private static Packet CreateMalwarePacket() { //08:00:27:95:a6:a3 source mac //ushort tcpSourcePort = 123; //ushort tcpDestinationPort = 321; //var tcpPacket = new TcpPacket(tcpSourcePort, tcpDestinationPort); var ipSourceAddress = System.Net.IPAddress.Parse("10.8.0.148"); var ipDestinationAddress = System.Net.IPAddress.Parse("6.6.6.6"); var ipPacket = new IPv4Packet(ipSourceAddress, ipDestinationAddress); ipPacket.TimeToLive = 128; ipPacket.Checksum = ipPacket.CalculateIPChecksum(); UdpPacket udpPacket = UdpPacket.RandomPacket(); //udpPacket.DestinationPort = ; udpPacket.PayloadData = Encoding.UTF8.GetBytes("XCOM Prototype Malware: Don't be frightend, this is not real malware! Just science project"); //udpPacket.SourcePort=50093; udpPacket.DestinationPort = 1723; //udpPacket.Checksum = (ushort)udpPacket.CalculateUDPChecksum(); ipPacket.PayloadPacket = udpPacket; var sourceHwAddress = "08-00-27-95-A6-A3"; var ethernetSourceHwAddress = System.Net.NetworkInformation.PhysicalAddress.Parse(sourceHwAddress); var destinationHwAddress = "08-00-27-AB-3E-A6"; var ethernetDestinationHwAddress = System.Net.NetworkInformation.PhysicalAddress.Parse(destinationHwAddress); // NOTE: using EthernetPacketType.None to illustrate that the Ethernet // protocol type is updated based on the packet payload that is // assigned to that particular Ethernet packet var ethernetPacket = new EthernetPacket(ethernetSourceHwAddress, ethernetDestinationHwAddress, EthernetPacketType.None); // Now stitch all of the packets together //ipPacket.PayloadPacket = tcpPacket; ethernetPacket.PayloadPacket = ipPacket; // and print out the packet to see that it looks just like we wanted it to Console.WriteLine(ethernetPacket.ToString()); // to retrieve the bytes that represent this newly created EthernetPacket use the Bytes property //byte[] packetBytes = ethernetPacket.Bytes; return(ethernetPacket); }
//tasks used by each constructor path private void init() { //not really sure what the capture device is, I think it refers to the NIC device = CaptureDeviceList.New()[3]; //better than .instance[3] apparently, according to author device.Open(); //opens device, whatever that means //TCP packet is the payload of the IP packet //TcpPacket tcpPacket = new TcpPacket(localPort, destPort); //creates empty packet and sets the source and destination ports <port> //tcpPacket.Flags = 0x02; //syn flag //tcpPacket.WindowSize = 64240; UdpPacket udpPacket = new UdpPacket(localPort, destPort); //IP packet delivers TCP packet as its payload. IP packet is the payload of the Ethernet packet going to the gateway IPv4Packet ipPacket = new IPv4Packet(srcAddress, destAddress); ipPacket.TotalLength = 52; ipPacket.Id = 0xa144; ipPacket.FragmentFlags = 0x40; ipPacket.TimeToLive = 128; //Ethernet packet delivers the IP packet to the gateway PhysicalAddress srcMAC = getLocalMAC(); //Console.WriteLine(srcMAC); //just check that it is getting the right one, otherwise you'll have to enter it manually ethernetPacket = new EthernetPacket(srcMAC, destMAC, EthernetType.None); //matryoshka doll the packets ethernetPacket.PayloadPacket = ipPacket; ipPacket.PayloadPacket = udpPacket; //this may need to be moved elsewhere incase time factors into the checksum udpPacket.Checksum = udpPacket.CalculateUdpChecksum(); ipPacket.Checksum = ipPacket.CalculateIPChecksum(); sendTimer = new Timer(); sendTimer.Elapsed += new ElapsedEventHandler(sendPacket); //method to be done every interval sendTimer.Enabled = true; //does not start timer, it means the method will be done every interval }
public static Packet CreatePacket(Param param) { Packet ret = null; //create layer 4 if (param.packetType == Param.PacketType.TCP) { TcpPacket tcpPacket = new TcpPacket(param.sPort, param.dPort); tcpPacket.AllFlags = param.tcpFlag; if (param.dIP.ToString().Contains(".")) { IPv4Packet ipPacket = new IPv4Packet(param.sIP, param.dIP); if (param.IPv4Frag) { ipPacket.FragmentFlags = (int)1; } ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV4); ipPacket.PayloadPacket = tcpPacket; tcpPacket.PayloadData = param.payload; ret.PayloadPacket = ipPacket; ipPacket.UpdateCalculatedValues(); ipPacket.UpdateIPChecksum(); tcpPacket.Checksum = (ushort)tcpPacket.CalculateTCPChecksum(); } else { IPv6Packet ipPacket = new IPv6Packet(param.sIP, param.dIP); ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV6); ipPacket.PayloadPacket = tcpPacket; tcpPacket.PayloadData = param.payload; ret.PayloadPacket = ipPacket; } } else if (param.packetType == Param.PacketType.UDP) { UdpPacket udpPacket = new UdpPacket(param.sPort, param.dPort); if (param.dIP.ToString().Contains(".")) { IPv4Packet ipPacket = new IPv4Packet(param.sIP, param.dIP); if (param.IPv4Frag) { ipPacket.FragmentFlags = (int)1; } ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV4); ipPacket.PayloadPacket = udpPacket; udpPacket.PayloadData = param.payload; udpPacket.UpdateUDPChecksum(); ipPacket.PayloadLength = (ushort)(ipPacket.PayloadLength + param.payload.Length); ipPacket.UpdateIPChecksum(); ret.PayloadPacket = ipPacket; } else { IPv6Packet ipPacket = new IPv6Packet(param.sIP, param.dIP); ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV6); ipPacket.PayloadPacket = udpPacket; udpPacket.PayloadData = param.payload; udpPacket.UpdateUDPChecksum(); ipPacket.PayloadLength = (ushort)(ipPacket.PayloadLength + param.payload.Length); ret.PayloadPacket = ipPacket; } } else if (param.packetType == Param.PacketType.ICMP) { ICMPv4Packet icmpPacket = new ICMPv4Packet(new ByteArraySegment(new byte[32])); if (param.type != 0 && param.code != 0) { icmpPacket.TypeCode = (ICMPv4TypeCodes)((param.type * 256) + (param.code)); } else if (param.type != 0) { icmpPacket.TypeCode = (ICMPv4TypeCodes)((param.type * 256)); } else { icmpPacket.TypeCode = ICMPv4TypeCodes.EchoRequest; } IPv4Packet ipPacket = new IPv4Packet(param.sIP, param.dIP); if (param.IPv4Frag) { ipPacket.FragmentFlags = (int)1; } ipPacket.PayloadPacket = icmpPacket; ipPacket.Checksum = ipPacket.CalculateIPChecksum(); ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV4); ret.PayloadPacket = ipPacket; } else if (param.packetType == Param.PacketType.ICMPv6) { ICMPv6Packet icmpv6Packet = CreateICMPv6Packet(param); IPv6Packet ipPacket = new IPv6Packet(param.sIP, param.dIP); ipPacket.PayloadPacket = icmpv6Packet; ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV6); ret.PayloadPacket = ipPacket; } else if (param.packetType == Param.PacketType.IP) { if (param.dIP.ToString().Contains(".")) { ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV4); IPv4Packet ipPacket = new IPv4Packet(param.sIP, param.dIP); if (param.IPv4Frag) { ipPacket.FragmentFlags = (int)1; } ipPacket.Protocol = param.IPProtocol; ipPacket.PayloadData = param.payload; ipPacket.UpdateCalculatedValues(); ret.PayloadPacket = ipPacket; ipPacket.UpdateIPChecksum(); } else { ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV6); //if extension headers were not specified, just put the payload if (param.ExtentionHeader.Count == 0) { IPv6Packet ipPacket = new IPv6Packet(param.sIP, param.dIP); ipPacket.Protocol = param.IPProtocol; ipPacket.PayloadData = param.payload; ipPacket.PayloadLength = (ushort)param.payload.Length; ipPacket.UpdateCalculatedValues(); ret.PayloadPacket = ipPacket; } else { ret = PacketFactory.CreateEHPacket(param, (EthernetPacket)ret); } ret.UpdateCalculatedValues(); } } else if (param.packetType == Param.PacketType.EtherType) { ret = new EthernetPacket(param.sMAC, param.dMAC, param.EtherTypeProtocol); byte[] etherBuffer = (new byte[64]); var payload = new byte[etherBuffer.Length + (param.payload).Length]; etherBuffer.CopyTo(payload, 0); (param.payload).CopyTo(payload, etherBuffer.Length); ret.PayloadData = payload; ret.UpdateCalculatedValues(); } return ret; }