public void Add(EthernetPacket packet) { if (packet.TCPHeader == null) { return; } TCP_StreamAddress address = new TCP_StreamAddress(packet); TCP_StreamPacket streamPacket = new TCP_StreamPacket(); streamPacket.Direction = TCP_Direction.SourceToDestination; streamPacket.Address = address; streamPacket.Packet = packet; int i = Streams.IndexOfKey(address); TCP_Stream stream; if (i == -1) { address.StreamNumber = Streams.Count; stream = new TCP_Stream(streamPacket); Streams.Add(address, stream); } else { stream = Streams.Values[i]; address.StreamNumber = stream.Address.StreamNumber; } stream.Add(streamPacket); Packets.Add(streamPacket); packet.gGroupNumber = address.StreamNumber + 1; }
private void _Add(TCP_StreamPacket streamPacket) { if (streamPacket.Address.OriginalOrder == Address.OriginalOrder) { streamPacket.Direction = TCP_Direction.SourceToDestination; } else { streamPacket.Direction = TCP_Direction.DestinationToSource; } Packets.Add(streamPacket); AnalyzePacket(streamPacket); }
private void _Add(TCP_StreamPacket streamPacket) { if (streamPacket.Address.OriginalOrder == Address.OriginalOrder) { streamPacket.Direction = TCP_Direction.SourceToDestination; } else { streamPacket.Direction = TCP_Direction.DestinationToSource; } Packets.Add(streamPacket); TCPHeader tcp = streamPacket.Packet.TCPHeader; if (tcp.syn == 1) { // ****** OpenConnection1 SYN seq = x ****** if (tcp.ack == 0) { streamPacket.PacketType = TCP_PacketType.OpenConnection1; OpenState = TCP_PacketType.OpenConnection1; InitialSourceSequence = CurrentSourceSequence = tcp.seq; Message("TCP open connection step 1 : SYN seq = x (0x{0})", h(tcp.seq)); if (streamPacket.Direction != TCP_Direction.SourceToDestination) { Message(" warning wrong direction"); } } // ****** OpenConnection2 SYN seq = y, ACK x + 1 ****** else { if (streamPacket.Direction != TCP_Direction.DestinationToSource) { Message("TCP open connection step 2 : error wrong direction (SYN seq = y, ACK x + 1)"); streamPacket.PacketType = TCP_PacketType.Unknow; } else { streamPacket.PacketType = TCP_PacketType.OpenConnection2; OpenState = TCP_PacketType.OpenConnection2; InitialDestinationSequence = CurrentDestinationSequence = tcp.seq; Message("TCP open connection step 2 : SYN seq = y (0x{0}), ACK x + 1 (0x{1})", h(tcp.seq), h(tcp.ack_seq)); if (tcp.ack_seq != CurrentSourceSequence + 1) { Message(" warning ack (0x{0}) != source seq + 1 (0x{1})", h(tcp.ack_seq), h(CurrentSourceSequence)); } if (LastPacketType != TCP_PacketType.OpenConnection1) { Message(" warning message should be just after open connection step 1"); } CurrentSourceSequence++; } } } else if (tcp.fin == 1) { // ****** CloseSourceConnection1 FIN seq = x ****** if (streamPacket.Direction == TCP_Direction.SourceToDestination) { CloseSourceState = TCP_PacketType.CloseSourceConnection1; Message("TCP close source connection step 1 : FIN seq = x (0x{0})", h(tcp.seq)); if (tcp.seq != CurrentSourceSequence) { Message("TCP close source connection step 1 : warning seq (0x{0}) != source seq (0x{1}) (FIN seq = x)", h(tcp.seq), h(CurrentSourceSequence)); } if (tcp.ack != 0) { Message("TCP close source connection step 1 : warning ack should not be set (FIN seq = x)"); } } // ****** CloseDestinationConnection1 FIN seq = y, ACK x + 1 ****** else // streamPacket.Direction == TCP_Direction.DestinationToSource { CloseDestinationState = TCP_PacketType.CloseDestinationConnection1; Message("TCP close destination connection step 1 : FIN seq = y (0x{0}), ACK x + 1 (0x{1})", h(tcp.seq), h(tcp.ack_seq)); if (tcp.seq != CurrentDestinationSequence) { Message("TCP close destination connection step 1 : warning seq (0x{0}) != destination seq (0x{1}) (FIN seq = y, ACK x + 1)", h(tcp.seq), h(CurrentDestinationSequence)); } if (tcp.ack != 1) { Message("TCP close destination connection step 1 : warning ack should be set (FIN seq = y, ACK x + 1)"); } else if (tcp.ack_seq != CurrentSourceSequence + 1) { Message("TCP close destination connection step 1 : warning ack (0x{0}) != source seq + 1 (0x{1}) (FIN seq = y, ACK x + 1)", h(tcp.ack_seq), h(CurrentSourceSequence)); } } } else if (tcp.ack == 1) { // ****** OpenConnection3 ACK y + 1 ****** if (LastPacketType == TCP_PacketType.OpenConnection2 && streamPacket.Direction == TCP_Direction.SourceToDestination) { streamPacket.PacketType = TCP_PacketType.OpenConnection3; OpenState = TCP_PacketType.OpenConnection3; ConnectionOpened = true; CurrentDestinationSequence++; Message("TCP open connection step 3 : ACK y + 1 (0x{0})", h(tcp.ack_seq)); if (tcp.ack_seq != InitialDestinationSequence + 1) { Message("TCP open connection step 3 : warning ack (0x{0}) != destination seq + 1 (0x{1}) (ACK y + 1)", h(tcp.ack_seq), h(CurrentDestinationSequence)); } } // ****** CloseSourceConnection2 ACK x + 1 ****** else if (CloseSourceState = TCP_PacketType.CloseSourceConnection1 && streamPacket.Direction == TCP_Direction.DestinationToSource) { Message("TCP close source connection step 2 : ACK x + 1 (0x{0})", h(tcp.ack_seq)); if (tcp.ack_seq != CurrentSourceSequence + 1) { Message("TCP close source connection step 2 : warning ack (0x{0}) != source seq + 1 (0x{1}) (ACK x + 1)", h(tcp.ack_seq), h(CurrentSourceSequence)); } } // ****** CloseDestinationConnection2 ACK y + 1 ****** else if (CloseDestinationState = TCP_PacketType.CloseDestinationConnection1 && streamPacket.Direction == TCP_Direction.SourceToDestination) { Message("TCP close destination connection step 2 : ACK y + 1 (0x{0})", h(tcp.ack_seq)); if (tcp.ack_seq != CurrentDestinationSequence + 1) { Message("TCP close destination connection step 2 : warning ack (0x{0}) != destination seq + 1 (0x{1}) (ACK y + 1)", h(tcp.ack_seq), h(CurrentDestinationSequence)); } } } LastPacketType = streamPacket.PacketType; }
public void Add(TCP_StreamPacket streamPacket) { _Add(streamPacket); }
public TCP_Stream(TCP_StreamPacket streamPacket) { Address = streamPacket.Address; _Add(streamPacket); }
private void AnalyzePacket(TCP_StreamPacket streamPacket) { TCP tcp = streamPacket.Packet.TCP; streamPacket.PacketType = TCP_PacketType.Unknow; bool OpenConnectionPacketType = false; bool CloseConnectionPacketType = false; if (tcp.Synchronize) { OpenConnectionPacketType = true; // ****** OpenConnection1 SYN seq = x ****** if (!tcp.Ack) { streamPacket.PacketType = TCP_PacketType.OpenConnection1; StreamState.OpenState = TCP_PacketType.OpenConnection1; StreamState.InitialSourceSequence = StreamState.CurrentSourceSequence = tcp.Sequence; //streamPacket.Message("TCP open 1 : SYN seq = x (0x{0})", tcp.seq.zToHex()); if (streamPacket.Direction != TCP_Direction.SourceToDestination) { //streamPacket.Message("error wrong direction"); streamPacket.AddError(TCP_PacketError.ErrorBadDirection); } } // ****** OpenConnection2 SYN seq = y, ACK x + 1 ****** else { if (streamPacket.Direction == TCP_Direction.DestinationToSource) { streamPacket.PacketType = TCP_PacketType.OpenConnection2; StreamState.OpenState = TCP_PacketType.OpenConnection2; StreamState.InitialDestinationSequence = StreamState.CurrentDestinationSequence = tcp.Sequence; //streamPacket.Message("TCP open 2 : SYN seq = y (0x{0}), ACK x + 1 (0x{1})", tcp.seq.zToHex(), tcp.ack_seq.zToHex()); StreamState.CurrentSourceSequence++; if (tcp.AckSequence != StreamState.CurrentSourceSequence) { //streamPacket.Message("warning ack (0x{0}) != source seq + 1 (0x{1})", tcp.ack_seq.zToHex(), CurrentSourceSequence.zToHex()); streamPacket.AddError(TCP_PacketError.WarningOpenConnection2BadAck); } if (StreamState.LastPacketType != TCP_PacketType.OpenConnection1) { //streamPacket.Message("warning message should be just after open connection step 1"); streamPacket.AddError(TCP_PacketError.WarningOpenConnection2BadMessagePosition); } } else { //streamPacket.Message("error wrong direction, TCP open 2, SYN seq = y (0x{0}), ACK x + 1 (0x{1})", tcp.seq.zToHex(), tcp.ack_seq.zToHex()); streamPacket.AddError(TCP_PacketError.ErrorOpenConnection2BadDirection); } } } else if (tcp.Finish) { CloseConnectionPacketType = true; // ****** CloseSourceConnection1 FIN seq = x ****** if (streamPacket.Direction == TCP_Direction.SourceToDestination) { streamPacket.PacketType = TCP_PacketType.CloseSourceConnection1; StreamState.CloseSourceState = TCP_PacketType.CloseSourceConnection1; //streamPacket.Message("TCP close source connection step 1 : FIN seq = x (0x{0})", tcp.seq.zToHex()); if (tcp.Sequence != StreamState.CurrentSourceSequence) { //streamPacket.Message("warning seq (0x{0}) != source seq (0x{1})", tcp.seq.zToHex(), CurrentSourceSequence.zToHex()); streamPacket.AddError(TCP_PacketError.WarningCloseSourceConnection1BadSeq); } if (tcp.Ack) { //streamPacket.Message("warning ack should not be set"); streamPacket.AddError(TCP_PacketError.WarningBadFlagAck); } } // ****** CloseDestinationConnection1 FIN seq = y, ACK x + 1 ****** else // streamPacket.Direction == TCP_Direction.DestinationToSource { streamPacket.PacketType = TCP_PacketType.CloseDestinationConnection1; StreamState.CloseDestinationState = TCP_PacketType.CloseDestinationConnection1; //streamPacket.Message("TCP close destination connection step 1 : FIN seq = y (0x{0}), ACK x + 1 (0x{1})", tcp.seq.zToHex(), tcp.ack_seq.zToHex()); if (tcp.Sequence != StreamState.CurrentDestinationSequence) { //streamPacket.Message("warning seq (0x{0}) != destination seq (0x{1})", tcp.seq.zToHex(), CurrentDestinationSequence.zToHex()); streamPacket.AddError(TCP_PacketError.WarningCloseDestinationConnection1BadSeq); } if (!tcp.Ack) { //streamPacket.Message("warning ack should be set"); streamPacket.AddError(TCP_PacketError.WarningBadFlagAck); } else if (tcp.AckSequence != StreamState.CurrentSourceSequence + 1) { //streamPacket.Message("warning ack (0x{0}) != source seq + 1 (0x{1})", tcp.ack_seq.zToHex(), CurrentSourceSequence.zToHex()); streamPacket.AddError(TCP_PacketError.WarningCloseDestinationConnection1BadAck); } } } else if (tcp.Ack) { // ****** OpenConnection3 ACK y + 1 ****** if (StreamState.LastPacketType == TCP_PacketType.OpenConnection2 && streamPacket.Direction == TCP_Direction.SourceToDestination) { OpenConnectionPacketType = true; streamPacket.PacketType = TCP_PacketType.OpenConnection3; StreamState.OpenState = TCP_PacketType.OpenConnection3; StreamState.ConnectionOpened = true; StreamState.CurrentDestinationSequence++; //streamPacket.Message("TCP open 3 : ACK y + 1 (0x{0})", tcp.ack_seq.zToHex()); if (tcp.AckSequence != StreamState.InitialDestinationSequence + 1) { //streamPacket.Message("warning ack (0x{0}) != destination seq + 1 (0x{1})", tcp.ack_seq.zToHex(), CurrentDestinationSequence.zToHex()); streamPacket.AddError(TCP_PacketError.WarningOpenConnection3BadAck); } } // ****** CloseSourceConnection2 ACK x + 1 ****** else if (StreamState.CloseSourceState == TCP_PacketType.CloseSourceConnection1 && streamPacket.Direction == TCP_Direction.DestinationToSource) { CloseConnectionPacketType = true; streamPacket.PacketType = TCP_PacketType.CloseSourceConnection2; StreamState.CloseSourceState = TCP_PacketType.CloseSourceConnection2; //streamPacket.Message("TCP close source connection step 2 : ACK x + 1 (0x{0})", tcp.ack_seq.zToHex()); if (tcp.AckSequence != StreamState.CurrentSourceSequence + 1) { //streamPacket.Message("warning ack (0x{0}) != source seq + 1 (0x{1})", tcp.ack_seq.zToHex(), CurrentSourceSequence.zToHex()); streamPacket.AddError(TCP_PacketError.WarningCloseSourceConnection2BadAck); } } // ****** CloseDestinationConnection2 ACK y + 1 ****** else if (StreamState.CloseDestinationState == TCP_PacketType.CloseDestinationConnection1 && streamPacket.Direction == TCP_Direction.SourceToDestination) { CloseConnectionPacketType = true; streamPacket.PacketType = TCP_PacketType.CloseDestinationConnection2; StreamState.CloseDestinationState = TCP_PacketType.CloseDestinationConnection2; //streamPacket.Message("TCP close destination connection step 2 : ACK y + 1 (0x{0})", tcp.ack_seq.zToHex()); if (tcp.AckSequence != StreamState.CurrentDestinationSequence + 1) { //streamPacket.Message("warning ack (0x{0}) != destination seq + 1 (0x{1}) (ACK y + 1)", tcp.ack_seq.zToHex(), CurrentDestinationSequence.zToHex()); streamPacket.AddError(TCP_PacketError.WarningCloseDestinationConnection2BadAck); } } else { streamPacket.PacketType |= TCP_PacketType.Ack; } } //if (OpenConnectionPacketType || CloseConnectionPacketType) //{ // if (tcp.DataLength > 0) // { // if (tcp.psh == 1) // streamPacket.Message("error data with push option cannot be send with syn flag"); // else // streamPacket.Message("error data with cannot be send with syn flag"); // } // if (tcp.psh == 1) // streamPacket.Message("error push option without data cannot be send with syn flag"); //} if (tcp.Push) { streamPacket.PacketType |= TCP_PacketType.Push; } if (tcp.DataLength > 0) { streamPacket.PacketType |= TCP_PacketType.Data; } StreamState.LastPacketType = streamPacket.PacketType; streamPacket.StreamState = StreamState; }