// The callback function for the SharpPcap library
private static void device_PcapOnPacketArrival(object sender, CaptureEventArgs e)
{
TcpPacket tcpPacket = Packet.ParsePacket(LinkLayers.Ethernet, e.Packet.Data).PayloadPacket.PayloadPacket as TcpPacket;
// THIS FILTERS D3 TRAFFIC, GS AS WELL AS MOONET
if (tcpPacket != null && (tcpPacket.SourcePort == 1119 || tcpPacket.DestinationPort == 1119))
{
Connection c = new Connection(tcpPacket);
if (!sharpPcapDict.ContainsKey(c))
{
string fileName = c.getFileName(path);
TcpRecon tcpRecon = new TcpRecon(fileName);
sharpPcapDict.Add(c, tcpRecon);
}
// Use the TcpRecon class to reconstruct the session
sharpPcapDict[c].ReassemblePacket(tcpPacket);
}
}
// The callback function for the SharpPcap library
private static void device_PcapOnPacketArrival(object sender, CaptureEventArgs e)
{
var packet = Packet.ParsePacket(LinkLayers.Ethernet, e.Packet.Data);
var eth_packet = packet as EthernetPacket;
if (packet.PayloadPacket == null) return;
//drop non ipv4
if (eth_packet.Type != EthernetPacketType.IpV4)
return;
IPv4Packet ipv4Packet = eth_packet.PayloadPacket as IPv4Packet;
if (ipv4Packet.PayloadPacket == null) return;
TcpPacket tcpPacket = ipv4Packet.PayloadPacket as TcpPacket;
if (tcpPacket == null)
return;
if (!tcpPacket.ValidChecksum)
return;
// THIS FILTERS D3 TRAFFIC, GS AS WELL AS MOONET
if (tcpPacket.SourcePort == 1119 || tcpPacket.DestinationPort == 1119)
{
Connection c = new Connection(tcpPacket);
if (!sharpPcapDict.ContainsKey(c))
{
string fileName = c.getFileName(path);
TcpRecon tcpRecon = new TcpRecon(fileName);
sharpPcapDict.Add(c, tcpRecon);
}
// Use the TcpRecon class to reconstruct the session
sharpPcapDict[c].ReassemblePacket(tcpPacket);
}
}