예제 #1
0
        private AbstractPacket GetProtocolPacket(ApplicationLayerProtocol protocol, bool clientToServer)
        {
            AbstractPacket packet = null;

            if (protocol == ApplicationLayerProtocol.Dns)
            {
                if (DnsPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, true, out DnsPacket dnsPacket))
                {
                    return(dnsPacket);
                }
            }
            else if (protocol == ApplicationLayerProtocol.FtpControl)
            {
                if (FtpPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, clientToServer, out packet))
                {
                    return(packet);
                }
            }
            else if (protocol == ApplicationLayerProtocol.Http)
            {
                if (HttpPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, out packet))
                {
                    return(packet);
                }
            }
            else if (protocol == ApplicationLayerProtocol.Http2)
            {
                if (Http2Packet.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, out packet))
                {
                    return(packet);
                }
            }
            else if (protocol == ApplicationLayerProtocol.Irc)
            {
                if (IrcPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, out packet))
                {
                    return(packet);
                }
            }
            else if (protocol == ApplicationLayerProtocol.IEC_104)
            {
                if (IEC_60870_5_104Packet.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, out packet))
                {
                    return(packet);
                }
            }
            else if (protocol == ApplicationLayerProtocol.Imap)
            {
                return(new ImapPacket(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, clientToServer));
            }
            else if (protocol == ApplicationLayerProtocol.Kerberos)
            {
                return(new KerberosPacket(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, true));
            }
            else if (protocol == ApplicationLayerProtocol.Lpd)
            {
                if (LpdPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, clientToServer, out packet))
                {
                    return(packet);
                }
            }
            else if (protocol == ApplicationLayerProtocol.ModbusTCP)
            {
                if (ModbusTcpPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, this.sourcePort, this.destinationPort, out packet))
                {
                    return(packet);
                }
            }
            else if (protocol == ApplicationLayerProtocol.NetBiosNameService)
            {
                return(new NetBiosNameServicePacket(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex));
            }
            else if (protocol == ApplicationLayerProtocol.NetBiosSessionService)
            {
                if (NetBiosSessionService.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, this.sourcePort, this.destinationPort, out packet, this.IsVirtualPacketFromTrailingDataInTcpSegment))
                {
                    return(packet);
                }
            }
            else if (protocol == ApplicationLayerProtocol.OpenFlow)
            {
                if (OpenFlowPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, out packet))
                {
                    return(packet);
                }
            }
            else if (protocol == ApplicationLayerProtocol.Oscar)
            {
                if (OscarPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, out packet))
                {
                    return(packet);
                }
            }
            else if (protocol == ApplicationLayerProtocol.OscarFileTransfer)
            {
                if (OscarFileTransferPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, out packet))
                {
                    return(packet);
                }
            }
            else if (protocol == ApplicationLayerProtocol.Pop3)
            {
                return(new Pop3Packet(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, clientToServer));
            }
            else if (protocol == ApplicationLayerProtocol.Sip)
            {
                return(new SipPacket(this.ParentFrame, this.PacketStartIndex + this.DataOffsetByteCount, this.PacketEndIndex));
            }
            else if (protocol == ApplicationLayerProtocol.Smtp)
            {
                return(new SmtpPacket(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, clientToServer));
            }
            else if (protocol == ApplicationLayerProtocol.Socks)
            {
                if (SocksPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, clientToServer, out packet))
                {
                    return(packet);
                }
            }
            else if (protocol == ApplicationLayerProtocol.SpotifyServerProtocol)
            {
                if (SpotifyKeyExchangePacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, clientToServer, out packet))
                {
                    return(packet);
                }
            }
            else if (protocol == ApplicationLayerProtocol.Ssh)
            {
                if (SshPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, out packet))
                {
                    return(packet);
                }
            }
            else if (protocol == ApplicationLayerProtocol.Ssl)
            {
                if (SslPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, out packet))
                {
                    return(packet);
                }
            }
            else if (protocol == ApplicationLayerProtocol.TabularDataStream)
            {
                return(new TabularDataStreamPacket(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex));
            }
            else if (protocol == ApplicationLayerProtocol.Tpkt)
            {
                if (TpktPacket.TryParse(ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, this, out packet))
                {
                    return(packet);
                }
            }
            return(packet);
        }
        public static bool TryParse(Frame parentFrame, int packetStartIndex, int packetEndIndex, bool clientToServer, out AbstractPacket result)
        {
            result = null;
            if (!clientToServer && packetEndIndex - packetStartIndex == 1 && parentFrame.Data[packetStartIndex] == 1 && parentFrame.Data[packetStartIndex + 1] == 0)
            {
                result = new SocksPacket(parentFrame, packetStartIndex, packetEndIndex, clientToServer);//RFC1929 Initial negotiation response
                return(true);
            }
            if (parentFrame.Data.Length < packetStartIndex + 2)
            {
                return(false);
            }

            if (clientToServer && isLikelyInitialUsernamePasswordNegotiation(parentFrame, packetStartIndex, packetEndIndex))
            {
                try {
                    SocksPacket socksPacket = new SocksPacket(parentFrame, packetStartIndex, packetEndIndex, clientToServer);
                    if (socksPacket.PacketHeaderIsComplete)
                    {
                        result = socksPacket;
                        return(true);
                    }
                    else
                    {
                        return(false);
                    }
                }
                catch { return(false); }
            }

            if (parentFrame.Data[packetStartIndex] < 4 || parentFrame.Data[packetStartIndex] > 5)
            {
                return(false);
            }
            if (clientToServer)
            {
                byte nMethodsOrCmd = parentFrame.Data[packetStartIndex + 1];
                if (packetEndIndex - packetStartIndex == nMethodsOrCmd + 1)
                {
                    //version identifier/method selection message
                    try {
                        SocksPacket socksPacket = new SocksPacket(parentFrame, packetStartIndex, packetEndIndex, clientToServer);
                        if (socksPacket.PacketHeaderIsComplete)
                        {
                            result = socksPacket;
                            return(true);
                        }
                        else
                        {
                            return(false);
                        }
                    }
                    catch { return(false); }
                }
                else if (parentFrame.Data.Length > packetStartIndex + 6)
                {
                    if (isLikelySocksRequestOrReply(parentFrame, packetStartIndex, packetEndIndex))
                    {
                        try {
                            SocksPacket socksPacket = new SocksPacket(parentFrame, packetStartIndex, packetEndIndex, clientToServer);
                            if (socksPacket.PacketHeaderIsComplete)
                            {
                                result = socksPacket;
                                return(true);
                            }
                            else
                            {
                                return(false);
                            }
                        }
                        catch { return(false); }
                    }
                    else
                    {
                        return(false);
                    }
                }
                else
                {
                    return(false);
                }
            }
            else
            {
                //server to client
                if (packetEndIndex - packetStartIndex == 1)
                {
                    //METHOD selection message
                    try {
                        SocksPacket socksPacket = new SocksPacket(parentFrame, packetStartIndex, packetEndIndex, clientToServer);
                        if (socksPacket.PacketHeaderIsComplete)
                        {
                            result = socksPacket;
                            return(true);
                        }
                        else
                        {
                            return(false);
                        }
                    }
                    catch { return(false); }
                }
                else if (packetEndIndex - packetStartIndex > 6)
                {
                    if (isLikelySocksRequestOrReply(parentFrame, packetStartIndex, packetEndIndex))
                    {
                        try {
                            SocksPacket socksPacket = new SocksPacket(parentFrame, packetStartIndex, packetEndIndex, clientToServer);
                            if (socksPacket.PacketHeaderIsComplete)
                            {
                                result = socksPacket;
                                return(true);
                            }
                            else
                            {
                                return(false);
                            }
                        }
                        catch { return(false); }
                    }
                    else
                    {
                        return(false);
                    }
                }
                else
                {
                    return(false);
                }
            }
        }