/// <summary>
/// Create a new TCP packet from values
/// </summary>
public TCPPacket(IPPacket ipPacket,
int sourcePort,
int destinationPort,
byte[] tcpPayload)
: base(EthernetFields_Fields.ETH_HEADER_LEN, ipPacket.Bytes, ipPacket.IPVersion)
{
int tcpHeaderLength = TCPFields_Fields.TCP_HEADER_LEN;
int tcpPayloadLength = (tcpPayload != null) ? tcpPayload.Length : 0;
int totalBytesRequired = 0;
totalBytesRequired += ipPacket.EthernetHeaderLength;
totalBytesRequired += ipPacket.IPHeaderLength;
totalBytesRequired += tcpHeaderLength;
totalBytesRequired += tcpPayloadLength;
byte[] newBytes = new byte[totalBytesRequired];
// copy the contents of the ip packet in, excluding the ip payload
// since this TCPPacket IS the new payload
Array.Copy(ipPacket.Bytes, newBytes,
ipPacket.EthernetHeaderLength + ipPacket.IPHeaderLength);
// update the buffer that this packet is overlayed upon
this.Bytes = newBytes;
// set the port values
this.SourcePort = sourcePort;
this.DestinationPort = destinationPort;
// set the TCPHeaderLength
this.TCPHeaderLength = tcpHeaderLength;
// set the ippacket protocol to tcp
this.IPProtocol = SharpPcap.Packets.IPProtocol.IPProtocolType.TCP;
// copy the data payload in, if we were given one
if (tcpPayload != null)
{
TCPData = tcpPayload;
}
}
/// <summary>
/// Create a new TCP packet from values
/// </summary>
public TCPPacket(IPPacket ipPacket,
int sourcePort,
int destinationPort,
byte[] tcpPayload)
: base(EthernetFields_Fields.ETH_HEADER_LEN, ipPacket.Bytes, ipPacket.IPVersion)
{
int tcpHeaderLength = TCPFields_Fields.TCP_HEADER_LEN;
int tcpPayloadLength = (tcpPayload != null) ? tcpPayload.Length : 0;
int totalBytesRequired = 0;
totalBytesRequired += ipPacket.EthernetHeaderLength;
totalBytesRequired += ipPacket.IPHeaderLength;
totalBytesRequired += tcpHeaderLength;
totalBytesRequired += tcpPayloadLength;
byte[] newBytes = new byte[totalBytesRequired];
// copy the contents of the ip packet in, excluding the ip payload
// since this TCPPacket IS the new payload
Array.Copy(ipPacket.Bytes, newBytes,
ipPacket.EthernetHeaderLength + ipPacket.IPHeaderLength);
// update the buffer that this packet is overlayed upon
this.Bytes = newBytes;
// set the port values
this.SourcePort = sourcePort;
this.DestinationPort = destinationPort;
// set the TCPHeaderLength
this.TCPHeaderLength = tcpHeaderLength;
// set the ippacket protocol to tcp
this.IPProtocol = SharpPcap.Packets.IPProtocol.IPProtocolType.TCP;
// copy the data payload in, if we were given one
if (tcpPayload != null)
{
TCPData = tcpPayload;
}
}
/// <summary> Convert captured packet data into an object.</summary>
public static Packet dataToPacket(LinkLayers linkType, byte[] bytes, Timeval tv)
{
EthernetPacketType ethProtocol;
// retrieve the length of the headers associated with this link layer type.
// this length is the offset to the header embedded in the packet.
int byteOffsetToEthernetPayload = LinkLayer.LinkLayerLength(linkType);
// extract the protocol code for the type of header embedded in the
// link-layer of the packet
int offset = LinkLayer.ProtocolOffset(linkType);
if (offset == -1)
{
// if there is no embedded protocol, assume IpV4
ethProtocol = EthernetPacketType.IPv4;
}
else
{
ethProtocol = (EthernetPacketType)ArrayHelper.extractInteger(bytes, offset, EthernetFields_Fields.ETH_CODE_LEN);
}
string errorString;
Packet parsedPacket = null;
try
{
// try to recognize the ethernet type..
switch (ethProtocol)
{
// arp
case EthernetPacketType.ARP:
parsedPacket = new ARPPacket(byteOffsetToEthernetPayload, bytes, tv);
break;
case EthernetPacketType.IPv6:
case EthernetPacketType.IPv4:
try
{
// ethernet level code is recognized as IP, figure out what kind..
int ipProtocol = IPProtocol.extractProtocol(byteOffsetToEthernetPayload, bytes);
switch (ipProtocol)
{
case (int)IPProtocol.IPProtocolType.ICMP:
parsedPacket = new ICMPPacket(byteOffsetToEthernetPayload, bytes, tv);
break;
case (int)IPProtocol.IPProtocolType.IGMP:
parsedPacket = new IGMPPacket(byteOffsetToEthernetPayload, bytes, tv);
break;
case (int)IPProtocol.IPProtocolType.TCP:
parsedPacket = new TCPPacket(byteOffsetToEthernetPayload, bytes, tv);
break;
case (int)IPProtocol.IPProtocolType.UDP:
parsedPacket = new UDPPacket(byteOffsetToEthernetPayload, bytes, tv);
break;
// unidentified ip..
default:
parsedPacket = new IPPacket(byteOffsetToEthernetPayload, bytes, tv);
break;
}
// check that the parsed packet is valid
if (!parsedPacket.IsValid(out errorString))
{
throw new PcapException(errorString);
}
else
{
return parsedPacket;
}
}
catch
{
// error parsing the specific ip packet type, parse as a generic IPPacket
parsedPacket = new IPPacket(byteOffsetToEthernetPayload, bytes, tv);
// check that the parsed packet is valid
if (!parsedPacket.IsValid(out errorString))
{
throw new PcapException(errorString);
}
else
{
return parsedPacket;
}
}
// ethernet level code not recognized, default to anonymous packet..
default:
parsedPacket = new EthernetPacket(byteOffsetToEthernetPayload, bytes, tv);
break;
}
return parsedPacket;
}
catch
{
// we know we have at least an ethernet packet, so return that
return new EthernetPacket(byteOffsetToEthernetPayload, bytes, tv);
}
}
/// <summary> Convert captured packet data into an object.</summary>
public static Packet dataToPacket(LinkLayers linkType, byte[] bytes, Timeval tv)
{
EthernetPacketType ethProtocol;
// retrieve the length of the headers associated with this link layer type.
// this length is the offset to the header embedded in the packet.
int byteOffsetToEthernetPayload = LinkLayer.LinkLayerLength(linkType);
// extract the protocol code for the type of header embedded in the
// link-layer of the packet
int offset = LinkLayer.ProtocolOffset(linkType);
if (offset == -1)
{
// if there is no embedded protocol, assume IpV4
ethProtocol = EthernetPacketType.IPv4;
}
else
{
ethProtocol = (EthernetPacketType)ArrayHelper.extractInteger(bytes, offset, EthernetFields_Fields.ETH_CODE_LEN);
}
string errorString;
Packet parsedPacket = null;
try
{
// try to recognize the ethernet type..
switch (ethProtocol)
{
// arp
case EthernetPacketType.ARP:
parsedPacket = new ARPPacket(byteOffsetToEthernetPayload, bytes, tv);
break;
case EthernetPacketType.IPv6:
case EthernetPacketType.IPv4:
try
{
// ethernet level code is recognized as IP, figure out what kind..
int ipProtocol = IPProtocol.extractProtocol(byteOffsetToEthernetPayload, bytes);
switch (ipProtocol)
{
case (int)IPProtocol.IPProtocolType.ICMP:
parsedPacket = new ICMPPacket(byteOffsetToEthernetPayload, bytes, tv);
break;
case (int)IPProtocol.IPProtocolType.IGMP:
parsedPacket = new IGMPPacket(byteOffsetToEthernetPayload, bytes, tv);
break;
case (int)IPProtocol.IPProtocolType.TCP:
parsedPacket = new TCPPacket(byteOffsetToEthernetPayload, bytes, tv);
break;
case (int)IPProtocol.IPProtocolType.UDP:
parsedPacket = new UDPPacket(byteOffsetToEthernetPayload, bytes, tv);
break;
// unidentified ip..
default:
parsedPacket = new IPPacket(byteOffsetToEthernetPayload, bytes, tv);
break;
}
// check that the parsed packet is valid
if (!parsedPacket.IsValid(out errorString))
{
throw new PcapException(errorString);
}
else
{
return(parsedPacket);
}
}
catch
{
// error parsing the specific ip packet type, parse as a generic IPPacket
parsedPacket = new IPPacket(byteOffsetToEthernetPayload, bytes, tv);
// check that the parsed packet is valid
if (!parsedPacket.IsValid(out errorString))
{
throw new PcapException(errorString);
}
else
{
return(parsedPacket);
}
}
// ethernet level code not recognized, default to anonymous packet..
default:
parsedPacket = new EthernetPacket(byteOffsetToEthernetPayload, bytes, tv);
break;
}
return(parsedPacket);
}
catch
{
// we know we have at least an ethernet packet, so return that
return(new EthernetPacket(byteOffsetToEthernetPayload, bytes, tv));
}
}