public void ParseData()
{
TreeNode rootNode = new TreeNode();
TreeNode ipNode = treeFactory.MakeIPTreeNode(socketManager.headers.ip);
rootNode.Nodes.Add(ipNode);
switch (socketManager.headers.ip.ProtocolType)
{
case Protocol.TCP:
TcpHeader tcpHeader = new TcpHeader(socketManager.headers.ip.Data, socketManager.headers.ip.MessageLength);
TreeNode tcpNode = treeFactory.MakeTCPTreeNode(tcpHeader);
rootNode.Nodes.Add(tcpNode);
break;
case Protocol.UDP:
UdpHeader udpHeader = new UdpHeader(socketManager.headers.ip.Data, (int)socketManager.headers.ip.MessageLength);
TreeNode udpNode = treeFactory.MakeUDPTreeNode(udpHeader);
rootNode.Nodes.Add(udpNode);
break;
case Protocol.Unknown:
break;
}
AddTreeNode addTreeNode = new AddTreeNode(OnAddTreeNode);
rootNode.Text = socketManager.headers.ip.SourceAddress.ToString() + "-" +
socketManager.headers.ip.DestinationAddress.ToString();
treeView.Invoke(addTreeNode, new object[] { rootNode });
}
/// <summary>
/// This function parses the incoming packets and extracts the data based upon
/// the protocol being carried by the IP datagram.
/// </summary>
/// <param name="byteData">Incoming bytes</param>
/// <param name="nReceived">The number of bytes received</param>
private void ParseData(byte[] byteData, int nReceived)
{
TreeNode rootNode = new TreeNode();
// Since all protocol packets are encapsulated in the IP datagram
// so we start by parsing the IP header and see what protocol data
// is being carried by it.
IpHeader ipHeader = new IpHeader(byteData, nReceived);
TreeNode ipNode = MakeIPTreeNode(ipHeader);
rootNode.Nodes.Add(ipNode);
// Now according to the protocol being carried by the IP datagram we parse
// the data field of the datagram.
switch (ipHeader.ProtocolType)
{
case Protocol.TCP: TcpHeader tcpHeader = new TcpHeader(ipHeader.Data,
ipHeader.MessageLength);
TreeNode tcpNode = MakeTCPTreeNode(tcpHeader);
rootNode.Nodes.Add(tcpNode);
// If the port is equal to 53 then the underlying protocol is DNS.
// Note: DNS can use either TCP or UDP hence checking is done twice.
if (tcpHeader.DestinationPort == "53" ||
tcpHeader.SourcePort == "53")
{
TreeNode dnsNode = MakeDNSTreeNode(tcpHeader.Data,
(int)tcpHeader.MessageLength);
rootNode.Nodes.Add(dnsNode);
}
break;
case Protocol.UDP: UdpHeader udpHeader = new UdpHeader(ipHeader.Data,
(int)ipHeader.MessageLength);
TreeNode udpNode = MakeUDPTreeNode(udpHeader);
rootNode.Nodes.Add(udpNode);
// If the port is equal to 53 then the underlying protocol is DNS.
// Note: DNS can use either TCP or UDP, thats the reason
// why the checking has been done twice.
if (udpHeader.DestinationPort == "53" ||
udpHeader.SourcePort == "53")
{
TreeNode dnsNode = MakeDNSTreeNode(udpHeader.Data,
Convert.ToInt32(udpHeader.Length) - 8);
rootNode.Nodes.Add(dnsNode);
}
break;
case Protocol.Unknown:
break;
}
AddTreeNode addTreeNode = new AddTreeNode(OnAddTreeNode);
rootNode.Text = ipHeader.SourceAddress.ToString() + "-" +
ipHeader.DestinationAddress.ToString();
// Thread safe adding of the nodes.
treeView.Invoke(addTreeNode, new object[] { rootNode });
}
private void OnReceive(IAsyncResult asyncResult)
{
try
{
int nReceived = MainSocket.EndReceive(asyncResult);
IpHeader ipHeader = new IpHeader(ByteData, nReceived);
headers.ip = ipHeader;
switch (ipHeader.ProtocolType)
{
case Protocol.TCP:
TcpHeader tcpHeader = new TcpHeader(ipHeader.Data, ipHeader.MessageLength);
headers.tcpProtocol = tcpHeader;
headers.ProtocolType = 1;
break;
case Protocol.UDP:
UdpHeader udpHeader = new UdpHeader(ipHeader.Data, (int)ipHeader.MessageLength);
headers.udpProtocol = udpHeader;
headers.ProtocolType = 0;
break;
case Protocol.Unknown:
headers.ProtocolType = -1;
break;
}
//ParseData(ByteData, nReceived);
/* if (ContinueCapturing)
* {
* ByteData = new byte[2048];
* MainSocket.BeginReceive(ByteData, 0, ByteData.Length, SocketFlags.None, new AsyncCallback(OnReceive), null);
* }*/
}
catch (ObjectDisposedException) { }
catch (Exception exception)
{
MessageBox.Show(exception.Message, "Network Sniffer", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
/// <summary>
/// Helper function which returns the information contained in the TCP
/// header as a tree node.
/// </summary>
/// <param name="tcpHeader">Object containing all the TCP header fields</param>
/// <returns>TreeNode object returning TCP header details</returns>
private TreeNode MakeTCPTreeNode(TcpHeader tcpHeader)
{
TreeNode tcpNode = new TreeNode();
tcpNode.Text = "TCP";
tcpNode.Nodes.Add("Source Port: " + tcpHeader.SourcePort);
tcpNode.Nodes.Add("Destination Port: " + tcpHeader.DestinationPort);
tcpNode.Nodes.Add("Sequence Number: " + tcpHeader.SequenceNumber);
if (tcpHeader.AcknowledgementNumber != "")
{
tcpNode.Nodes.Add("Acknowledgement Number: " +
tcpHeader.AcknowledgementNumber);
}
tcpNode.Nodes.Add("Header Length: " + tcpHeader.HeaderLength);
tcpNode.Nodes.Add("Flags: " + tcpHeader.Flags);
tcpNode.Nodes.Add("Window Size: " + tcpHeader.WindowSize);
tcpNode.Nodes.Add("Checksum: " + tcpHeader.Checksum);
if (tcpHeader.UrgentPointer != "")
{
tcpNode.Nodes.Add("Urgent Pointer: " + tcpHeader.UrgentPointer);
}
return(tcpNode);
}
