public DataBlock(string pFile, int start, int len, TcpRecon pRecon) { parentFile = pFile; startOffset = start; length = len; endOffset = start + len; recon = pRecon; }
// The callback function for the SharpPcap library private void device_PcapOnPacketArrival(object sender, CaptureEventArgs e) { Packet packet; try { packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data); } catch (Exception ex) { //System.Console.Write(ex.Message); //todo: sometimes get error raw packet not implemented? return; } if (firstTimeStamp == 0) { firstTimeStamp = decimal.Parse(e.Packet.Timeval.Seconds.ToString() + "." + e.Packet.Timeval.MicroSeconds.ToString()); } totalPackets++; UdpPacket udpPacket = (UdpPacket)packet.Extract(typeof(UdpPacket)); if (udpPacket != null) { HandleDNS(udpPacket); return; } IpPacket ipPacket = (IpPacket)packet.Extract(typeof(IpPacket)); TcpPacket tcpPacket = (TcpPacket)packet.Extract(typeof(TcpPacket)); if (tcpPacket == null) return; totalTCPPackets++; Connection c = new Connection(tcpPacket); TcpRecon recon = null; curPacket = tcpPacket; curPacketTime = e.Packet.Timeval; if (!sharpPcapDict.ContainsKey(c)) { c.generateFileName(outDir); recon = new TcpRecon(c.fileName); recon.LastSourcePort = tcpPacket.SourcePort; recon.StreamStartTimeStamp = e.Packet.Timeval.Seconds.ToString() + "." + e.Packet.Timeval.MicroSeconds.ToString(); decimal curTime = decimal.Parse(recon.StreamStartTimeStamp); recon.relativeTimeStamp = (curTime - firstTimeStamp).ToString(); sharpPcapDict.Add(c, recon); if (!IPExists("tcp: " + ipPacket.DestinationAddress)) ips.Add("tcp: " + ipPacket.DestinationAddress); if (!IPExists("tcp: " + ipPacket.SourceAddress)) ips.Add("tcp: " + ipPacket.SourceAddress); owner.Invoke(NewStream, recon); }else{ recon = sharpPcapDict[c]; } //can contain fragments and out of order packets recon.ReassemblePacket(ipPacket.SourceAddress.Address, ipPacket.DestinationAddress.Address, tcpPacket, e.Packet.Timeval); if (recon.PacketWritten) //reassembly/reordering complete data was saved this time.. { if (recon.LastSourcePort != tcpPacket.SourcePort) //previous entry is now complete so lets add it. { AddNewNode(recon); recon.LastSourcePort = tcpPacket.SourcePort; } } }
private void AddNewNode(TcpRecon recon) { int startAt = (int)recon.LastSavedOffset; int endAt = (int)recon.PreviousPacketEndOffset; if (recon.isComplete) endAt =(int)recon.CurrentOffset; DataBlock db = new DataBlock(recon.dumpFile, startAt, endAt - startAt, recon); db.EpochTimeStamp = curPacketTime.Seconds.ToString() + "." + curPacketTime.MicroSeconds.ToString(); /*string fu = firstTimeStamp_s.ToString() + "." + firstTimeStamp_ms.ToString(); string fu2 = firstpacketTimeStamp_s.ToString() + "." + firstpacketTimeStamp_ms.ToString(); decimal tmp = decimal.Parse(fu); decimal temp2 = decimal.Parse(fu2); decimal x = temp2 - tmp; db.relativeTimeStamp = x.ToString(); firstpacketTimeStamp_s = 0;*/ /*long hi = (long)curPacket.PcapHeader.Seconds - firstTimeStamp_s; long low = (long)curPacket.PcapHeader.MicroSeconds - firstTimeStamp_ms; db.relativeTimeStamp = hi.ToString() + "." + low.ToString(); */ owner.Invoke(NewNode, db); recon.LastSavedOffset = recon.PreviousPacketEndOffset; }
//#region reconManager callbacks private string getParentNodeName(TcpRecon recon) { string nText = Path.GetFileName(recon.dumpFile); return getParentNodeName(nText); }
public void NewStream(TcpRecon recon) { TreeNode n = null; string nText = getParentNodeName(recon); n = tv.Nodes.Add(recon.HashCode, nText); n.Tag = recon; tv.Refresh(); }