public TCPPacket(byte[] packet, int index, PacketINTERNET.PACKET_INTERNET pInternet, PacketTCP.PACKET_TCP pTcp, DateTime Time) { Packet = packet; Index = index; PTcp = pTcp; PInternet = pInternet; TimeStamp = Time; }
public TCPPacket(byte[] packet,int index, PacketINTERNET.PACKET_INTERNET pInternet, PacketTCP.PACKET_TCP pTcp, DateTime Time) { Packet = packet; Index = index; PTcp = pTcp; PInternet = pInternet; TimeStamp = Time; }
public void AnalysePacket(PacketInfo data) { byte [] PacketData = data.Data; int StartIndex = data.StartIndex; int Index = StartIndex; // Start by eliminating non IP and non TCP packets if( ( Index + LENGTH_OF_INTERNET + LENGTH_OF_TCP ) > PacketData.Length ) { return ; } PacketINTERNET.PACKET_INTERNET PInternet = new PacketINTERNET.PACKET_INTERNET(); PInternet.Version = PacketData[ Index++ ]; PInternet.HeaderLength = (byte) ( ( (int) PInternet.Version & 0x0f ) * 4 ); PInternet.Version = (byte) ( (int) PInternet.Version >> 4 ); PInternet.DifferentiatedServicesField = PacketData[ Index++ ]; PInternet.Length = Function.Get2Bytes( PacketData , ref Index , Const.NORMAL ); PInternet.Identification = Function.Get2Bytes( PacketData , ref Index , Const.NORMAL ); PInternet.FragmentOffset = Function.Get2Bytes( PacketData , ref Index , Const.NORMAL ); PInternet.Flags = (byte)( (int) PInternet.FragmentOffset >> 12 ); PInternet.FragmentOffset = (ushort) ( (int) PInternet.FragmentOffset & 0x0f ); PInternet.TimeToLive = PacketData[ Index++ ]; PInternet.Protocol = PacketData[ Index++ ]; PInternet.HeaderChecksum = Function.Get2Bytes( PacketData , ref Index , Const.NORMAL ); PInternet.Source = Function.GetIpAddress( PacketData , ref Index ); PInternet.Destination = Function.GetIpAddress( PacketData , ref Index ); if(PInternet.Protocol != IPPROTO_TCP ) return; // Check IPs //if(!analysisFromCapFile) //{ if(((PInternet.Source == IP1) && (PInternet.Destination == IP1)) || (PInternet.Source == PInternet.Destination)) { return; } //} PacketTCP.PACKET_TCP PTcp = new PacketTCP.PACKET_TCP(); PTcp.SourcePort = Function.Get2Bytes( PacketData , ref Index , Const.NORMAL ); PTcp.DestinationPort = Function.Get2Bytes( PacketData , ref Index , Const.NORMAL ); PTcp.SequenceNumber = Function.Get4Bytes( PacketData , ref Index , Const.NORMAL ); PTcp.Acknowledgement = Function.Get4Bytes( PacketData , ref Index , Const.NORMAL ); PTcp.HeaderLength = PacketData[ Index++ ]; PTcp.HeaderLength = (byte) ( ( (int) PTcp.HeaderLength >> 4 ) * 4 ); PTcp.Flags = PacketData[ Index++ ]; PTcp.WindowSize = Function.Get2Bytes( PacketData , ref Index , Const.NORMAL ); PTcp.Checksum = Function.Get2Bytes( PacketData , ref Index , Const.NORMAL ); PTcp.Options = Function.Get2Bytes( PacketData , ref Index , Const.NORMAL ); //if(!analysisFromCapFile) //{ if(((PTcp.SourcePort == Port1) && (PTcp.DestinationPort == Port1)) || ((PTcp.SourcePort == Port2) && (PTcp.DestinationPort == Port2))) { return; } //} String signature = Signature(PInternet.Source, PTcp.SourcePort, PInternet.Destination, PTcp.DestinationPort); //Keep track of the connections which have been established.(The list will be used later to populate the Associations Combo Box.) if (!listOfConnections.Contains(signature)) { listOfConnections.Add(signature); } TCPPacket packet = new TCPPacket(PacketData, StartIndex , PInternet, PTcp, data.TimeStamp); LastParsedPacketTime = packet.TimeStamp; int match = -1; TCPState state; for(int i=0;i<2;i++) { if(List[i].Contains(signature)) { match=i; } } // add as new item if necessary if(match==(-1)) { //Need to check here that we have SYNs String signature1 = Signature(PInternet.Destination, PTcp.DestinationPort,PInternet.Source, PTcp.SourcePort); state = new TCPState(packet,signature, signature1); List[0].Add(signature,state); List[1].Add(signature1,state); match=0; } else { state = (TCPState) List[match][signature]; } lock(state) { if(state.State[match] != TCPState.States.REPORTED) { state.AddPacket(match,packet); TCPState.PacketAction LastAction; while((LastAction = state.Defragment(match)) == TCPState.PacketAction.DATA) { if(FragmentAdded != null) { FragmentAdded(state, match); } nrOfCapturedPackets++; } if(LastAction == TCPState.PacketAction.FIN) { if(EndOfStream != null) EndOfStream(state, match, "FIN Seen (" + signature + ")"); } if(LastAction == TCPState.PacketAction.RST) { if(EndOfStream != null) EndOfStream(state, match, "RST Seen (" + signature + ")"); } if(LastAction == TCPState.PacketAction.DEAD) { //Error("DEAD seen" + signature); if(EndOfStream != null) EndOfStream(state, match, "DEAD data seen (" + signature + ")"); } } } }
public void AnalysePacket(PacketInfo data) { byte [] PacketData = data.Data; int StartIndex = data.StartIndex; int Index = StartIndex; // Start by eliminating non IP and non TCP packets if ((Index + LENGTH_OF_INTERNET + LENGTH_OF_TCP) > PacketData.Length) { return; } PacketINTERNET.PACKET_INTERNET PInternet = new PacketINTERNET.PACKET_INTERNET(); PInternet.Version = PacketData[Index++]; PInternet.HeaderLength = (byte)(((int)PInternet.Version & 0x0f) * 4); PInternet.Version = (byte)((int)PInternet.Version >> 4); PInternet.DifferentiatedServicesField = PacketData[Index++]; PInternet.Length = Function.Get2Bytes(PacketData, ref Index, Const.NORMAL); PInternet.Identification = Function.Get2Bytes(PacketData, ref Index, Const.NORMAL); PInternet.FragmentOffset = Function.Get2Bytes(PacketData, ref Index, Const.NORMAL); PInternet.Flags = (byte)((int)PInternet.FragmentOffset >> 12); PInternet.FragmentOffset = (ushort)((int)PInternet.FragmentOffset & 0x0f); PInternet.TimeToLive = PacketData[Index++]; PInternet.Protocol = PacketData[Index++]; PInternet.HeaderChecksum = Function.Get2Bytes(PacketData, ref Index, Const.NORMAL); PInternet.Source = Function.GetIpAddress(PacketData, ref Index); PInternet.Destination = Function.GetIpAddress(PacketData, ref Index); if (PInternet.Protocol != IPPROTO_TCP) { return; } // Check IPs //if(!analysisFromCapFile) //{ if (((PInternet.Source == IP1) && (PInternet.Destination == IP1)) || (PInternet.Source == PInternet.Destination)) { return; } //} PacketTCP.PACKET_TCP PTcp = new PacketTCP.PACKET_TCP(); PTcp.SourcePort = Function.Get2Bytes(PacketData, ref Index, Const.NORMAL); PTcp.DestinationPort = Function.Get2Bytes(PacketData, ref Index, Const.NORMAL); PTcp.SequenceNumber = Function.Get4Bytes(PacketData, ref Index, Const.NORMAL); PTcp.Acknowledgement = Function.Get4Bytes(PacketData, ref Index, Const.NORMAL); PTcp.HeaderLength = PacketData[Index++]; PTcp.HeaderLength = (byte)(((int)PTcp.HeaderLength >> 4) * 4); PTcp.Flags = PacketData[Index++]; PTcp.WindowSize = Function.Get2Bytes(PacketData, ref Index, Const.NORMAL); PTcp.Checksum = Function.Get2Bytes(PacketData, ref Index, Const.NORMAL); PTcp.Options = Function.Get2Bytes(PacketData, ref Index, Const.NORMAL); //if(!analysisFromCapFile) //{ if (((PTcp.SourcePort == Port1) && (PTcp.DestinationPort == Port1)) || ((PTcp.SourcePort == Port2) && (PTcp.DestinationPort == Port2))) { return; } //} String signature = Signature(PInternet.Source, PTcp.SourcePort, PInternet.Destination, PTcp.DestinationPort); //Keep track of the connections which have been established.(The list will be used later to populate the Associations Combo Box.) if (!listOfConnections.Contains(signature)) { listOfConnections.Add(signature); } TCPPacket packet = new TCPPacket(PacketData, StartIndex, PInternet, PTcp, data.TimeStamp); LastParsedPacketTime = packet.TimeStamp; int match = -1; TCPState state; for (int i = 0; i < 2; i++) { if (List[i].Contains(signature)) { match = i; } } // add as new item if necessary if (match == (-1)) { //Need to check here that we have SYNs String signature1 = Signature(PInternet.Destination, PTcp.DestinationPort, PInternet.Source, PTcp.SourcePort); state = new TCPState(packet, signature, signature1); List[0].Add(signature, state); List[1].Add(signature1, state); match = 0; } else { state = (TCPState)List[match][signature]; } lock (state) { if (state.State[match] != TCPState.States.REPORTED) { state.AddPacket(match, packet); TCPState.PacketAction LastAction; while ((LastAction = state.Defragment(match)) == TCPState.PacketAction.DATA) { if (FragmentAdded != null) { FragmentAdded(state, match); } nrOfCapturedPackets++; } if (LastAction == TCPState.PacketAction.FIN) { if (EndOfStream != null) { EndOfStream(state, match, "FIN Seen (" + signature + ")"); } } if (LastAction == TCPState.PacketAction.RST) { if (EndOfStream != null) { EndOfStream(state, match, "RST Seen (" + signature + ")"); } } if (LastAction == TCPState.PacketAction.DEAD) { //Error("DEAD seen" + signature); if (EndOfStream != null) { EndOfStream(state, match, "DEAD data seen (" + signature + ")"); } } } } }