private string findProtocol(PacketDotNet.EthernetPacket packet) { if (packet != null) { //Console.WriteLine("-------------------------------"); //System.Diagnostics.Trace.WriteLine("{0}", packet.Type.ToString()); //Console.WriteLine("-------------------------------"); if (packet.Type.ToString().Equals("IpV4")) { //System.Diagnostics.Trace.WriteLine("{0}", packet.Type.ToString()); // Console.WriteLine("Som v IPv4"); var IpPacket = (PacketDotNet.IpPacket)packet.Extract(typeof(PacketDotNet.IpPacket)); //System.Diagnostics.Trace.WriteLine("{0}", IpPacket.Protocol.ToString()); if (IpPacket.Protocol.ToString().Equals("TCP")) { // System.Diagnostics.Trace.WriteLine("{0}", packet.Type.ToString()); // Console.WriteLine("Som v TCP"); var TcpPacket = (PacketDotNet.TcpPacket)IpPacket.Extract(typeof(PacketDotNet.TcpPacket)); if (TcpPacket.SourcePort == 80) { return("HTTPS"); } else if (TcpPacket.DestinationPort == 80) { return("HTTPD"); } return("TCP"); } else if (IpPacket.Protocol.ToString().Equals("UDP")) { // Console.WriteLine("Som v UDP"); return("UDP"); } else if (IpPacket.Protocol.ToString().Equals("ICMP")) { var icmpPacket = (PacketDotNet.ICMPv4Packet)IpPacket.Extract(typeof(PacketDotNet.ICMPv4Packet)); if (icmpPacket.TypeCode.ToString().Equals("EchoReply")) { return("ICMPRep"); } else if (icmpPacket.TypeCode.ToString().Equals("EchoRequest")) { return("ICMPReq"); } } } else if (packet.Type.ToString().Equals("Arp")) { //System.Diagnostics.Trace.WriteLine("{0}", packet.Type.ToString()); // Console.WriteLine("Som v ARP"); return("ARP"); } else { // System.Diagnostics.Trace.WriteLine("{0}", packet.Type.ToString()); return(null); } } return(null); }
public packet(RawCapture pac) { temp = Packet.ParsePacket(pac.LinkLayerType, pac.Data); rawp = pac; DateTime time = pac.Timeval.Date; this.time = time.Date.ToString().Split()[0] + " " + time.Hour.ToString() + ":" + time.Minute.ToString() + ":" + time.Second.ToString() + ":" + time.Millisecond.ToString(); this.destination = ""; this.color = ""; this.srcPort = ""; this.desPort = ""; this.source = ""; this.protocol = ""; this.information = ""; this.data = ""; this.layer = pac.LinkLayerType; this.paclen = temp.Bytes.Length; PacketInforArray.Add("Total Length : " + this.paclen.ToString() + "Bytes"); KeyWords.Add(this.paclen.ToString()); if (this.layer == PacketDotNet.LinkLayers.Ethernet) { // //以太网层 // epac = (PacketDotNet.EthernetPacket)temp; EthernetInforArray.Add("Ethernet II \n"); // EthernetInforArray.Add("Destination Hardware Address: " + epac.DestinationHwAddress.ToString() + "\n"); EthernetInforArray.Add("Destination Hardware Address: " + genHardwareAddr(epac.DestinationHwAddress.ToString()) + "\n"); // EthernetInforArray.Add("Source Hardware Address: " + epac.SourceHwAddress.ToString() + "\n"); EthernetInforArray.Add("Source Hardware Address: " + genHardwareAddr(epac.SourceHwAddress.ToString()) + "\n"); EthernetInforArray.Add("Type of the ethernet: " + epac.Type.ToString() + "\n"); KeyWords.Add("Ethernet".ToUpper()); KeyWords.Add(genHardwareAddr(epac.DestinationHwAddress.ToString().ToUpper())); KeyWords.Add(genHardwareAddr(epac.SourceHwAddress.ToString().ToUpper())); KeyWords.Add(epac.Type.ToString().ToUpper()); Network_type = epac.Type.ToString().ToUpper(); // //ip层 // if (epac.Type.ToString() == "IpV4" || epac.Type.ToString() == "IpV6") { //ipv4 if (epac.Type.ToString() == "IpV4") { //record keywords ip4 = (IPv4Packet)epac.Extract(typeof(IPv4Packet)); this.protocol = ip4.Protocol.ToString(); this.destination = ip4.DestinationAddress.ToString(); this.source = ip4.SourceAddress.ToString(); this.information = ip4.TotalLength.ToString() + "Bytes | id :" + ip4.Id.ToString() + " |"; //Internet protocl messages IpInforArray.Add("HeaderLength : " + (ip4.HeaderLength * 4).ToString() + "Bytes \n"); IpInforArray.Add("Version: " + ip4.Version.ToString() + "\n"); IpInforArray.Add("Type of Service: " + ip4.TypeOfService.ToString() + "\n"); IpInforArray.Add("Total Length: " + ip4.Bytes.Length.ToString() + "Bytes \n"); IpInforArray.Add("Identification: 0x" + Convert.ToString((Int32)ip4.Id, 16).ToUpper().PadLeft(4, '0') + "(" + ip4.Id.ToString() + ")\n"); IpInforArray.Add("Flags: 0x" + Convert.ToString(ip4.Bytes[6] / 32, 16).ToUpper().PadLeft(2, '0') + "\n"); // IpInforArray.Add("Fragment Offset: " + (Convert.ToInt32((ip4.Bytes[6] % 32) << 8) + Convert.ToInt32(ip4.Bytes[7])).ToString() + "\n"); IpInforArray.Add("TTL: " + ip4.TimeToLive.ToString() + "\n"); IpInforArray.Add("Protocol: " + ip4.Protocol.ToString() + " \n"); IpInforArray.Add("CheckSum: " + ip4.Checksum.ToString() + "\n"); IpInforArray.Add("Source IP Address: " + ip4.SourceAddress.ToString() + "\n"); IpInforArray.Add("Destination IP Address: " + ip4.DestinationAddress.ToString() + "\n"); IpInforArray.Add("Option: if any.\n"); KeyWords.Add(ip4.Protocol.ToString().ToUpper()); KeyWords.Add(ip4.Id.ToString().ToUpper()); KeyWords.Add(ip4.SourceAddress.ToString().ToUpper()); KeyWords.Add(ip4.DestinationAddress.ToString().ToUpper()); TRANS_type = ip4.Protocol.ToString().ToUpper(); if (ip4.Protocol.ToString() == "ICMP") { icmpProtocol(); } else if (ip4.Protocol.ToString() == "UDP") { udpProtocol(); } else if (ip4.Protocol.ToString() == "TCP") { tcpProtocol(); } else if (ip4.Protocol.ToString() == "IGMP") { igmpProtocol(); } else { ; } } else if (epac.Type.ToString() == "IpV6") { ip6 = (IPv6Packet)epac.Extract(typeof(IPv6Packet)); this.protocol = ip6.Protocol.ToString(); this.destination = ip6.DestinationAddress.ToString(); this.source = ip6.SourceAddress.ToString(); this.information = ip6.TotalLength.ToString() + "Bytes "; IpInforArray.Add("Version: " + ip6.Version.ToString() + "\n"); IpInforArray.Add("Traffic Class : 0x" + Convert.ToString(ip6.Bytes[0] % 16, 16).PadLeft(1, '0') + Convert.ToString((Int32)(ip6.Bytes[1] / 16), 16).PadLeft(1, '0') + "\n"); IpInforArray.Add("Flow Label: 0x" + Convert.ToString(ip6.Bytes[1] % 16, 16).PadLeft(1, '0') + Convert.ToString(ip6.Bytes[2], 16).PadLeft(2, '0') + Convert.ToString(ip6.Bytes[3], 16).PadLeft(2, '0') + "\n"); IpInforArray.Add("Payload Length: " + ip6.PayloadLength.ToString() + "\n"); IpInforArray.Add("Next Header: " + ip6.NextHeader.ToString() + "\n"); IpInforArray.Add("Hop Limit: " + ip6.HopLimit.ToString() + "\n"); IpInforArray.Add("Source Address: " + ip6.SourceAddress.ToString() + "\n"); IpInforArray.Add("Destination Address: " + ip6.DestinationAddress.ToString() + "\n"); KeyWords.Add(ip6.Protocol.ToString().ToUpper()); KeyWords.Add(ip6.SourceAddress.ToString().ToUpper()); KeyWords.Add(ip6.DestinationAddress.ToString().ToUpper()); TRANS_type = ip6.Protocol.ToString().ToUpper(); // if(ip6.PayloadData != null && ip6.PayloadData[0] == 58) // MessageBox.Show("ICMPv6"); if (ip6.Protocol.ToString() == "ICMPV6") { icmpProtocol(); } else if (ip6.Protocol.ToString() == "UDP") { udpProtocol(); } else if (ip6.Protocol.ToString() == "TCP") { tcpProtocol(); } else if (ip6.Protocol.ToString() == "IGMP") { igmpProtocol(); } else if (ip6.PayloadData != null && ip6.PayloadData[0] == 58) { icmpProtocol();; } KeyWords.Add(this.color.ToString().ToUpper()); KeyWords.Add(this.protocol.ToString().ToUpper()); } } else if (epac.Type.ToString() == "Arp") //分析arp报文 { var arppacket = (ARPPacket)epac.Extract(typeof(ARPPacket)); ArpInforArray.Add("HardwareAddressType: " + arppacket.HardwareAddressType.ToString() + "\n"); ArpInforArray.Add("ProtocolAddressType: " + arppacket.ProtocolAddressType.ToString() + "\n"); ArpInforArray.Add("HardwareAddressLength: " + arppacket.HardwareAddressLength.ToString()); ArpInforArray.Add("ProtocolAddressLength: " + arppacket.ProtocolAddressLength.ToString()); ArpInforArray.Add("Operation: " + arppacket.Operation.ToString()); ArpInforArray.Add("SenderHardwareAddress: " + genHardwareAddr(arppacket.SenderHardwareAddress.ToString())); ArpInforArray.Add("SenderProtocolAddress: " + arppacket.SenderProtocolAddress.ToString()); ArpInforArray.Add("TargetHardwareAddress: " + genHardwareAddr(arppacket.TargetHardwareAddress.ToString())); ArpInforArray.Add("TargetProtocolAddress: " + arppacket.TargetProtocolAddress.ToString()); this.color = "Salmon"; this.protocol = "ARP"; this.source = arppacket.SenderProtocolAddress.ToString(); this.destination = arppacket.TargetProtocolAddress.ToString(); this.information = arppacket.SenderProtocolAddress.ToString() + " want to get in touch with " + arppacket.TargetProtocolAddress.ToString(); KeyWords.Add(genHardwareAddr(arppacket.SenderHardwareAddress.ToString().ToUpper())); KeyWords.Add(arppacket.SenderProtocolAddress.ToString().ToUpper()); KeyWords.Add(genHardwareAddr(arppacket.TargetHardwareAddress.ToString().ToUpper())); KeyWords.Add(arppacket.TargetProtocolAddress.ToString().ToUpper()); KeyWords.Add(this.color); } } }