public NetworkTcpSession(Packets.TcpPacket tcpSynPacket, NetworkHost clientHost, NetworkHost serverHost, ISessionProtocolFinderFactory protocolFinderFactory)
{
if (tcpSynPacket.FlagBits.Synchronize) //It's normal to start the session with a SYN flag
{
FiveTuple fiveTuple = new FiveTuple(clientHost, tcpSynPacket.SourcePort, serverHost, tcpSynPacket.DestinationPort, FiveTuple.TransportProtocol.TCP);
this.flow = new NetworkFlow(fiveTuple, tcpSynPacket.ParentFrame.Timestamp, tcpSynPacket.ParentFrame.Timestamp, 0, 0);
//this.synPacketTimestamp=tcpSynPacket.ParentFrame.Timestamp;
//this.clientHost=clientHost;
//this.serverHost=serverHost;
//this.clientTcpPort=tcpSynPacket.SourcePort;
//this.serverTcpPort=tcpSynPacket.DestinationPort;
this.synPacketReceived = false;
this.synAckPacketReceived = false;
this.finPacketReceived = false;
this.clientToServerFinPacketSequenceNumber = UInt32.MaxValue;
this.serverToClientFinPacketSequenceNumber = UInt32.MaxValue;
this.sessionEstablished = false;
this.sessionClosed = false;
this.startFrameNumber = tcpSynPacket.ParentFrame.FrameNumber;
this.clientToServerTcpDataStream = null;
this.serverToClientTcpDataStream = null;
this.protocolFinder = protocolFinderFactory.CreateProtocolFinder(this.flow, this.startFrameNumber);
}
else
{
throw new Exception("SYN flag not set on TCP packet");
}
}
public ISessionProtocolFinder CreateProtocolFinder(NetworkFlow flow, long startFrameNumber)
{
if (flow.FiveTuple.Transport == FiveTuple.TransportProtocol.TCP)
{
return(new TcpPortProtocolFinder(flow, startFrameNumber, this.PacketHandler));
}
else
{
throw new Exception("There is only a protocol finder for TCP");
}
}
public TcpDataStream(uint initialTcpSequenceNumber, bool streamIsClientToServer, NetworkTcpSession session)
{
this.initialTcpSequenceNumber = initialTcpSequenceNumber;
this.expectedTcpSequenceNumber = initialTcpSequenceNumber;
//this.sourcePort=sourcePort;
//this.destinationPort=destinationPort;
this.dataList = new SortedList <uint, byte[]>();
//this.dataListMaxSize=64;//i hope I shouldn't need more than 64 packets in the list. It depends on how late a misordered packet might get received. Smaller number gives better performance, larger number gives better tolerance to reordered packets
this.dataListMaxSize = 256;//allows data packets to be out-of-order up to 256 packets apart from each other in the same unidirectional stream
//this.totalByteCount=0;
this.virtualTcpData = null;
this.session = session;
this.networkFlow = session.Flow;
//this.protocolFinder = session.protocolFinder;
this.streamIsClientToServer = streamIsClientToServer;
}
/// <summary>
/// Creates a truncated TCP session where the initial 3 way handshake is missing
/// </summary>
/// <param name="sourceHost"></param>
/// <param name="destinationHost"></param>
/// <param name="tcpPacket"></param>
public NetworkTcpSession(NetworkHost sourceHost, NetworkHost destinationHost, Packets.TcpPacket tcpPacket, ISessionProtocolFinderFactory protocolFinderFactory)
{
//this part is used to create a cropped (truncated) session where the beginning is missing!
//this.synPacketTimestamp=tcpPacket.ParentFrame.Timestamp;
this.synPacketReceived = true;
this.synAckPacketReceived = true;
this.finPacketReceived = false;
this.sessionEstablished = false;//I will change this one soon,...
this.sessionClosed = false;
this.startFrameNumber = tcpPacket.ParentFrame.FrameNumber;
this.clientToServerTcpDataStream = null;
this.serverToClientTcpDataStream = null;
//now let's do a qualified guess of who is the server and who is client...
FiveTuple fiveTuple;
System.Collections.Generic.List <ApplicationLayerProtocol> sourcePortProtocols = new List <ApplicationLayerProtocol>(TcpPortProtocolFinder.GetProbableApplicationLayerProtocols(tcpPacket.SourcePort, tcpPacket.SourcePort));
System.Collections.Generic.List <ApplicationLayerProtocol> destinationPortProtocols = new List <ApplicationLayerProtocol>(TcpPortProtocolFinder.GetProbableApplicationLayerProtocols(tcpPacket.DestinationPort, tcpPacket.DestinationPort));
if (sourcePortProtocols.Count > destinationPortProtocols.Count) //packet is server -> client
//this.clientHost=destinationHost;
//this.serverHost=sourceHost;
//this.clientTcpPort=tcpPacket.DestinationPort;
//this.serverTcpPort=tcpPacket.SourcePort;
{
fiveTuple = new FiveTuple(destinationHost, tcpPacket.DestinationPort, sourceHost, tcpPacket.SourcePort, FiveTuple.TransportProtocol.TCP);
this.flow = new NetworkFlow(fiveTuple, tcpPacket.ParentFrame.Timestamp, tcpPacket.ParentFrame.Timestamp, 0, 0);
this.SetEstablished(tcpPacket.AcknowledgmentNumber, tcpPacket.SequenceNumber);
}
else if (destinationPortProtocols.Count > 0) //packet is client -> server
//this.clientHost=sourceHost;
//this.serverHost=destinationHost;
//this.clientTcpPort=tcpPacket.SourcePort;
//this.serverTcpPort=tcpPacket.DestinationPort;
{
fiveTuple = new FiveTuple(sourceHost, tcpPacket.SourcePort, destinationHost, tcpPacket.DestinationPort, FiveTuple.TransportProtocol.TCP);
this.flow = new NetworkFlow(fiveTuple, tcpPacket.ParentFrame.Timestamp, tcpPacket.ParentFrame.Timestamp, 0, 0);
this.SetEstablished(tcpPacket.SequenceNumber, tcpPacket.AcknowledgmentNumber);
}
else if (tcpPacket.SourcePort < tcpPacket.DestinationPort)//packet is server -> client
//this.clientHost=destinationHost;
//this.serverHost=sourceHost;
//this.clientTcpPort=tcpPacket.DestinationPort;
//this.serverTcpPort=tcpPacket.SourcePort;
{
fiveTuple = new FiveTuple(destinationHost, tcpPacket.DestinationPort, sourceHost, tcpPacket.SourcePort, FiveTuple.TransportProtocol.TCP);
this.flow = new NetworkFlow(fiveTuple, tcpPacket.ParentFrame.Timestamp, tcpPacket.ParentFrame.Timestamp, 0, 0);
this.SetEstablished(tcpPacket.AcknowledgmentNumber, tcpPacket.SequenceNumber);
}
else //packet is client -> server
//this.clientHost=sourceHost;
//this.serverHost=destinationHost;
//this.clientTcpPort=tcpPacket.SourcePort;
//this.serverTcpPort=tcpPacket.DestinationPort;
{
fiveTuple = new FiveTuple(sourceHost, tcpPacket.SourcePort, destinationHost, tcpPacket.DestinationPort, FiveTuple.TransportProtocol.TCP);
this.flow = new NetworkFlow(fiveTuple, tcpPacket.ParentFrame.Timestamp, tcpPacket.ParentFrame.Timestamp, 0, 0);
this.SetEstablished(tcpPacket.SequenceNumber, tcpPacket.AcknowledgmentNumber);
}
this.protocolFinder = protocolFinderFactory.CreateProtocolFinder(this.flow, this.startFrameNumber);
}
internal TcpPortProtocolFinder(NetworkFlow flow, long startFrameNumber, PacketHandler packetHandler, NetworkHost nextHopServer, ushort nextHopServerPort) : this(flow.FiveTuple.ClientHost, nextHopServer, flow.FiveTuple.ClientPort, nextHopServerPort, startFrameNumber, flow.StartTime, packetHandler)
{
this.flow = flow;
}