/// <summary> /// /// </summary> /// <param name="temp"></param> public FormPayload(Event temp) { InitializeComponent(); // Payload Tab (HEX) if (temp.PayloadHex != null) { DynamicByteProvider dynamicByteProvider = new DynamicByteProvider(temp.PayloadHex); hexEvent.ByteProvider = dynamicByteProvider; } else { DynamicByteProvider dynamicByteProvider = new DynamicByteProvider(new byte[] { }); hexEvent.ByteProvider = dynamicByteProvider; } // Payload Tab (ASCII) txtPayloadAscii.Text = temp.PayloadAscii; }
/// <summary> /// /// </summary> /// <param name="list"></param> public void DisplaySelectedEventDetails(Event temp) { using (new HourGlass(this)) { if (temp.IpProto == (int)Global.Protocols.Tcp) { if (tabEvent.TabPages.Contains(tabPageTcpHeader) == false) { tabEvent.TabPages.Insert(2, tabPageTcpHeader); } if (tabEvent.TabPages.Contains(tabPageUdpHeader) == true) { tabEvent.TabPages.Remove(tabPageUdpHeader); } } else if (temp.IpProto == (int)Global.Protocols.Udp) { if (tabEvent.TabPages.Contains(tabPageUdpHeader) == false) { tabEvent.TabPages.Insert(2, tabPageUdpHeader); } if (tabEvent.TabPages.Contains(tabPageTcpHeader) == true) { tabEvent.TabPages.Remove(tabPageTcpHeader); } } else { tabEvent.TabPages.Remove(tabPageTcpHeader); tabEvent.TabPages.Remove(tabPageUdpHeader); } // DNS Tab if (temp.TcpDstPort == 53 || temp.TcpSrcPort == 53 || temp.UdpDstPort == 53 || temp.UdpSrcPort == 53) { if (tabEvent.TabPages.Contains(tabPageDns) == false) { tabEvent.TabPages.Insert(tabEvent.TabPages.Count - 2, tabPageDns); } } else { tabEvent.TabPages.Remove(tabPageDns); } // IP Tab ipSource.Text = temp.IpSrcTxt.ToString(); ipDest.Text = temp.IpDstTxt.ToString(); txtIpCsum.Text = temp.IpCsum.ToString(); txtIpFlags.Text = temp.IpFlags.ToString(); txtIpHlen.Text = temp.IpHlen.ToString(); txtIpId.Text = temp.IpId.ToString(); txtIpLen.Text = temp.IpLen.ToString(); txtIpOff.Text = temp.IpOff.ToString(); txtIpProto.Text = temp.IpProto.ToString(); txtIpTos.Text = temp.IpTos.ToString(); txtIpTtl.Text = temp.IpTtl.ToString(); txtIpVer.Text = temp.IpVer.ToString(); // Signature Tab txtSigCategory.Text = temp.SigClassName; txtSigGenId.Text = temp.SigGid.ToString(); txtSigSigRev.Text = temp.SigRev.ToString(); txtSigSigId.Text = temp.SigSid.ToString(); txtRule.Text = temp.Rule; if (txtRule.Text.IndexOf("flowbits:isset,", StringComparison.InvariantCultureIgnoreCase) > -1) { btnLinkedRules.Enabled = true; } else { btnLinkedRules.Enabled = false; } // TCP Tab txtTcpAck.Text = temp.TcpAck.ToString(); txtTcpCsum.Text = temp.TcpCsum.ToString(); txtTcpDstPort.Text = temp.TcpDstPort.ToString(); txtTcpFlags.Text = temp.TcpFlags.ToString(); txtTcpOff.Text = temp.TcpOff.ToString(); txtTcpRes.Text = temp.TcpRes.ToString(); txtTcpSeq.Text = temp.TcpSeq.ToString(); txtTcpSrcPrt.Text = temp.TcpSrcPort.ToString(); txtTcpUrp.Text = temp.TcpUrp.ToString(); txtTcpWin.Text = temp.TcpWin.ToString(); // UDP Tab txtUdpSrcPort.Text = temp.UdpSrcPort.ToString(); txtUdpDstPort.Text = temp.TcpDstPort.ToString(); txtUdpLen.Text = temp.UdpLen.ToString(); txtUdpCsum.Text = temp.UdpCsum.ToString(); // References Tab using (NPoco.Database dbMySql = new NPoco.Database(Db.GetOpenMySqlConnection())) { List<Reference> references = dbMySql.Fetch<Reference>(_sql.GetQuery(snorbert.Configs.Sql.Query.SQL_REFERENCES), new object[] { temp.SigId }); listReferences.SetObjects(references); } ResizeReferenceListColumns(); txtDns.Text = string.Empty; // Payload Tab (HEX) if (temp.PayloadHex != null) { DynamicByteProvider dynamicByteProvider = new DynamicByteProvider(temp.PayloadHex); hexEvent.ByteProvider = dynamicByteProvider; if (temp.TcpDstPort == 53 || temp.TcpSrcPort == 53 || temp.UdpDstPort == 53 || temp.UdpSrcPort == 53) { try { DnsMessage dm = ARSoft.Tools.Net.Dns.DnsMessage.Parse(temp.PayloadHex); if (dm.Questions.Count > 0) { txtDns.Text = "Questions:" + Environment.NewLine; foreach (ARSoft.Tools.Net.Dns.DnsQuestion q in dm.Questions) { txtDns.Text += q.ToString() + Environment.NewLine; } txtDns.Text += Environment.NewLine; } if (dm.AnswerRecords.Count > 0) { txtDns.Text += "Answers:" + Environment.NewLine; foreach (ARSoft.Tools.Net.Dns.DnsRecordBase r in dm.AnswerRecords) { txtDns.Text += r.ToString() + Environment.NewLine; } txtDns.Text += Environment.NewLine; } if (dm.AuthorityRecords.Count > 0) { txtDns.Text += "Authority Records:" + Environment.NewLine; foreach (ARSoft.Tools.Net.Dns.DnsRecordBase r in dm.AuthorityRecords) { txtDns.Text += r.ToString() + Environment.NewLine; } txtDns.Text += Environment.NewLine; } if (dm.AdditionalRecords.Count > 0) { txtDns.Text += "AdditionalRecords:" + Environment.NewLine; foreach (ARSoft.Tools.Net.Dns.DnsRecordBase r in dm.AdditionalRecords) { txtDns.Text += r.ToString() + Environment.NewLine; } } } catch (Exception ex){} } } else { DynamicByteProvider dynamicByteProvider = new DynamicByteProvider(new byte[] { }); hexEvent.ByteProvider = dynamicByteProvider; } // Payload Tab (ASCII) txtPayloadAscii.Text = temp.PayloadAscii; // Misc Tab txtEventSid.Text = temp.Sid.ToString(); txtEventCid.Text = temp.Cid.ToString(); txtSensor.Text = temp.SensorName; txtPriority.Text = temp.SigPriority.ToString(); // Acknowledgement Tab using (NPoco.Database dbMySql = new NPoco.Database(Db.GetOpenMySqlConnection())) { string query = _sql.GetQuery(snorbert.Configs.Sql.Query.SQL_ACKNOWLEDGEMENT_DETAILS); query = query.Replace("#WHERE#", @"WHERE acknowledgment.id = @0"); List<Acknowledgment> acknowledgment = dbMySql.Fetch<Acknowledgment>(query, new object[] { temp.AcknowledgmentId }); if (acknowledgment.Any()) { txtAckInitials.Text = acknowledgment.First().Initials; txtAckClassification.Text = acknowledgment.First().Description; txtAckNotes.Text = acknowledgment.First().Notes; txtAckTimestamp.Text = acknowledgment.First().Timestamp.ToString(); chkAckSuccessful.Checked = acknowledgment.First().Successful; } } } }