void _PcapDevice_PcapOnPacketArrival(object sender, Packet packet)
{
if (!(packet is TCPPacket)) return;
TCPPacket _TCPPacket = (TCPPacket)packet;
//_SortedList.Add(_TCPPacket.SequenceNumber, _TCPPacket);
byte[] _data = _TCPPacket.TCPData;
if ((_data.Length == 0 || _data.Length == 6) && !_TCPPacket.Fin) return;
Direction _Direction;
int port;
string ip;
int[] remoteport = new[] { 80 };
if (remoteport.Contains(_TCPPacket.DestinationPort))
{
_Direction = Direction.Sended;
port = _TCPPacket.SourcePort;
ip = _TCPPacket.DestinationAddress;
}
else if (remoteport.Contains(_TCPPacket.SourcePort))
{
_Direction = Direction.Received;
port = _TCPPacket.DestinationPort;
ip = _TCPPacket.SourceAddress;
}
else return;
Client _Client = (from c in _List where c.Port == port select c).FirstOrDefault();
if (_TCPPacket.Fin)
{
if (_Client != null)
{
_List.Remove(_Client);
}
return;
}
if (_Client == null)
{
_Client = new Client
{
ip = ip,
Port = port
};
i++;
_Client.i = i;
_List.Add(_Client);
}
if (_Direction == Direction.Sended)
{
Save(_TCPPacket, _Direction, _Client, _Client._SendStream);
}
else
{
Save(_TCPPacket, _Direction, _Client, _Client._ReceiveStream);
}
}
private static void device_PcapOnPacketArrival(object sender, Tamir.IPLib.Packets.Packet packet)
{
if (packet is EthernetPacket)
{
EthernetPacket eth = ((EthernetPacket)packet);
Console.WriteLine("Original packet: " + eth.ToColoredString(false));
//Manipulate ethernet parameters
eth.SourceHwAddress = "00:11:22:33:44:55";
eth.DestinationHwAddress = "00:99:88:77:66:55";
if (packet is IPPacket)
{
IPPacket ip = ((IPPacket)packet);
//manipulate IP parameters
ip.SourceAddress = "1.2.3.4";
ip.DestinationAddress = "44.33.22.11";
ip.TimeToLive = 11;
//Recalculate the IP checksum
ip.ComputeIPChecksum();
if (ip is TCPPacket)
{
TCPPacket tcp = ((TCPPacket)ip);
//manipulate TCP parameters
tcp.SourcePort = 9999;
tcp.DestinationPort = 8888;
tcp.Syn = !tcp.Syn;
tcp.Fin = !tcp.Fin;
tcp.Ack = !tcp.Ack;
tcp.WindowSize = 500;
tcp.AcknowledgementNumber = 800;
tcp.SequenceNumber = 800;
//Recalculate the TCP checksum
tcp.ComputeTCPChecksum();
}
if (ip is UDPPacket)
{
UDPPacket udp = ((UDPPacket)ip);
//manipulate UDP parameters
udp.SourcePort = 9999;
udp.DestinationPort = 8888;
//Recalculate the UDP checksum
udp.ComputeUDPChecksum();
}
}
Console.WriteLine("Manipulated packet: " + eth.ToColoredString(false));
}
}
/// <summary>
/// Prints the source and dest MAC addresses of each received Ethernet frame
/// </summary>
private static void device_PcapOnPacketArrival(object sender, Packet packet)
{
if( packet is EthernetPacket )
{
EthernetPacket etherFrame = (EthernetPacket)packet;
Console.WriteLine("At: {0}:{1}: MAC:{2} -> MAC:{3}",
etherFrame.PcapHeader.Date.ToString(),
etherFrame.PcapHeader.Date.Millisecond,
etherFrame.SourceHwAddress,
etherFrame.DestinationHwAddress);
}
}
void dev_PcapOnPacketArrival(object sender, Packet packet)
{
lock (packets)
{
packets.Add(packet);
newpackets.Add(packet);
}
if (dev.PcapDumpOpened)
{
dev.PcapDump(packet);
}
this.Invoke(updater);
}
private void device_PcapOnPacketArrival(object sender, Packet packet)
{
if (!(packet is TCPPacket)) return;
TCPPacket tcpPacket = (TCPPacket)packet;
// Creates a key for the dictionary
TCPConnection c = new TCPConnection(tcpPacket);
// Todo: gescheiter Filter
if (!(c.DestinationPort == port || c.SourcePort == port))
return;
// create a new entry if the key does not exists
if (!sharpPcapDict.ContainsKey(c) && !this.gotLock)
{
TcpRecon.TcpRecon tcpRecon = new TcpRecon.TcpRecon(this.serverStr, this.clientStr);
sharpPcapDict.Add(c, tcpRecon);
this.gotLock = true;
}
// Use the TcpRecon class to reconstruct the session
if (this.sharpPcapDict.ContainsKey(c))
{
sharpPcapDict[c].ReassemblePacket(tcpPacket);
}
L2Packet l2packet = null;
while (this.clientStr.MorePackets())
{
l2packet = this.gameSniffer.handlePacket(this.clientStr.ReadPacket(), false);
if (l2packet != null)
{
this.packetContainer.AddPacket(l2packet);
l2packet.PacketNo = this.count++;
}
}
while (this.serverStr.MorePackets())
{
l2packet = this.gameSniffer.handlePacket(this.serverStr.ReadPacket(), true);
if (l2packet != null)
{
this.packetContainer.AddPacket(l2packet);
l2packet.PacketNo = this.count++;
}
}
}
// The callback function for the SharpPcap library
private static void device_PcapOnPacketArrival(object sender, Packet packet)
{
if (!(packet is TCPPacket)) return;
TCPPacket tcpPacket = (TCPPacket)packet;
// Creates a key for the dictionary
Connection c = new Connection(tcpPacket);
// create a new entry if the key does not exists
if (!sharpPcapDict.ContainsKey(c))
{
string fileName = c.getFileName(path);
TcpRecon tcpRecon = new TcpRecon(fileName);
sharpPcapDict.Add(c, tcpRecon);
}
// Use the TcpRecon class to reconstruct the session
sharpPcapDict[c].ReassemblePacket(tcpPacket);
}
/// <summary>
/// Prints the time and length of each received packet
/// </summary>
private static void device_PcapOnPacketArrival(object sender, Packet packet)
{
DateTime time = packet.PcapHeader.Date;
int len = packet.PcapHeader.PacketLength;
Console.WriteLine("{0}:{1}:{2},{3} Len={4}",
time.Hour, time.Minute, time.Second, time.Millisecond, len);
}
internal PcapStatistics(Packets.Packet p)
{
this.m_pktHdr = p.PcapHeader.m_pcap_pkthdr;
this.m_pktData = p.Bytes;
}
private void device_PcapOnPacketArrival(object sender, Packet packet)
{
try
{
Global.PacketCapturedEvent packetCapturedEvent
= new Global.PacketCapturedEvent(OnPacketCaptured);
this.BeginInvoke(packetCapturedEvent, new object[] { packet });
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
}
private void SendPacketArrivalEvent(Packet p)
{
//If mode is MODE_CAP:
if(PcapMode==PcapMode.Capture)
{
if(PcapOnPacketArrival != null )
{
//Invoke the packet arrival event
PcapOnPacketArrival(this, p);
}
}
//else mode is MODE_STAT
else if(PcapMode==PcapMode.Statistics)
{
if(PcapOnPcapStatistics != null)
{
//Invoke the pcap statistics event
PcapOnPcapStatistics(this, new PcapStatistics(p));
}
}
}
/// <summary>
/// Sends a raw packet throgh this device
/// </summary>
/// <param name="p">The packet to send</param>
public void PcapSendPacket(Packet p)
{
PcapSendPacket(p.Bytes);
}
private void device_PcapOnPacketArrival(object sender, Packet packet)
{
if (!(packet is TCPPacket)) return;
TCPPacket tcpPacket = (TCPPacket)packet;
// Creates a key for the dictionary
TCPConnection connection = new TCPConnection(tcpPacket);
// create a new entry if the key does not exists and its a new Connection
if (!sharpPcapDict.ContainsKey(connection)
&& tcpPacket.Syn && (tcpPacket.DestinationPort == this.dst_port))
{
TcpRecon tcpRecon = new TcpRecon(this.ServerStr, this.ClientStr);
sharpPcapDict.Add(connection, tcpRecon);
this.connection = tcpRecon;
// (((ip.src == 192.168.100.150) && (tcp.dstport == 7777) ) || ((ip.src == 78.46.33.43) && (tcp.dstport == 52784)))
string filter = string.Format("(((ip.src == {0}) && (tcp.dstport == {1})) || ((ip.src == {2}) && (tcp.dstport == {3})))"
, tcpPacket.SourceAddress, tcpPacket.DestinationPort, tcpPacket.DestinationAddress, tcpPacket.SourcePort);
this.tcpDumpFilter = filter;
// Geht oder geht nicht??? das is die große Frage ;)
this.device.PcapSetFilter(filter);
}
// Use the TcpRecon class to reconstruct the session
if (this.sharpPcapDict.ContainsKey(connection))
{
sharpPcapDict[connection].ReassemblePacket(tcpPacket);
}
}
private void device_PcapOnPacketArrival(object sender, Packet packet)
{
if (!(packet is TCPPacket)) return;
TCPPacket tcpPacket = (TCPPacket)packet;
// Creates a key for the dictionary
TCPConnection c = new TCPConnection(tcpPacket);
// create a new entry if the key does not exists
if (!sharpPcapDict.ContainsKey(c) && !this.gotLock)
{
TcpRecon.TcpRecon tcpRecon = new TcpRecon.TcpRecon(this.serverStr, this.clientStr);
sharpPcapDict.Add(c, tcpRecon);
this.gotLock = true;
this.connection = tcpRecon;
}
// Use the TcpRecon class to reconstruct the session
if (this.sharpPcapDict.ContainsKey(c))
{
// Events
if (tcpPacket.Syn && tcpPacket.Ack)
this.OnSynRecived(this);
else if (tcpPacket.Fin && tcpPacket.Ack)
this.OnFinRecived(this);
sharpPcapDict[c].ReassemblePacket(tcpPacket);
}
this.processPackets();
}
private void OnPacketCaptured(Packet packet)
{
ListViewItem listViewItem =
packetCaptureList.Items.Add(packetCaptureList.Items.Count.ToString());
listViewItem.SubItems.Add(packet.Timeval.Date.ToString());
listViewItem.SubItems.Add(((EthernetPacket)packet).SourceHwAddress.ToUpper());
listViewItem.SubItems.Add(((EthernetPacket)packet).DestinationHwAddress.ToUpper());
if (packet is IPPacket)
{
listViewItem.SubItems.Add(((IPPacket)packet).IPProtocol.ToString());
listViewItem.SubItems.Add(((IPPacket)packet).SourceAddress.ToString());
listViewItem.SubItems.Add(((IPPacket)packet).DestinationAddress.ToString());
}
else
{
listViewItem.SubItems.Add("--");
listViewItem.SubItems.Add("--");
listViewItem.SubItems.Add("--");
}
if (packet is TCPPacket)
{
listViewItem.SubItems.Add(((TCPPacket)packet).SourcePort.ToString());
listViewItem.SubItems.Add(((TCPPacket)packet).DestinationPort.ToString());
}
else if (packet is UDPPacket)
{
listViewItem.SubItems.Add(((UDPPacket)packet).SourcePort.ToString());
listViewItem.SubItems.Add(((UDPPacket)packet).DestinationPort.ToString());
}
else
{
listViewItem.SubItems.Add("--");
listViewItem.SubItems.Add("--");
}
// Add this captured packet to the list.
Global.CapturedPackets.Add(packet);
// Update the packet list.
packetsInBufferStatus.Text = "Captured Packets: " + Global.CapturedPackets.Count;
// Scroll if autoscroll is enabled.
if (Settings.Default.AutoScrollPacketList == true)
{
//lvi.Selected = true;
listViewItem.EnsureVisible();
}
}
/// <summary>
/// Writes a packet to the pcap dump file associated with this device.
/// </summary>
/// <param name="p">The packet to write</param>
public void PcapDump(Packet p)
{
PcapDump(p.Bytes, p.PcapHeader);
}
/// <summary>
/// Gets the next packet captured on this device
/// </summary>
/// <param name="p">A packet reference</param>
/// <returns>A reference to a packet object</returns
public virtual int PcapGetNextPacket(out Packet p)
{
//Pointer to a packet info struct
IntPtr header = IntPtr.Zero;
//Pointer to a packet struct
IntPtr data = IntPtr.Zero;
int res = 0;
//Get a packet from winpcap
res = SharpPcap.pcap_next_ex( PcapHandle, ref header, ref data);
p=null;
if(res>0)
{
//Marshal the packet
if ( (header != IntPtr.Zero) && (data != IntPtr.Zero) )
{
SharpPcap.PCAP_PKTHDR pkt_header = (SharpPcap.PCAP_PKTHDR)Marshal.PtrToStructure( header, typeof(SharpPcap.PCAP_PKTHDR) );
//SharpPcap.PCAP_PKTDATA pkt_data = (SharpPcap.PCAP_PKTDATA)Marshal.PtrToStructure( data, typeof(SharpPcap.PCAP_PKTDATA) );
byte[] pkt_data = new byte[pkt_header.caplen];
Marshal.Copy(data, pkt_data, 0, pkt_header.caplen);
p = Packets.PacketFactory.dataToPacket(PcapDataLink, pkt_data, new Packets.Util.Timeval(pkt_header.tv_sec, pkt_header.tv_usec));
p.PcapHeader = new PcapHeader( pkt_header );
}
}
return res;
}
/// <summary>
/// Prints the time, length, src ip, src port, dst ip and dst port
/// for each TCP/IP packet received on the network
/// </summary>
private static void device_PcapOnPacketArrival(object sender, Packet packet)
{
if(packet is TCPPacket)
{
DateTime time = packet.PcapHeader.Date;
int len = packet.PcapHeader.PacketLength;
TCPPacket tcp = (TCPPacket)packet;
string srcIp = tcp.SourceAddress;
string dstIp = tcp.DestinationAddress;
int srcPort = tcp.SourcePort;
int dstPort = tcp.DestinationPort;
Console.WriteLine("{0}:{1}:{2},{3} Len={4} {5}:{6} -> {7}:{8}",
time.Hour, time.Minute, time.Second, time.Millisecond, len,
srcIp, srcPort, dstIp, dstPort);
}
}
/// <summary>
/// Sends a raw packet throgh this device
/// </summary>
/// <param name="p">The packet to send</param>
/// <param name="size">The number of bytes to send</param>
public void PcapSendPacket(Packet p, int size)
{
PcapSendPacket(p.Bytes, size);
}
/// <summary>
/// Add a packet to this send queue.
/// </summary>
/// <param name="packet">The packet to add</param>
/// <returns>True if success, else false</returns>
public bool Add( Packet packet )
{
return this.Add( packet.Bytes, packet.PcapHeader.m_pcap_pkthdr );
}
public void AddPacket(Packet p)
{
// Stream zu ende, sofort return
if (this.finRecived)
{
return;
}
// is es überhaupt ein TCPPacket?
if (!(p is TCPPacket))
{
return;
}
TCPPacket tcpP = (TCPPacket)p;
// gehört das Packet zu unserem TCP-Stream??
// wenn ja, und es ist ein SYN, ACK merken wir uns des Zielport und setzen synRecived auf true
if (tcpP.SourcePort == this.sourcePort && !this.synRecived)
{
if (tcpP.Syn && tcpP.Ack)
{
this.destinationPort = tcpP.DestinationPort;
this.synRecived = true;
this.lastSeqNr = tcpP.AcknowledgmentNumber; // merken
}
return;
}
// gehört das Packet zu unserem TCP-Stream??
if (tcpP.SourcePort != this.sourcePort || tcpP.DestinationPort != this.destinationPort)
{
return;
}
// Stream zu ende? FIN, ACK vorhanden?
if (tcpP.Fin && tcpP.Ack)
{
this.finRecived = true;
return;
}
// haben wir überhaupt Daten?
if (tcpP.Data.Length == 0)
{
return;
}
// packet einsortieren, wenn schon vorhanden > verwerfen
if (this.map.ContainsKey(tcpP.SequenceNumber))
{
return;
}
// wenn seqNr <= currentSeqnr, packet verwerfen, >> Retransmit
if (this.currentSeqNr <= tcpP.SequenceNumber)
{
return;
}
this.map.Add(tcpP.SequenceNumber, tcpP);
this.currentSeqNr = tcpP.SequenceNumber;
// Count total size
this.totalRecivedBytes += tcpP.Data.Length;
// Wenn Ack && Psh > daten zusammensetzen und memorystream der Queue hinzufügen
if (tcpP.Ack && tcpP.Psh)
{
long nextSeqNr = this.lastSeqNr;
while (this.map.ContainsKey(nextSeqNr))
{
TCPPacket packet = (TCPPacket)this.map[nextSeqNr];
foreach (byte b in packet.Data)
{
this.tmpBuffer.WriteByte(b);
}
nextSeqNr += packet.Data.Length;
}
this.dataBuffer.Enqueue(this.tmpBuffer);
this.tmpBuffer = new MemoryStream();
this.lastSeqNr = nextSeqNr;
}
}
/// <summary>
/// Dumps each received packet to a pcap file
/// </summary>
private static void device_PcapOnPacketArrival(object sender, Packet packet)
{
PcapDevice device = (PcapDevice)sender;
//if device has a dump file opened
if( device.PcapDumpOpened )
{
//dump the packet to the file
device.PcapDump( packet );
Console.WriteLine("Packet dumped to file.");
}
}
