectedItems[0]);
Packet paquete = paquetes[indice];
EthernetDatagram eth = paquete.Ethernet;
IpV4Datagram ip = paquete.Ethernet.IpV4;
TcpDatagram tcp = ip.Tcp;
UdpDatagram udp = ip.Udp;
long checksum = Convert.ToInt64(ip.HeaderChecksum);
string df = "", mf = "";
IpV4Fragmentation flags = ip.Fragmentation;
if (flags.Options.ToString().Equals("MoreFragments"))
{
df = "True";
mf = "True";
}
if (flags.Options.ToString().Equals("None"))
{
df = "True";
mf = "False";
}
if (flags.Options.ToString().Equals("DoNotFragment"))
{
df = "False";
mf = "False";
}
treeView1.Nodes.Clear();
TreeNode node1 = new TreeNode("ETHERNET");
node1.ForeColor = Color.Blue;
node1.Nodes.Add("MAC de Origen: " + eth.Source.ToString().ToUpper());
node1.Nodes.Add("MAC de Destino: " + eth.Destination.ToString().ToUpper());
node1.Nodes.Add("Tipo de servicio: " + eth.EtherType.ToString().ToUpper());
TreeNode node2 = new TreeNode("IP");
node2.ForeColor = Color.Green;
node2.Nodes.Add("Version: " + ip.Version.ToString());
node2.Nodes.Add("Longitud de la cabecera: " + ip.HeaderLength.ToString() + " Bytes");
node2.Nodes.Add("Tipo de servicio: " + ip.TypeOfService.ToString());
node2.Nodes.Add("Longitud del paquete: " + ip.Length.ToString() + " Bytes");
node2.Nodes.Add("Identificacion: " + Convert.ToString(Convert.ToInt64(ip.Identification), 16));
node2.Nodes.Add("Fragmentado: " + df);
node2.Nodes.Add("Mas fragmentos: " + mf);
node2.Nodes.Add("Desplazamiento del fragmento: " + flags.Offset.ToString());
node2.Nodes.Add("Tiempo de vida: " + ip.Ttl.ToString() + " Segundos");
node2.Nodes.Add("Protocolo: " + ip.Protocol.ToString());
node2.Nodes.Add("Checksum 0x" + Convert.ToString(Convert.ToInt64(checksum), 16) + " [ " + ip.IsHeaderChecksumCorrect.ToString() + " ] ");
node2.Nodes.Add("Ip origen: " + ip.Source.ToString());
node2.Nodes.Add("Ip destino: " + ip.Destination.ToString());
node1.Nodes.Add(node2);
if (ip.Protocol.ToString().Equals("Tcp"))
{
long checksumtcp = Convert.ToInt64(tcp.Checksum);
int flag;
TreeNode node3 = new TreeNode("TCP");
node3.ForeColor = Color.Red;
node3.Nodes.Add("Puerto de Origen: " + tcp.SourcePort.ToString());
node3.Nodes.Add("Puerto de Destino: " + tcp.DestinationPort.ToString());
node3.Nodes.Add("Numero de secuencia: " + tcp.SequenceNumber.ToString());
node3.Nodes.Add("Siguiente numero de secuencia: " + tcp.NextSequenceNumber.ToString());
node3.Nodes.Add("Numero de confirmacion: " + tcp.AcknowledgmentNumber.ToString());
node3.Nodes.Add("Longitud de la cabecera: " + tcp.HeaderLength.ToString() + " Bytes");
node3.Nodes.Add("0000 00.. .... : Reservado");
flag = tcp.IsUrgent ? 1 : 0;
node3.Nodes.Add(".... .." + flag.ToString() + ". .... : URG =" + tcp.IsUrgent.ToString());
flag = tcp.IsAcknowledgment ? 1 : 0;
node3.Nodes.Add(".... ..." + flag.ToString() + " .... : ACK =" + tcp.IsAcknowledgment.ToString());
flag = tcp.IsPush ? 1 : 0;
node3.Nodes.Add(".... .... " + flag.ToString() + "... : PSH =" + tcp.IsPush.ToString());
flag = tcp.IsReset ? 1 : 0;
node3.Nodes.Add(".... .... ." + flag.ToString() + ".. : RST =" + tcp.IsReset.ToString());
flag = tcp.IsSynchronize ? 1 : 0;
node3.Nodes.Add(".... .... .." + flag.ToString() + ". : SYN =" + tcp.IsSynchronize.ToString());
flag = tcp.IsFin ? 1 : 0;
node3.Nodes.Add(".... .... ..." + flag.ToString() + " : FIN =" + tcp.IsFin.ToString());
node3.Nodes.Add("Tamaño de ventana: " + tcp.Window.ToString() + " Bytes");
node3.Nodes.Add("Checksum 0x" + Convert.ToString(Convert.ToInt64(checksumtcp), 16));
node3.Nodes.Add("Puntero urgente: " + tcp.UrgentPointer.ToString());
node2.Nodes.Add(node3);
}
if ((ip.Protocol.ToString().Equals("Udp")))
{
long checksumudp = Convert.ToInt64(udp.Checksum);
TreeNode node3 = new TreeNode("UDP");
node3.ForeColor = Color.Red;
node3.Nodes.Add("Puerto de Origen: " + udp.SourcePort.ToString());
node3.Nodes.Add("Puerto de Destino: " + udp.DestinationPort.ToString());
node3.Nodes.Add("Longitud de la cabecera: " + udp.TotalLength.ToString() + " Bytes");
node3.Nodes.Add("Checksum 0x" + Convert.ToString(Convert.ToInt64(checksumudp), 16));
node2.Nodes.Add(node3);
}
treeView1.Nodes.Add(node1);
treeView1.ExpandAll();
}
}
public void _PrintPacketDetailHandler(PPacket ppacket)
{
//try
//{
//------------------------------------------------------------------------------------------------------------------------------
//| packet no 5 | relative time 0.745022 | packet length 55 |
//-------------------------------------------------------[ethernet frame]-------------------------------------------------------
//| 0x0000 | 00 07 CB C1 35 5D | destination MAC address 00:07:CB:C1:35:5D | header length 14 |
//| 0x0006 | 48 5B 39 C0 45 48 | source MAC address 48:5B:39:C0:45:48 | data length 41 |
//| 0x000C | 08 00 | ether type 0x0800 IPv4 | |
//---------------------------------------------------------[ipv4 frame]---------------------------------------------------------
//| 0x000E | 45 | version 4 | header length 20 |
//| | | internet header length (ihl) 5 | data length 21 |
//| 0x000F | 00 | dscp 0x00 | |
//| | | ecn | |
//| 0x0010 | 00 29 | total length 41 | |
//| 0x0012 | 4F F9 | identification 0x4FF9 | |
//| 0x0014 | 40 00 | flags | |
//| | | fragment offset 0x0000 | |
//| 0x0016 | 80 | time to live 0x80 | |
//| 0x0017 | 06 | protocol 0x06 TCP | |
//| 0x0018 | 1A 47 | header checksum 0x1A47 | |
//| 0x001A | C0 A8 00 01 | source ip address 192.168.0.1 | |
//| 0x001E | AD C2 22 23 | destination ip address 173.194.34.35 | |
//| | | options (if ihl > 5) | |
//| 0x0022 | CD 67 01 BB E9 DF 53 5D | data | |
//| 0x002A | 91 1F 42 06 50 10 40 3D | | |
//| 0x0032 | FF 81 00 00 00 | | |
//------------------------------------------------------------------------------------------------------------------------------
//if (ip.Tcp != null && ip.Tcp.Http.Version == null)
// return;
PrintPacketInfos(ppacket);
_dataLength = (ushort)ppacket.Packet.Count;
_dataEnum = ppacket.Packet.zAsEnumerableWithCounter();
PrintEthernet(ppacket);
EthernetDatagram ethernet = ppacket.Packet.Ethernet;
if (ethernet.EtherType == EthernetType.IpV4)
{
PrintIpV4(ppacket);
IpV4Datagram ip = ethernet.IpV4;
if (ip.Protocol == IpV4Protocol.Tcp)
{
PrintTcp(ppacket);
if (ip.Tcp.Http.Version != null)
PrintHttp(ppacket);
}
}
WriteSeparation();
Trace.WriteLine();
//}
//finally
//{
// WriteSeparation();
// Trace.WriteLine();
//}
}
