void WatchAddress(object ipAddress) { Sniffer s = new Sniffer(); // s.IpPacketReceived += new EventHandler(s_IpPacketReceived); s.IpPacketSent += new EventHandler(s_IpPacketSent); s.TcpPort = ((TslSslConfig)Configuration.AgentSettings).RdpPort; System.Diagnostics.EventLog.WriteEntry("Cyberarms.Agents.TlsSslAgent", String.Format("Remote Desktop Security Agent is listening on port {0}", s.TcpPort)); s.WatchAddress((IPAddress)ipAddress); sniffers.Add(s); }
void s_IpPacketSent(object sender, EventArgs e) { IPHeader ipHeader = (IPHeader)sender; if (ipHeader.ProtocolType == Protocol.Tcp) { try { TCPHeader tcp = new TCPHeader(ipHeader.Data, ipHeader.MessageLength); int sourcePort; if (int.TryParse(tcp.SourcePort, out sourcePort)) { if (sourcePort == ((TslSslConfig)Configuration.AgentSettings).RdpPort) { if (Tracing) { OnTrace((IPHeader)sender); } if (tcp.Data.Length > 0) { AppLayerTlsSsl tls = new AppLayerTlsSsl(tcp.Data, tcp.Data.Length); if (tls.TlsHeader.MinorVersion >= 1 && tls.TlsHeader.MinorVersion < 10 && tls.TlsHeader.MajorVersion >= 1 && tls.TlsHeader.MajorVersion < 10) // check if packet is tls/ssl { if (tls.TlsHeader.ContentType == AppLayerTlsSsl.CONTENT_TYPE_ENCRYPTED_ALERT) { UnsuccessfulLogin(ipHeader.DestinationAddress.ToString()); } } } // Console.WriteLine("Flags: {0}\tAck: {1}\tSeq:{2}", tcp.Flags, tcp.AcknowledgementNumber, tcp.SequenceNumber); // Console.WriteLine("Source: {0}:{1}\tDestination: {2}:{3}", ipHeader.SourceAddress, tcp.SourcePort, ipHeader.DestinationAddress, tcp.DestinationPort); } } } catch (Exception ex) { Sniffer.LogTrace(ex); } } }