private static void SendResponse(System.Net.NetworkInformation.PhysicalAddress pysSrc, System.Net.NetworkInformation.PhysicalAddress pysdest, IPAddress destAddrIp, IPAddress myAddrIp) //builds arp packed and sends it to poison { CaptureDeviceList devices = CaptureDeviceList.Instance; foreach (ICaptureDevice dev in devices) { dev.Open(); //System.Net.NetworkInformation.PhysicalAddress pysSrc = null; //System.Net.NetworkInformation.PhysicalAddress pysdest = null; //IPAddress destAddrIp = new IPAddress(null); //IPAddress myAddrIp = new IPAddress(null); try { var ethernetPacket = new PacketDotNet.EthernetPacket(pysSrc, pysdest, PacketDotNet.EthernetPacketType.Arp); var arpPacket = new PacketDotNet.ARPPacket(PacketDotNet.ARPOperation.Response, pysdest, destAddrIp, pysSrc, myAddrIp); ethernetPacket.PayloadPacket = arpPacket; dev.SendPacket(ethernetPacket); } catch (Exception e) { } } }
private void m_adapter_OnPacketArrival(object sender, CaptureEventArgs e) { if (e.Packet.LinkLayerType != PacketDotNet.LinkLayers.Ethernet) { return; } PacketDotNet.Utils.ByteArraySegment bas = new PacketDotNet.Utils.ByteArraySegment(e.Packet.Data); PacketDotNet.EthernetPacket ethP = new PacketDotNet.EthernetPacket(bas); if (ethP.Type != (PacketDotNet.EthernetPacketType) 0x8892 && ethP.Type != PacketDotNet.EthernetPacketType.VLanTaggedFrame) { return; } if (ethP.PayloadPacket != null && ethP.PayloadPacket is PacketDotNet.Ieee8021QPacket) { if (((PacketDotNet.Ieee8021QPacket)ethP.PayloadPacket).Type != (PacketDotNet.EthernetPacketType) 0x8892) { return; } if (((PacketDotNet.Ieee8021QPacket)ethP.PayloadPacket).PayloadData == null) { Trace.TraceWarning("Empty vlan package"); return; } m_adapter_OnProfinetArrival(new ConnectionInfoEthernet(this, ethP.DestinationHwAddress, ethP.SourceHwAddress), new MemoryStream(((PacketDotNet.Ieee8021QPacket)ethP.PayloadPacket).PayloadData, false)); } else { if (ethP.PayloadData == null) { Trace.TraceWarning("Empty ethernet package"); return; } m_adapter_OnProfinetArrival(new ConnectionInfoEthernet(this, ethP.DestinationHwAddress, ethP.SourceHwAddress), new MemoryStream(ethP.PayloadData, false)); } }
private PacketDotNet.Packet BuildRequest(System.Net.IPAddress destinationIP, PhysicalAddress localMac, System.Net.IPAddress localIP) { // an arp packet is inside of an ethernet packet var ethernetPacket = new PacketDotNet.EthernetPacket(localMac, PhysicalAddress.Parse("FF-FF-FF-FF-FF-FF"), PacketDotNet.EthernetType.Arp); var arpPacket = new PacketDotNet.ArpPacket(PacketDotNet.ArpOperation.Request, PhysicalAddress.Parse("00-00-00-00-00-00"), destinationIP, localMac, localIP); // the arp packet is the payload of the ethernet packet ethernetPacket.PayloadPacket = arpPacket; return(ethernetPacket); }
private void ProcessLoop() { var FakeMACAddr = System.Net.NetworkInformation.PhysicalAddress.Parse("90-90-90-90-90-90"); var Fakeethernetv4Packet = new PacketDotNet.EthernetPacket(FakeMACAddr, FakeMACAddr, PacketDotNet.EthernetPacketType.IPv4); var Fakeethernetv6Packet = new PacketDotNet.EthernetPacket(FakeMACAddr, FakeMACAddr, PacketDotNet.EthernetPacketType.IPv6); while (true) { var packet = rxBuffer.Take(); int IPversion = (packet.Data[0]) >> 4; PacketDotNet.Packet ParsedPacket; PacketDotNet.IPProtocolType IPNextProtocol; switch (IPversion) { case 4: var FullBytev4 = Fakeethernetv4Packet.Bytes.ToList(); FullBytev4.AddRange(packet.Data); ParsedPacket = PacketDotNet.Packet.ParsePacket(PacketDotNet.LinkLayers.Ethernet, FullBytev4.ToArray()).PayloadPacket; var IPv4Header = (PacketDotNet.IPv4Packet)ParsedPacket; IPNextProtocol = IPv4Header.NextHeader; ParsedPacket = IPv4Header.PayloadPacket; break; case 6: var FullBytev6 = Fakeethernetv6Packet.Bytes.ToList(); FullBytev6.AddRange(packet.Data); ParsedPacket = PacketDotNet.Packet.ParsePacket(PacketDotNet.LinkLayers.Ethernet, FullBytev6.ToArray()).PayloadPacket; var IPv6Header = (PacketDotNet.IPv6Packet)ParsedPacket; IPNextProtocol = IPv6Header.NextHeader; ParsedPacket = IPv6Header.PayloadPacket; break; default: txBuffer.Add(packet); continue; } switch (IPNextProtocol) { case PacketDotNet.IPProtocolType.UDP: break; default: txBuffer.Add(packet); continue; } try { long nonceTime = (DateTimeOffset.Now.ToUnixTimeSeconds() / 300) * 300; byte[] nonce = sha256Ctx.ComputeHash(Encoding.Default.GetBytes(nonceTime.ToString())).Take(8).ToArray(); byte[] decryptedData; var NSecKey = Key.Import(AeadAlgorithm.ChaCha20Poly1305, key, KeyBlobFormat.RawSymmetricKey); var NSecNonce = new Nonce(nonce, 4); AeadAlgorithm.ChaCha20Poly1305.Decrypt(NSecKey, NSecNonce, null, ParsedPacket.PayloadData, out decryptedData); if (decryptedData == null) { // Data will be null when decrypt failed, this may mean the packet is not sended by this software. txBuffer.Add(packet); continue; } ProtocolPacket RXProtocolPacket = JsonConvert.DeserializeObject <ProtocolPacket>(System.Text.Encoding.Default.GetString(decryptedData)); if (RXProtocolPacket.PacketMD5Sum == "") { continue; } ProcessProtocolPacket(RXProtocolPacket); } catch (Exception ex) { // This will not catch decrypt fail, but may catch other erros likes key format error. Console.WriteLine(ex); txBuffer.Add(packet); } } }
private void device_OnPacketArrival(object sender, CaptureEventArgs e) { var time = e.Packet.Timeval.Date; var len = e.Packet.Data.Length; var pack = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data); if (pack is PacketDotNet.EthernetPacket) { PacketDotNet.EthernetPacket ethPack = pack as PacketDotNet.EthernetPacket; if (ethPack.PayloadPacket is PacketDotNet.IPv4Packet) { PacketDotNet.IPv4Packet ipPack = ethPack.PayloadPacket as PacketDotNet.IPv4Packet; //TCP if (ipPack.PayloadPacket is PacketDotNet.TcpPacket) { PacketDotNet.TcpPacket tcpPack = ipPack.PayloadPacket as PacketDotNet.TcpPacket; if ((ipPack.DestinationAddress.ToString().Equals("172.25.25.50") && tcpPack.DestinationPort == 8001) || (ipPack.SourceAddress.ToString().Equals("172.25.25.50") && tcpPack.SourcePort == 8001)) { //Console.WriteLine("TCP:{0}:{1}-{2}:{3}",ipPack.SourceAddress, tcpPack.SourcePort,ipPack.DestinationAddress,tcpPack.DestinationPort); if (tcpPack.PayloadData != null && tcpPack.PayloadData.Length > 0) { Console.WriteLine("读取数据:{0}", System.Text.Encoding.UTF8.GetString(tcpPack.PayloadData)); } } } //UDP else if (ipPack.PayloadPacket is PacketDotNet.UdpPacket) { PacketDotNet.UdpPacket udp = ipPack.PayloadPacket as PacketDotNet.UdpPacket; if (ipPack.DestinationAddress.ToString().Equals("172.25.25.69") && udp.DestinationPort == 5060) { if (udp.PayloadData != null && udp.PayloadData.Length > 0) { Console.WriteLine("读取数据:{0}", System.Text.Encoding.UTF8.GetString(udp.PayloadData)); } } //if (ipPack.DestinationAddress.ToString().Equals("172.25.25.69") && udp.DestinationPort == 18038) if (ipPack.DestinationAddress.ToString().Equals("172.25.25.66") && udp.DestinationPort == 18132) { if (udp.PayloadData != null && udp.PayloadData.Length > 100) { RtpPacket rtpPacket = new RtpPacket(udp.PayloadData); RtpHeader rtpHeader = new RtpHeader(udp.PayloadData); int packetRate = RTPPayloadTypes.GetSamplingFrequency((RTPPayloadTypesEnum)Enum.ToObject(typeof(RTPPayloadTypesEnum), rtpHeader.PayloadType)); //8000 int minSec = ((int)rtpHeader.Timestamp - _preTimestamp - _prePacketLength) / (packetRate / 1000); _preTimestamp = (int)rtpHeader.Timestamp; _prePacketLength = rtpPacket.Payload.Length; //写文件 string fileName = "F:\\" + "testRtp9" + ".wav"; PCMU m_PCMU = new PCMU(); //语音包 using (System.IO.FileStream fs = new System.IO.FileStream(fileName, System.IO.FileMode.OpenOrCreate, System.IO.FileAccess.Write, System.IO.FileShare.None)) { byte[] temp = null; //空白语音 byte[] dec = null; //payload荷载数据 byte[] data = null; //完整数据 //空白 if (minSec > 0) { //temp = new byte[16 * minSec]; //dec = m_PCMU.Decode_pcm8(rtpPacket.Payload, 0, rtpPacket.Payload.Length); //data = new byte[temp.Length + dec.Length]; //Array.Copy(temp, 0, data, 0, temp.Length); //Array.Copy(dec, 0, data, temp.Length, dec.Length); temp = new byte[8 * minSec]; for (int i = 0; i < temp.Length; i++) { temp[i] = 0xFE; } dec = rtpPacket.Payload; data = new byte[temp.Length + dec.Length]; Array.Copy(temp, 0, data, 0, temp.Length); Array.Copy(dec, 0, data, temp.Length, dec.Length); data = m_PCMU.Decode_ulaw_pcm8(data, 0, data.Length); } else { data = m_PCMU.Decode_ulaw_pcm8(rtpPacket.Payload, 0, rtpPacket.Payload.Length); } fs.Position = fs.Length; fs.Write(data, 0, data.Length); } } } } } } }
//builds arp packed and sends it to poison private static void SendResponse(System.Net.NetworkInformation.PhysicalAddress pysSrc, System.Net.NetworkInformation.PhysicalAddress pysdest, IPAddress destAddrIp, IPAddress myAddrIp) { CaptureDeviceList devices = CaptureDeviceList.Instance; foreach (ICaptureDevice dev in devices) { dev.Open(); //System.Net.NetworkInformation.PhysicalAddress pysSrc = null; //System.Net.NetworkInformation.PhysicalAddress pysdest = null; //IPAddress destAddrIp = new IPAddress(null); //IPAddress myAddrIp = new IPAddress(null); try { var ethernetPacket = new PacketDotNet.EthernetPacket(pysSrc, pysdest, PacketDotNet.EthernetPacketType.Arp); var arpPacket = new PacketDotNet.ARPPacket(PacketDotNet.ARPOperation.Response, pysdest, destAddrIp, pysSrc, myAddrIp); ethernetPacket.PayloadPacket = arpPacket; dev.SendPacket(ethernetPacket); } catch (Exception e) { } } }
private static void AnalyzePacket_Ethernet(PacketDotNet.EthernetPacket packet, PacketAnalyzeParam param) { param.Protocol = "Ethernet"; param.SourceHwAddress = packet.SourceHardwareAddress; param.DestinationHwAddress = packet.DestinationHardwareAddress; }
private PacketDotNet.Packet BuildRequest(System.Net.IPAddress destinationIP, PhysicalAddress localMac, System.Net.IPAddress localIP) { // an arp packet is inside of an ethernet packet var ethernetPacket = new PacketDotNet.EthernetPacket(localMac, PhysicalAddress.Parse("FF-FF-FF-FF-FF-FF"), PacketDotNet.EthernetPacketType.Arp); var arpPacket = new PacketDotNet.ARPPacket(PacketDotNet.ARPOperation.Request, PhysicalAddress.Parse("00-00-00-00-00-00"), destinationIP, localMac, localIP); // the arp packet is the payload of the ethernet packet ethernetPacket.PayloadPacket = arpPacket; return ethernetPacket; }
public static void GenerateDataGridViewRow(SharpPcap.CaptureEventArgs e) { PacketDotNet.Packet p; PacketDotNet.InternetLinkLayerPacket iLinkLayerPacket = null; String row_SourceAddress = ""; String row_DestinationAddress = ""; String row_Protocol = ""; Int32 row_PacketLength = 0; DataGridViewCellStyle row_cellStyle = new DataGridViewCellStyle(); String row_Time; // Compute the time of packet arrival TimeSpan timeInterval; timeInterval = (e.Packet.Timeval.Date.ToLocalTime() - CaptureStatistic.StartOfCapture); row_Time = timeInterval.Minutes.ToString() + ":" + timeInterval.Seconds.ToString() + "::" + timeInterval.Milliseconds.ToString(); row_cellStyle.BackColor = Color.White; // Get PacketDotNet.Packet object p = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data); CaptureStatistic.NumberOfCapturedPackets++; switch (e.Packet.LinkLayerType) { case PacketDotNet.LinkLayers.Ethernet: #region Parse Ethernet Packets PacketDotNet.EthernetPacket etherPacket = PacketDotNet.EthernetPacket.GetEncapsulated(p); iLinkLayerPacket = etherPacket; // Get Some Ethernet Packet's fields row_PacketLength = etherPacket.Bytes.Length; switch (etherPacket.Type) { case PacketDotNet.EthernetPacketType.IpV4: CaptureStatistic.CapturedIpV4++; PacketDotNet.IPv4Packet ipv4Packet = (PacketDotNet.IPv4Packet)PacketDotNet.IPv4Packet.GetEncapsulated(etherPacket); row_SourceAddress = ipv4Packet.SourceAddress.ToString(); row_DestinationAddress = ipv4Packet.DestinationAddress.ToString(); row_Protocol = "IPv4/" + ipv4Packet.Protocol.ToString(); switch (ipv4Packet.Protocol) { case PacketDotNet.IPProtocolType.TCP: CaptureStatistic.CapturedTcpV4++; row_cellStyle = ProtocolColor.TCP; break; case PacketDotNet.IPProtocolType.UDP: CaptureStatistic.CapturedUdpV4++; row_cellStyle = ProtocolColor.UDP; break; case PacketDotNet.IPProtocolType.GRE: CaptureStatistic.CapturedGre++; row_cellStyle = ProtocolColor.GRE; break; case PacketDotNet.IPProtocolType.ICMP: CaptureStatistic.CapturedIcmpV4++; row_cellStyle = ProtocolColor.ICMP; break; case PacketDotNet.IPProtocolType.IGMP: CaptureStatistic.CapturedIgmp++; row_cellStyle = ProtocolColor.IGMP; break; } break; case PacketDotNet.EthernetPacketType.IpV6: CaptureStatistic.CapturedIpV6++; PacketDotNet.IPv6Packet ipv6Packet = (PacketDotNet.IPv6Packet)PacketDotNet.IPv6Packet.GetEncapsulated(etherPacket); row_SourceAddress = ipv6Packet.SourceAddress.ToString(); row_DestinationAddress = ipv6Packet.DestinationAddress.ToString(); row_Protocol = "IPv6/" + ipv6Packet.NextHeader.ToString(); switch (ipv6Packet.NextHeader) { case PacketDotNet.IPProtocolType.GRE: CaptureStatistic.CapturedGre++; break; case PacketDotNet.IPProtocolType.ICMP: CaptureStatistic.CapturedIcmpV4++; break; case PacketDotNet.IPProtocolType.ICMPV6: CaptureStatistic.CapturedIcmpV6++; break; case PacketDotNet.IPProtocolType.IGMP: CaptureStatistic.CapturedIgmp++; break; case PacketDotNet.IPProtocolType.TCP: CaptureStatistic.CapturedTcpV6++; break; case PacketDotNet.IPProtocolType.UDP: CaptureStatistic.CapturedUdpV6++; break; default: break; } break; case PacketDotNet.EthernetPacketType.Arp: CaptureStatistic.CapturedArp++; row_Protocol = "ARP"; row_SourceAddress = etherPacket.SourceHwAddress.ToString(); row_DestinationAddress = "Broadcast"; row_cellStyle = ProtocolColor.ARP; break; default: row_Protocol = etherPacket.Type.ToString(); break; } #endregion break; } // Add packet to the DataGridVeiw DataGridViewRow newRow = (DataGridViewRow)MainFormDataGridView.RowTemplate.Clone(); newRow.CreateCells(MainFormDataGridView); newRow.Tag = iLinkLayerPacket; newRow.SetValues(CaptureStatistic.NumberOfCapturedPackets, row_Time, row_SourceAddress, row_DestinationAddress, row_Protocol, row_PacketLength); foreach (DataGridViewCell cell in newRow.Cells) cell.Style = row_cellStyle; MainFormDataGridView.Rows.Add(newRow); }