C# (CSharp) TcpHelper.GetProcessCommunicatingWithRemoteIP 예제들

예제 #1

파일: mainForm.cs 프로젝트: 0xefface/realmoffline

        private void device_OnPacketArrival(object sender, SharpPcap.CaptureEventArgs e)
        {
            // Parse our ip
            IPAddress[] toMonitor;


            try
            {
                Packet    packet = Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
                TcpPacket tcp    = packet.Extract(typeof(TcpPacket)) as TcpPacket;


                if (tcp != null)
                {
                    IpPacket   ipPacket = (IpPacket)tcp.ParentPacket;
                    FontFamily lcFamily = null;
                    lcFamily = new FontFamily("Lucida Console");

                    if (lcFamily == null)
                    {
                        lcFamily = new FontFamily(GenericFontFamilies.Monospace);
                    }

                    System.Drawing.Font font = new Font(lcFamily, 8);
                    //mainForm.WriteLine(string.Format("From IP: {0} {1}",ipPacket.DestinationAddress.ToString(), ipPacket.DestinationAddress.AddressFamily.ToString()));
                    if (IsMonitoringIpAddresses && !string.IsNullOrEmpty(txt_Ip.Text))
                    {
                        foreach (string ip in Globals.SplitIPList(txt_Ip.Text))
                        {
                            // Try to parse
                            IPAddress a = null;
                            if (IPAddress.TryParse(ip, out a))
                            {
                            }
                            //mainForm.WriteLine(string.Format("Parsed to {0}", Globals.ToUncompressedString(a)));

                            //if (ipPacket.DestinationAddress.ToString() == ip || ipPacket.SourceAddress.ToString() == ip)
                            if (Globals.ToUncompressedString(ipPacket.DestinationAddress) == Globals.ToUncompressedString(a) || Globals.ToUncompressedString(ipPacket.SourceAddress) == Globals.ToUncompressedString(a))
                            {
                                //mainForm.WriteLine("Matched IP", Color.Red);
                                // get the process using this ip and port
                                ProcessUsingIP = TcpHelper.GetProcessCommunicatingWithRemoteIP(ipPacket.DestinationAddress);
                                if (ProcessUsingIP != null)
                                {
                                    //mainForm.WriteLine(string.Format("Got Process {0}", ProcessUsingIP.ProcessName));
                                    byte[] pMem = null;
                                    if (Globals.TryGetAllProcessMemoryBytes(ProcessUsingIP, out pMem))
                                    {
                                        //mainForm.WriteLine(Globals.FormatBytes(pMem).Trim());
                                    }
                                }
                                // Write it out
                                if (Globals.FormatBytes(tcp.PayloadData).Trim() != "{ 0x };")
                                {
                                    if (ipPacket.SourceAddress.ToString() == ip)
                                    {
                                        mainForm.WriteLine(string.Format("From Ip {0} port {1} to Ip {2} port {3}", ipPacket.SourceAddress, tcp.SourcePort, ipPacket.DestinationAddress, tcp.DestinationPort), Color.Blue);
                                        mainForm.WriteLine(Globals.FormatBytes(tcp.PayloadData), Color.Red);
                                        mainForm.WriteLine(string.Format("Data                   Raw Hex Output - length={0} bytes", tcp.PayloadData.Length), Color.Red);
                                        mainForm.WriteLine(Globals.NiceHexOutput(tcp.PayloadData), Color.Red, font);
                                    }
                                    else
                                    {
                                        mainForm.WriteLine(string.Format("From Ip {0} port {1} to Ip {2} port {3}", ipPacket.SourceAddress, tcp.SourcePort, ipPacket.DestinationAddress, tcp.DestinationPort), Color.Blue);
                                        mainForm.WriteLine(Globals.FormatBytes(tcp.PayloadData), Color.Green);
                                        mainForm.WriteLine(string.Format("Data                   Raw Hex Output - length={0} bytes", tcp.PayloadData.Length), Color.Green);
                                        mainForm.WriteLine(Globals.NiceHexOutput(tcp.PayloadData), Color.Green, font);
                                    }
                                }
                            }
                        }
                    }
                    else
                    {
                        // Write it all out
                        if (Globals.FormatBytes(tcp.PayloadData).Trim() != "{ 0x };")
                        {
                            mainForm.WriteLine(string.Format("From Ip {0} port {1} to Ip {2} port {3}", ipPacket.SourceAddress, tcp.SourcePort, ipPacket.DestinationAddress, tcp.DestinationPort), Color.Blue);
                            mainForm.WriteLine(Globals.FormatBytes(tcp.PayloadData), Color.Black);
                            mainForm.WriteLine(string.Format("Data                   Raw Hex Output - length={0} bytes", tcp.PayloadData.Length), Color.Black);
                            mainForm.WriteLine(Globals.NiceHexOutput(tcp.PayloadData), Color.Black, font);
                        }
                    }
                }
            }
            catch { }
        }