/// <summary>
///
/// </summary>
/// <param name="temp"></param>
public FormPayload(Event temp)
{
InitializeComponent();
// Payload Tab (HEX)
if (temp.PayloadHex != null)
{
DynamicByteProvider dynamicByteProvider = new DynamicByteProvider(temp.PayloadHex);
hexEvent.ByteProvider = dynamicByteProvider;
}
else
{
DynamicByteProvider dynamicByteProvider = new DynamicByteProvider(new byte[] { });
hexEvent.ByteProvider = dynamicByteProvider;
}
// Payload Tab (ASCII)
txtPayloadAscii.Text = temp.PayloadAscii;
}
/// <summary>
///
/// </summary>
/// <param name="list"></param>
public void DisplaySelectedEventDetails(Event temp)
{
using (new HourGlass(this))
{
if (temp.IpProto == (int)Global.Protocols.Tcp)
{
if (tabEvent.TabPages.Contains(tabPageTcpHeader) == false)
{
tabEvent.TabPages.Insert(2, tabPageTcpHeader);
}
if (tabEvent.TabPages.Contains(tabPageUdpHeader) == true)
{
tabEvent.TabPages.Remove(tabPageUdpHeader);
}
}
else if (temp.IpProto == (int)Global.Protocols.Udp)
{
if (tabEvent.TabPages.Contains(tabPageUdpHeader) == false)
{
tabEvent.TabPages.Insert(2, tabPageUdpHeader);
}
if (tabEvent.TabPages.Contains(tabPageTcpHeader) == true)
{
tabEvent.TabPages.Remove(tabPageTcpHeader);
}
}
else
{
tabEvent.TabPages.Remove(tabPageTcpHeader);
tabEvent.TabPages.Remove(tabPageUdpHeader);
}
// DNS Tab
if (temp.TcpDstPort == 53 || temp.TcpSrcPort == 53 || temp.UdpDstPort == 53 || temp.UdpSrcPort == 53)
{
if (tabEvent.TabPages.Contains(tabPageDns) == false)
{
tabEvent.TabPages.Insert(tabEvent.TabPages.Count - 2, tabPageDns);
}
} else {
tabEvent.TabPages.Remove(tabPageDns);
}
// IP Tab
ipSource.Text = temp.IpSrcTxt.ToString();
ipDest.Text = temp.IpDstTxt.ToString();
txtIpCsum.Text = temp.IpCsum.ToString();
txtIpFlags.Text = temp.IpFlags.ToString();
txtIpHlen.Text = temp.IpHlen.ToString();
txtIpId.Text = temp.IpId.ToString();
txtIpLen.Text = temp.IpLen.ToString();
txtIpOff.Text = temp.IpOff.ToString();
txtIpProto.Text = temp.IpProto.ToString();
txtIpTos.Text = temp.IpTos.ToString();
txtIpTtl.Text = temp.IpTtl.ToString();
txtIpVer.Text = temp.IpVer.ToString();
// Signature Tab
txtSigCategory.Text = temp.SigClassName;
txtSigGenId.Text = temp.SigGid.ToString();
txtSigSigRev.Text = temp.SigRev.ToString();
txtSigSigId.Text = temp.SigSid.ToString();
txtRule.Text = temp.Rule;
if (txtRule.Text.IndexOf("flowbits:isset,", StringComparison.InvariantCultureIgnoreCase) > -1)
{
btnLinkedRules.Enabled = true;
}
else
{
btnLinkedRules.Enabled = false;
}
// TCP Tab
txtTcpAck.Text = temp.TcpAck.ToString();
txtTcpCsum.Text = temp.TcpCsum.ToString();
txtTcpDstPort.Text = temp.TcpDstPort.ToString();
txtTcpFlags.Text = temp.TcpFlags.ToString();
txtTcpOff.Text = temp.TcpOff.ToString();
txtTcpRes.Text = temp.TcpRes.ToString();
txtTcpSeq.Text = temp.TcpSeq.ToString();
txtTcpSrcPrt.Text = temp.TcpSrcPort.ToString();
txtTcpUrp.Text = temp.TcpUrp.ToString();
txtTcpWin.Text = temp.TcpWin.ToString();
// UDP Tab
txtUdpSrcPort.Text = temp.UdpSrcPort.ToString();
txtUdpDstPort.Text = temp.TcpDstPort.ToString();
txtUdpLen.Text = temp.UdpLen.ToString();
txtUdpCsum.Text = temp.UdpCsum.ToString();
// References Tab
using (NPoco.Database dbMySql = new NPoco.Database(Db.GetOpenMySqlConnection()))
{
List<Reference> references = dbMySql.Fetch<Reference>(_sql.GetQuery(snorbert.Configs.Sql.Query.SQL_REFERENCES), new object[] { temp.SigId });
listReferences.SetObjects(references);
}
ResizeReferenceListColumns();
txtDns.Text = string.Empty;
// Payload Tab (HEX)
if (temp.PayloadHex != null)
{
DynamicByteProvider dynamicByteProvider = new DynamicByteProvider(temp.PayloadHex);
hexEvent.ByteProvider = dynamicByteProvider;
if (temp.TcpDstPort == 53 || temp.TcpSrcPort == 53 || temp.UdpDstPort == 53 || temp.UdpSrcPort == 53)
{
try
{
DnsMessage dm = ARSoft.Tools.Net.Dns.DnsMessage.Parse(temp.PayloadHex);
if (dm.Questions.Count > 0)
{
txtDns.Text = "Questions:" + Environment.NewLine;
foreach (ARSoft.Tools.Net.Dns.DnsQuestion q in dm.Questions)
{
txtDns.Text += q.ToString() + Environment.NewLine;
}
txtDns.Text += Environment.NewLine;
}
if (dm.AnswerRecords.Count > 0)
{
txtDns.Text += "Answers:" + Environment.NewLine;
foreach (ARSoft.Tools.Net.Dns.DnsRecordBase r in dm.AnswerRecords)
{
txtDns.Text += r.ToString() + Environment.NewLine;
}
txtDns.Text += Environment.NewLine;
}
if (dm.AuthorityRecords.Count > 0)
{
txtDns.Text += "Authority Records:" + Environment.NewLine;
foreach (ARSoft.Tools.Net.Dns.DnsRecordBase r in dm.AuthorityRecords)
{
txtDns.Text += r.ToString() + Environment.NewLine;
}
txtDns.Text += Environment.NewLine;
}
if (dm.AdditionalRecords.Count > 0)
{
txtDns.Text += "AdditionalRecords:" + Environment.NewLine;
foreach (ARSoft.Tools.Net.Dns.DnsRecordBase r in dm.AdditionalRecords)
{
txtDns.Text += r.ToString() + Environment.NewLine;
}
}
}
catch (Exception ex){}
}
}
else
{
DynamicByteProvider dynamicByteProvider = new DynamicByteProvider(new byte[] { });
hexEvent.ByteProvider = dynamicByteProvider;
}
// Payload Tab (ASCII)
txtPayloadAscii.Text = temp.PayloadAscii;
// Misc Tab
txtEventSid.Text = temp.Sid.ToString();
txtEventCid.Text = temp.Cid.ToString();
txtSensor.Text = temp.SensorName;
txtPriority.Text = temp.SigPriority.ToString();
// Acknowledgement Tab
using (NPoco.Database dbMySql = new NPoco.Database(Db.GetOpenMySqlConnection()))
{
string query = _sql.GetQuery(snorbert.Configs.Sql.Query.SQL_ACKNOWLEDGEMENT_DETAILS);
query = query.Replace("#WHERE#", @"WHERE acknowledgment.id = @0");
List<Acknowledgment> acknowledgment = dbMySql.Fetch<Acknowledgment>(query, new object[] { temp.AcknowledgmentId });
if (acknowledgment.Any())
{
txtAckInitials.Text = acknowledgment.First().Initials;
txtAckClassification.Text = acknowledgment.First().Description;
txtAckNotes.Text = acknowledgment.First().Notes;
txtAckTimestamp.Text = acknowledgment.First().Timestamp.ToString();
chkAckSuccessful.Checked = acknowledgment.First().Successful;
}
}
}
}
