private string findProtocol(PacketDotNet.EthernetPacket packet)
{
if (packet != null)
{
//Console.WriteLine("-------------------------------");
//System.Diagnostics.Trace.WriteLine("{0}", packet.Type.ToString());
//Console.WriteLine("-------------------------------");
if (packet.Type.ToString().Equals("IpV4"))
{
//System.Diagnostics.Trace.WriteLine("{0}", packet.Type.ToString());
// Console.WriteLine("Som v IPv4");
var IpPacket = (PacketDotNet.IpPacket)packet.Extract(typeof(PacketDotNet.IpPacket));
//System.Diagnostics.Trace.WriteLine("{0}", IpPacket.Protocol.ToString());
if (IpPacket.Protocol.ToString().Equals("TCP"))
{
// System.Diagnostics.Trace.WriteLine("{0}", packet.Type.ToString());
// Console.WriteLine("Som v TCP");
var TcpPacket = (PacketDotNet.TcpPacket)IpPacket.Extract(typeof(PacketDotNet.TcpPacket));
if (TcpPacket.SourcePort == 80)
{
return("HTTPS");
}
else if (TcpPacket.DestinationPort == 80)
{
return("HTTPD");
}
return("TCP");
}
else if (IpPacket.Protocol.ToString().Equals("UDP"))
{
// Console.WriteLine("Som v UDP");
return("UDP");
}
else if (IpPacket.Protocol.ToString().Equals("ICMP"))
{
var icmpPacket = (PacketDotNet.ICMPv4Packet)IpPacket.Extract(typeof(PacketDotNet.ICMPv4Packet));
if (icmpPacket.TypeCode.ToString().Equals("EchoReply"))
{
return("ICMPRep");
}
else if (icmpPacket.TypeCode.ToString().Equals("EchoRequest"))
{
return("ICMPReq");
}
}
}
else if (packet.Type.ToString().Equals("Arp"))
{
//System.Diagnostics.Trace.WriteLine("{0}", packet.Type.ToString());
// Console.WriteLine("Som v ARP");
return("ARP");
}
else
{
// System.Diagnostics.Trace.WriteLine("{0}", packet.Type.ToString());
return(null);
}
}
return(null);
}
public packet(RawCapture pac)
{
temp = Packet.ParsePacket(pac.LinkLayerType, pac.Data);
rawp = pac;
DateTime time = pac.Timeval.Date;
this.time = time.Date.ToString().Split()[0] + " " + time.Hour.ToString() + ":" + time.Minute.ToString() + ":" + time.Second.ToString() + ":" + time.Millisecond.ToString();
this.destination = "";
this.color = "";
this.srcPort = "";
this.desPort = "";
this.source = "";
this.protocol = "";
this.information = "";
this.data = "";
this.layer = pac.LinkLayerType;
this.paclen = temp.Bytes.Length;
PacketInforArray.Add("Total Length : " + this.paclen.ToString() + "Bytes");
KeyWords.Add(this.paclen.ToString());
if (this.layer == PacketDotNet.LinkLayers.Ethernet)
{
//
//以太网层
//
epac = (PacketDotNet.EthernetPacket)temp;
EthernetInforArray.Add("Ethernet II \n");
// EthernetInforArray.Add("Destination Hardware Address: " + epac.DestinationHwAddress.ToString() + "\n");
EthernetInforArray.Add("Destination Hardware Address: " + genHardwareAddr(epac.DestinationHwAddress.ToString()) + "\n");
// EthernetInforArray.Add("Source Hardware Address: " + epac.SourceHwAddress.ToString() + "\n");
EthernetInforArray.Add("Source Hardware Address: " + genHardwareAddr(epac.SourceHwAddress.ToString()) + "\n");
EthernetInforArray.Add("Type of the ethernet: " + epac.Type.ToString() + "\n");
KeyWords.Add("Ethernet".ToUpper());
KeyWords.Add(genHardwareAddr(epac.DestinationHwAddress.ToString().ToUpper()));
KeyWords.Add(genHardwareAddr(epac.SourceHwAddress.ToString().ToUpper()));
KeyWords.Add(epac.Type.ToString().ToUpper());
Network_type = epac.Type.ToString().ToUpper();
//
//ip层
//
if (epac.Type.ToString() == "IpV4" || epac.Type.ToString() == "IpV6")
{
//ipv4
if (epac.Type.ToString() == "IpV4")
{
//record keywords
ip4 = (IPv4Packet)epac.Extract(typeof(IPv4Packet));
this.protocol = ip4.Protocol.ToString();
this.destination = ip4.DestinationAddress.ToString();
this.source = ip4.SourceAddress.ToString();
this.information = ip4.TotalLength.ToString() + "Bytes | id :" + ip4.Id.ToString() + " |";
//Internet protocl messages
IpInforArray.Add("HeaderLength : " + (ip4.HeaderLength * 4).ToString() + "Bytes \n");
IpInforArray.Add("Version: " + ip4.Version.ToString() + "\n");
IpInforArray.Add("Type of Service: " + ip4.TypeOfService.ToString() + "\n");
IpInforArray.Add("Total Length: " + ip4.Bytes.Length.ToString() + "Bytes \n");
IpInforArray.Add("Identification: 0x" + Convert.ToString((Int32)ip4.Id, 16).ToUpper().PadLeft(4, '0') + "(" + ip4.Id.ToString() + ")\n");
IpInforArray.Add("Flags: 0x" + Convert.ToString(ip4.Bytes[6] / 32, 16).ToUpper().PadLeft(2, '0') + "\n"); //
IpInforArray.Add("Fragment Offset: " + (Convert.ToInt32((ip4.Bytes[6] % 32) << 8) + Convert.ToInt32(ip4.Bytes[7])).ToString() + "\n");
IpInforArray.Add("TTL: " + ip4.TimeToLive.ToString() + "\n");
IpInforArray.Add("Protocol: " + ip4.Protocol.ToString() + " \n");
IpInforArray.Add("CheckSum: " + ip4.Checksum.ToString() + "\n");
IpInforArray.Add("Source IP Address: " + ip4.SourceAddress.ToString() + "\n");
IpInforArray.Add("Destination IP Address: " + ip4.DestinationAddress.ToString() + "\n");
IpInforArray.Add("Option: if any.\n");
KeyWords.Add(ip4.Protocol.ToString().ToUpper());
KeyWords.Add(ip4.Id.ToString().ToUpper());
KeyWords.Add(ip4.SourceAddress.ToString().ToUpper());
KeyWords.Add(ip4.DestinationAddress.ToString().ToUpper());
TRANS_type = ip4.Protocol.ToString().ToUpper();
if (ip4.Protocol.ToString() == "ICMP")
{
icmpProtocol();
}
else if (ip4.Protocol.ToString() == "UDP")
{
udpProtocol();
}
else if (ip4.Protocol.ToString() == "TCP")
{
tcpProtocol();
}
else if (ip4.Protocol.ToString() == "IGMP")
{
igmpProtocol();
}
else
{
;
}
}
else if (epac.Type.ToString() == "IpV6")
{
ip6 = (IPv6Packet)epac.Extract(typeof(IPv6Packet));
this.protocol = ip6.Protocol.ToString();
this.destination = ip6.DestinationAddress.ToString();
this.source = ip6.SourceAddress.ToString();
this.information = ip6.TotalLength.ToString() + "Bytes ";
IpInforArray.Add("Version: " + ip6.Version.ToString() + "\n");
IpInforArray.Add("Traffic Class : 0x" + Convert.ToString(ip6.Bytes[0] % 16, 16).PadLeft(1, '0') + Convert.ToString((Int32)(ip6.Bytes[1] / 16), 16).PadLeft(1, '0') + "\n");
IpInforArray.Add("Flow Label: 0x" + Convert.ToString(ip6.Bytes[1] % 16, 16).PadLeft(1, '0') + Convert.ToString(ip6.Bytes[2], 16).PadLeft(2, '0') + Convert.ToString(ip6.Bytes[3], 16).PadLeft(2, '0') + "\n");
IpInforArray.Add("Payload Length: " + ip6.PayloadLength.ToString() + "\n");
IpInforArray.Add("Next Header: " + ip6.NextHeader.ToString() + "\n");
IpInforArray.Add("Hop Limit: " + ip6.HopLimit.ToString() + "\n");
IpInforArray.Add("Source Address: " + ip6.SourceAddress.ToString() + "\n");
IpInforArray.Add("Destination Address: " + ip6.DestinationAddress.ToString() + "\n");
KeyWords.Add(ip6.Protocol.ToString().ToUpper());
KeyWords.Add(ip6.SourceAddress.ToString().ToUpper());
KeyWords.Add(ip6.DestinationAddress.ToString().ToUpper());
TRANS_type = ip6.Protocol.ToString().ToUpper();
// if(ip6.PayloadData != null && ip6.PayloadData[0] == 58)
// MessageBox.Show("ICMPv6");
if (ip6.Protocol.ToString() == "ICMPV6")
{
icmpProtocol();
}
else if (ip6.Protocol.ToString() == "UDP")
{
udpProtocol();
}
else if (ip6.Protocol.ToString() == "TCP")
{
tcpProtocol();
}
else if (ip6.Protocol.ToString() == "IGMP")
{
igmpProtocol();
}
else if (ip6.PayloadData != null && ip6.PayloadData[0] == 58)
{
icmpProtocol();;
}
KeyWords.Add(this.color.ToString().ToUpper());
KeyWords.Add(this.protocol.ToString().ToUpper());
}
}
else if (epac.Type.ToString() == "Arp") //分析arp报文
{
var arppacket = (ARPPacket)epac.Extract(typeof(ARPPacket));
ArpInforArray.Add("HardwareAddressType: " + arppacket.HardwareAddressType.ToString() + "\n");
ArpInforArray.Add("ProtocolAddressType: " + arppacket.ProtocolAddressType.ToString() + "\n");
ArpInforArray.Add("HardwareAddressLength: " + arppacket.HardwareAddressLength.ToString());
ArpInforArray.Add("ProtocolAddressLength: " + arppacket.ProtocolAddressLength.ToString());
ArpInforArray.Add("Operation: " + arppacket.Operation.ToString());
ArpInforArray.Add("SenderHardwareAddress: " + genHardwareAddr(arppacket.SenderHardwareAddress.ToString()));
ArpInforArray.Add("SenderProtocolAddress: " + arppacket.SenderProtocolAddress.ToString());
ArpInforArray.Add("TargetHardwareAddress: " + genHardwareAddr(arppacket.TargetHardwareAddress.ToString()));
ArpInforArray.Add("TargetProtocolAddress: " + arppacket.TargetProtocolAddress.ToString());
this.color = "Salmon";
this.protocol = "ARP";
this.source = arppacket.SenderProtocolAddress.ToString();
this.destination = arppacket.TargetProtocolAddress.ToString();
this.information = arppacket.SenderProtocolAddress.ToString() + " want to get in touch with " + arppacket.TargetProtocolAddress.ToString();
KeyWords.Add(genHardwareAddr(arppacket.SenderHardwareAddress.ToString().ToUpper()));
KeyWords.Add(arppacket.SenderProtocolAddress.ToString().ToUpper());
KeyWords.Add(genHardwareAddr(arppacket.TargetHardwareAddress.ToString().ToUpper()));
KeyWords.Add(arppacket.TargetProtocolAddress.ToString().ToUpper());
KeyWords.Add(this.color);
}
}
}