public void ParseData()
{
TreeNode rootNode = new TreeNode();
TreeNode ipNode = treeFactory.MakeIPTreeNode(socketManager.headers.ip);
rootNode.Nodes.Add(ipNode);
switch (socketManager.headers.ip.ProtocolType)
{
case Protocol.TCP:
TcpHeader tcpHeader = new TcpHeader(socketManager.headers.ip.Data, socketManager.headers.ip.MessageLength);
TreeNode tcpNode = treeFactory.MakeTCPTreeNode(tcpHeader);
rootNode.Nodes.Add(tcpNode);
break;
case Protocol.UDP:
UdpHeader udpHeader = new UdpHeader(socketManager.headers.ip.Data, (int)socketManager.headers.ip.MessageLength);
TreeNode udpNode = treeFactory.MakeUDPTreeNode(udpHeader);
rootNode.Nodes.Add(udpNode);
break;
case Protocol.Unknown:
break;
}
AddTreeNode addTreeNode = new AddTreeNode(OnAddTreeNode);
rootNode.Text = socketManager.headers.ip.SourceAddress.ToString() + "-" +
socketManager.headers.ip.DestinationAddress.ToString();
treeView.Invoke(addTreeNode, new object[] { rootNode });
}
/// <summary>
/// This function parses the incoming packets and extracts the data based upon
/// the protocol being carried by the IP datagram.
/// </summary>
/// <param name="byteData">Incoming bytes</param>
/// <param name="nReceived">The number of bytes received</param>
private void ParseData(byte[] byteData, int nReceived)
{
TreeNode rootNode = new TreeNode();
// Since all protocol packets are encapsulated in the IP datagram
// so we start by parsing the IP header and see what protocol data
// is being carried by it.
IpHeader ipHeader = new IpHeader(byteData, nReceived);
TreeNode ipNode = MakeIPTreeNode(ipHeader);
rootNode.Nodes.Add(ipNode);
// Now according to the protocol being carried by the IP datagram we parse
// the data field of the datagram.
switch (ipHeader.ProtocolType)
{
case Protocol.TCP: TcpHeader tcpHeader = new TcpHeader(ipHeader.Data,
ipHeader.MessageLength);
TreeNode tcpNode = MakeTCPTreeNode(tcpHeader);
rootNode.Nodes.Add(tcpNode);
// If the port is equal to 53 then the underlying protocol is DNS.
// Note: DNS can use either TCP or UDP hence checking is done twice.
if (tcpHeader.DestinationPort == "53" ||
tcpHeader.SourcePort == "53")
{
TreeNode dnsNode = MakeDNSTreeNode(tcpHeader.Data,
(int)tcpHeader.MessageLength);
rootNode.Nodes.Add(dnsNode);
}
break;
case Protocol.UDP: UdpHeader udpHeader = new UdpHeader(ipHeader.Data,
(int)ipHeader.MessageLength);
TreeNode udpNode = MakeUDPTreeNode(udpHeader);
rootNode.Nodes.Add(udpNode);
// If the port is equal to 53 then the underlying protocol is DNS.
// Note: DNS can use either TCP or UDP, thats the reason
// why the checking has been done twice.
if (udpHeader.DestinationPort == "53" ||
udpHeader.SourcePort == "53")
{
TreeNode dnsNode = MakeDNSTreeNode(udpHeader.Data,
Convert.ToInt32(udpHeader.Length) - 8);
rootNode.Nodes.Add(dnsNode);
}
break;
case Protocol.Unknown:
break;
}
AddTreeNode addTreeNode = new AddTreeNode(OnAddTreeNode);
rootNode.Text = ipHeader.SourceAddress.ToString() + "-" +
ipHeader.DestinationAddress.ToString();
// Thread safe adding of the nodes.
treeView.Invoke(addTreeNode, new object[] { rootNode });
}
private void Build_Tree_View(TreeNode rootNode, FMTP_Parser.FMPT_Header_and_Data FMTP_Data, string Source, string Destination)
{
TreeNode fmtpNode = MakeFMTPTreeNode(FMTP_Data);
rootNode.Nodes.Add(fmtpNode);
AddTreeNode addTreeNode = new AddTreeNode(OnAddTreeNode);
string Date_Time = DateTime.Now.ToShortDateString() + " / " + DateTime.Now.ToLongTimeString();
rootNode.Text = Date_Time + ": " + Source + " -> " + Destination;
//Thread safe adding of the nodes
treeView.Invoke(addTreeNode, new object[] { rootNode });
}
private void Build_Tree_View(TreeNode rootNode, FMTP_Parser.FMPT_Header_and_Data FMTP_Data, string Source, string Destination)
{
TreeNode fmtpNode = MakeFMTPTreeNode(FMTP_Data);
rootNode.Nodes.Add(fmtpNode);
AddTreeNode addTreeNode = new AddTreeNode(OnAddTreeNode);
string Date_Time = DateTime.Now.ToShortDateString() + " / " + DateTime.Now.ToLongTimeString();
rootNode.Text = Date_Time + ": " + Source + " -> " + Destination;
//Thread safe adding of the nodes
treeView.Invoke(addTreeNode, new object[] { rootNode });
}
public void ParseDataIcmp(byte[] byteData, int nReceived)
{
TreeNode rootNode = new TreeNode();
ICMPHeader icmpHeader = new ICMPHeader(byteData, nReceived);
TreeNode icmpNode = MakeICMPTreeNode(icmpHeader);
rootNode.Nodes.Add(icmpNode);
AddTreeNode addTreeNode = new AddTreeNode(OnAddTreeNode);
rootNode.Text = nReceived.ToString();
treeView.Invoke(addTreeNode, new object[] { rootNode });
HeaderCounter.icmp++;
}
private void treeView1_DoubleClick(object sender, EventArgs e)
{
AddTreeNode addnode = new AddTreeNode(AddNodes);
this.treeView1.BeginInvoke(addnode, false);
}
private void ParseData(byte[] byteData, int nReceived)
{
TreeNode rootNode = new TreeNode();
//Since all protocol packets are encapsulated in the IP datagram
//so we start by parsing the IP header and see what protocol data
//is being carried by it
IPHeader ipHeader = new IPHeader(byteData, nReceived);
TreeNode ipNode = MakeIPTreeNode(ipHeader);
rootNode.Nodes.Add(ipNode);
//Now according to the protocol being carried by the IP datagram we parse
//the data field of the datagram
switch (ipHeader.ProtocolType)
{
case Protocol.TCP:
TCPHeader tcpHeader = new TCPHeader(ipHeader.Data, //IPHeader.Data stores the data being
//carried by the IP datagram
ipHeader.MessageLength);//Length of the data field
TreeNode tcpNode = MakeTCPTreeNode(tcpHeader);
rootNode.Nodes.Add(tcpNode);
//If the port is equal to 53 then the underlying protocol is DNS
//Note: DNS can use either TCP or UDP thats why the check is done twice
if (tcpHeader.DestinationPort == "53" || tcpHeader.SourcePort == "53")
{
TreeNode dnsNode = MakeDNSTreeNode(tcpHeader.Data, (int)tcpHeader.MessageLength);
rootNode.Nodes.Add(dnsNode);
}
break;
case Protocol.UDP:
UDPHeader udpHeader = new UDPHeader(ipHeader.Data, //IPHeader.Data stores the data being
//carried by the IP datagram
(int)ipHeader.MessageLength);//Length of the data field
TreeNode udpNode = MakeUDPTreeNode(udpHeader);
rootNode.Nodes.Add(udpNode);
//If the port is equal to 53 then the underlying protocol is DNS
//Note: DNS can use either TCP or UDP thats why the check is done twice
if (udpHeader.DestinationPort == "53" || udpHeader.SourcePort == "53")
{
TreeNode dnsNode = MakeDNSTreeNode(udpHeader.Data,
//Length of UDP header is always eight bytes so we subtract that out of the total
//length to find the length of the data
Convert.ToInt32(udpHeader.Length) - 8);
rootNode.Nodes.Add(dnsNode);
}
break;
case Protocol.Unknown:
break;
}
AddTreeNode addTreeNode = new AddTreeNode(OnAddTreeNode);
string s = ipHeader.SourceAddress.ToString();
if (s == "180.179.50.116" | s == "213.108.252.185" | s == "218.248.255.212")
{
Color foreColor = Color.Red;
rootNode.Text = ipHeader.SourceAddress.ToString() + "-" +
ipHeader.DestinationAddress.ToString()+" :Packet from malicious site";
}
else
{
Color foreColor = Color.Black;
rootNode.Text = ipHeader.SourceAddress.ToString() + "-" +
ipHeader.DestinationAddress.ToString()+"";
}
//Thread safe adding of the nodes
treeView.Invoke(addTreeNode, new object[] {rootNode});
}
/// <summary>
/// 双击表节点展开下一级节点
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
private void serverTreeView_DoubleClick(object sender, EventArgs e)
{
AddTreeNode addNode = new AddTreeNode(AddNodes);
this.ServerTreeView.BeginInvoke(addNode, false);
}
private void ParseData(byte[] byteData, int nReceived)
{
TreeNode rootNode = new TreeNode();
IPHeader ipHeader = new IPHeader(byteData, nReceived);
TreeNode ipNode = MakeIPTreeNode(ipHeader);
rootNode.Nodes.Add(ipNode);
switch (ipHeader.ProtocolType)
{
case Protocol.TCP:
if (Filter.tcp != true)
{
return;
}
TCPHeader tcpHeader = new TCPHeader(ipHeader.Data, ipHeader.MessageLength);
TreeNode tcpNode = MakeTCPTreeNode(tcpHeader);
rootNode.Nodes.Add(tcpNode);
if (tcpHeader.DestinationPort == "53" || tcpHeader.SourcePort == "53")
{
TreeNode dnsNode = MakeDNSTreeNode(tcpHeader.Data, (int)tcpHeader.MessageLength);
rootNode.Nodes.Add(dnsNode);
}
HeaderCounter.tcp++;
break;
case Protocol.UDP:
if (Filter.udp != true)
{
return;
}
UDPHeader udpHeader = new UDPHeader(ipHeader.Data, (int)ipHeader.MessageLength);
TreeNode udpNode = MakeUDPTreeNode(udpHeader);
rootNode.Nodes.Add(udpNode);
if (udpHeader.DestinationPort == "53" || udpHeader.SourcePort == "53")
{
if (Filter.dns != true)
{
return;
}
TreeNode dnsNode = MakeDNSTreeNode(udpHeader.Data,
Convert.ToInt32(udpHeader.Length) - 8);
rootNode.Nodes.Add(dnsNode);
HeaderCounter.dns++;
}
HeaderCounter.udp++;
break;
case Protocol.Unknown:
if (Filter.unknown != true)
{
return;
}
HeaderCounter.unknown++;
break;
}
displayCounter();
AddTreeNode addTreeNode = new AddTreeNode(OnAddTreeNode);
rootNode.Text = ipHeader.SourceAddress.ToString() + "-" +
ipHeader.DestinationAddress.ToString();
treeView.Invoke(addTreeNode, new object[] { rootNode });
}
private void treeView1_DoubleClick(object sender, EventArgs e)
{
AddTreeNode addnode = new AddTreeNode(AddNodes);
this.treeView1.BeginInvoke(addnode, false);
}
private void ParseData(byte[] byteData, int nReceived)
{
TreeNode rootNode = new TreeNode();
IPHeader ipHeader = new IPHeader(byteData, nReceived);
TCPHeader tcpHeader = null;
UDPHeader udpHeader = null;
DNSHeader dnsHeader = null;
TreeNode ipNode = MakeIPTreeNode(ipHeader);
rootNode.Nodes.Add(ipNode);
switch (ipHeader.ProtocolType)
{
case Protocol.TCP:
tcpHeader = new TCPHeader(ipHeader.Data, ipHeader.MessageLength);
TreeNode tcpNode = MakeTCPTreeNode(tcpHeader);
rootNode.Nodes.Add(tcpNode);
if (tcpHeader.DestinationPort == "53" || tcpHeader.SourcePort == "53")
{
dnsHeader = new DNSHeader(udpHeader.Data, Convert.ToInt32(udpHeader.Length) - 8);
TreeNode dnsNode = MakeDNSTreeNode(dnsHeader);
rootNode.Nodes.Add(dnsNode);
}
break;
case Protocol.UDP:
udpHeader = new UDPHeader(ipHeader.Data, (int)ipHeader.MessageLength);
TreeNode udpNode = MakeUDPTreeNode(udpHeader);
rootNode.Nodes.Add(udpNode);
if (udpHeader.DestinationPort == "53" || udpHeader.SourcePort == "53")
{
dnsHeader = new DNSHeader(udpHeader.Data, Convert.ToInt32(udpHeader.Length) - 8);
TreeNode dnsNode = MakeDNSTreeNode(dnsHeader);
rootNode.Nodes.Add(dnsNode);
}
break;
case Protocol.Unknown:
break;
}
if (DataBaseInformation.WorkWithDataBase)
{
if (!IPHeader.SaveData(ipHeader, tcpHeader, udpHeader, dnsHeader))
{
this.BeginInvoke(new Action(() => this.SetStopReceiveVariables()));
this.BeginInvoke(new Action(() => MessageBox.Show("Error occurred while saving data to Database!\r\nView error log file for more details.", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error)));
}
}
if (!_pauseCapturing &&
this.WindowState != FormWindowState.Minimized &&
this._filter.FallsIntoFilter(ipHeader, tcpHeader, udpHeader, dnsHeader))
{
AddTreeNode addTreeNode = new AddTreeNode(OnAddTreeNode);
string sourceAddress = ipHeader.SourceAddress.ToString();
string destinationAddress = ipHeader.DestinationAddress.ToString();
string when = DateTime.Now.ToString("dd.MM.yyyy HH:mm:ss.ffff");
rootNode.Text = $"{sourceAddress} - {destinationAddress}";
treeView.Invoke(addTreeNode, new object[] { rootNode });
}
}
private void ParseData(byte[] byteData, int nReceived)
{
IPHeader ipHeader = new IPHeader(byteData, nReceived);
//忽略广播包
if (cbxIgnoreBroadCast.Checked &&
(ipHeader.DestinationAddress.Equals(IPAddress.Broadcast) ||
ipHeader.DestinationAddress.ToString().Equals(_AssumeMaskAddress))
)
{
return;
}
string tcpPortString = string.Empty;
if (cbxTcpOnly.Checked || cbxUdpOnly.Checked)
{
if (cbxTcpOnly.Checked && ipHeader.ProtocolType != IpProtocol.TCP)
{
return;
}
if (cbxUdpOnly.Checked && ipHeader.ProtocolType != IpProtocol.UDP)
{
return;
}
IPAddress destIp = null;
string targetIp = tbxDest.Text.Trim();
if (!string.IsNullOrEmpty(targetIp))
{
int idx = targetIp.IndexOf(':');
if (idx != -1)
{
tcpPortString = targetIp.Substring(idx + 1);
if (tcpPortString.Equals("*"))
{
tcpPortString = string.Empty;
}
targetIp = targetIp.Substring(0, idx);
}
if (!targetIp.Equals("*"))
{
//符合指定ip地址
if (IPAddress.TryParse(targetIp, out destIp) &&
!(ipHeader.DestinationAddress.Equals(destIp) || ipHeader.SourceAddress.Equals(destIp))
)
{
return;
}
}
}
}
TreeNode rootNode = new TreeNode();
//Since all protocol packets are encapsulated in the IP datagram
//so we start by parsing the IP header and see what protocol data
//is being carried by it
TreeNode ipNode = MakeIPTreeNode(ipHeader);
rootNode.Nodes.Add(ipNode);
//Now according to the protocol being carried by the IP datagram we parse
//the data field of the datagram
switch (ipHeader.ProtocolType)
{
case IpProtocol.TCP:
TCPHeader tcpHeader = new TCPHeader(ipHeader.Data, //IPHeader.Data stores the data being
//carried by the IP datagram
ipHeader.MessageLength); //Length of the data field
//符合特定端口
if (tcpPortString != string.Empty &&
!(tcpPortString.Equals(tcpHeader.DestinationPort) || tcpPortString.Equals(tcpHeader.SourcePort))
)
{
return;
}
if (tcpHeader.MessageLength > 0)
{
rootNode.ForeColor = NODE_NOT_EMPTY_COLOR; // System.Drawing.ColorTranslator.FromHtml("#009900");
//rootNode.NodeFont = new System.Drawing.Font("verdana", 9, System.Drawing.FontStyle.Bold);
}
TreeNode tcpNode = MakeTCPTreeNode(tcpHeader);
rootNode.Nodes.Add(tcpNode);
//If the port is equal to 53 then the underlying protocol is DNS
//Note: DNS can use either TCP or UDP thats why the check is done twice
if (tcpHeader.DestinationPort == "53" || tcpHeader.SourcePort == "53")
{
TreeNode dnsNode = MakeDNSTreeNode(tcpHeader.Data, (int)tcpHeader.MessageLength);
rootNode.Nodes.Add(dnsNode);
}
break;
case IpProtocol.UDP:
UDPHeader udpHeader = new UDPHeader(ipHeader.Data, //IPHeader.Data stores the data being
//carried by the IP datagram
(int)ipHeader.MessageLength); //Length of the data field
TreeNode udpNode = MakeUDPTreeNode(udpHeader);
rootNode.Nodes.Add(udpNode);
//If the port is equal to 53 then the underlying protocol is DNS
//Note: DNS can use either TCP or UDP thats why the check is done twice
if (udpHeader.DestinationPort == "53" || udpHeader.SourcePort == "53")
{
TreeNode dnsNode = MakeDNSTreeNode(udpHeader.Data,
//Length of UDP header is always eight bytes so we subtract that out of the total
//length to find the length of the data
Convert.ToInt32(udpHeader.Length) - 8);
rootNode.Nodes.Add(dnsNode);
}
break;
case IpProtocol.Unknown:
break;
}
AddTreeNode addTreeNode = new AddTreeNode(OnAddTreeNode);
rootNode.Text = ipHeader.ProtocolType.ToString() + " of "
+ ipHeader.SourceAddress.ToString() + ":" + ipHeader.SourcePort + " -> "
+ ipHeader.DestinationAddress.ToString() + ":" + ipHeader.DestinationPort;
//Thread safe adding of the nodes
treeView.Invoke(addTreeNode, new object[] { rootNode });
}
private void ParseData(byte[] byteData, int nReceived)
{
TreeNode rootNode = new TreeNode();
TreeNode tcpOrudpNode = new TreeNode();
//Since all protocol packets are encapsulated in the IP datagram
//so we start by parsing the IP header and see what protocol data
//is being carried by it
IPHeader ipHeader = new IPHeader(byteData, nReceived);
//IPAddress IPsrc = NetCode.NetCode.ToIPAddress("10.226.38.232");
IPAddress IPsrc = NetCode.NetCode.ToIPAddress("10.226.41.152");
IPAddress IPsrcMy = NetCode.NetCode.ToIPAddress("10.226.42.35");
IPAddress IPsrcSanjat = NetCode.NetCode.ToIPAddress("10.226.43.104");
IPAddress IPsrcSanjatLaptop = NetCode.NetCode.ToIPAddress("10.226.38.232");
IPAddress IPsrcPriyanka = NetCode.NetCode.ToIPAddress("10.226.41.152");
IPAddress IPsrcList1 = NetCode.NetCode.ToIPAddress("192.168.0.10");
TreeNode ipNode = MakeIPTreeNode(ipHeader);
//string str1 = ipHeader.SourceAddress.ToString();
//if (str1 == IPsrc.ToString())
//{
// MessageBox.Show("Found");
//}
//if (ipHeader.SourceAddress.ToString() == IPsrc.ToString())
rootNode.Nodes.Add(ipNode);
//Now according to the protocol being carried by the IP datagram we parse
//the data field of the datagram
//int intAddress = BitConverter.ToInt32(IPAddress.Parse(address).GetAddressBytes(), 0);
// string ipAddress = new IPAddress(BitConverter.GetBytes(intAddress)).ToString();
PORT_SRC_ADDRESS = 0;
PORT_DEST_ADDRESS = 0;
//if (ipHeader.SourceAddress.ToString() == IPsrc.ToString())
switch (ipHeader.ProtocolType)
{
case Protocol.TCP:
TCPHeader tcpHeader = new TCPHeader(ipHeader.Data, //IPHeader.Data stores the data being
//carried by the IP datagram
ipHeader.MessageLength); //Length of the data field
TreeNode tcpNode = MakeTCPTreeNode(tcpHeader);
rootNode.Nodes.Add(tcpNode);
tcpOrudpNode = (TreeNode)tcpNode.Clone();
Array.Resize(ref (PACKET_DATA), tcpHeader.MessageLength);
PACKET_DATA = tcpHeader.Data;
PORT_SRC_ADDRESS = Convert.ToInt64(tcpHeader.DestinationPort);
PORT_DEST_ADDRESS = Convert.ToInt64(tcpHeader.SourcePort);
//If the port is equal to 53 then the underlying protocol is DNS
//Note: DNS can use either TCP or UDP thats why the check is done twice
if (tcpHeader.DestinationPort == "53" || tcpHeader.SourcePort == "53")
{
TreeNode dnsNode = MakeDNSTreeNode(tcpHeader.Data, (int)tcpHeader.MessageLength);
rootNode.Nodes.Add(dnsNode);
// tcpOrudpNode = (TreeNode)dnsNode.Clone();
}
break;
case Protocol.UDP:
UDPHeader udpHeader = new UDPHeader(ipHeader.Data, //IPHeader.Data stores the data being
//carried by the IP datagram
(int)ipHeader.MessageLength); //Length of the data field
TreeNode udpNode = MakeUDPTreeNode(udpHeader);
tcpOrudpNode = (TreeNode)udpNode.Clone();;
Array.Resize(ref (PACKET_DATA), udpHeader.Data.Length);
PACKET_DATA = udpHeader.Data;
rootNode.Nodes.Add(udpNode);
PORT_SRC_ADDRESS = Convert.ToInt64(udpHeader.DestinationPort);
PORT_DEST_ADDRESS = Convert.ToInt64(udpHeader.SourcePort);
//If the port is equal to 53 then the underlying protocol is DNS
//Note: DNS can use either TCP or UDP thats why the check is done twice
if (udpHeader.DestinationPort == "53" || udpHeader.SourcePort == "53")
{
TreeNode dnsNode = MakeDNSTreeNode(udpHeader.Data,
//Length of UDP header is always eight bytes so we subtract that out of the total
//length to find the length of the data
Convert.ToInt32(udpHeader.Length) - 8);
rootNode.Nodes.Add(dnsNode);
// tcpOrudpNode = (TreeNode)dnsNode.Clone();
}
break;
case Protocol.Unknown:
rootNode.Nodes.Add(ipHeader.ProtocolType.ToString());
break;
}
AddTreeNode addTreeNode = new AddTreeNode(OnAddTreeNode);
rootNode.Text = ipHeader.SourceAddress.ToString() + "-" +
ipHeader.DestinationAddress.ToString();
//Thread safe adding of the nodes
treeView.Invoke(addTreeNode, new object[] { rootNode });
// Resolve various host names
string _srcstr = ipHeader.SourceAddress.ToString();
//if (!SOURCEIP.Contains(_srcstr))// || !SOURCEIP.Contains("->"))
try
{
SOURCEIP.Add(_srcstr, "?");
}
catch (Exception ex)
{ }
//SOURCEIP.Sort();
if (!backgroundWorker1.IsBusy)
{
//listBox1.Refresh();
SOURCEIP_COPY = SOURCEIP;
//textBox6.Text = SOURCEIP_COPY.Count.ToString();
backgroundWorker1.RunWorkerAsync();
}
// Filter by sorting individual condition
string _str = ipHeader.SourceAddress.ToString() + ":" + ipHeader.DestinationAddress.ToString();
bool _PortFound = false;
bool _ProtocolFound = false;
bool _IPFound = false;
if (checkBox_Port.Checked == true && textBox_PORT.Text != null)
{
if (PORT_DEST_ADDRESS == Convert.ToInt32(textBox_PORT.Text) || PORT_SRC_ADDRESS == Convert.ToInt32(textBox_PORT.Text))
{
FILTERED_PORT.Add(_str); _PortFound = true;
}
}
if (checkBox_Protocol.Checked == true)
{
int _Protocol = -1;
if ((CMB_box == "TCP") && (ipHeader.ProtocolType == Protocol.TCP))
{
_Protocol = Convert.ToInt16(Protocol.TCP); PROTOCOL = "TCP";
}
else if ((CMB_box == "UDP") && (ipHeader.ProtocolType == Protocol.UDP))
{
_Protocol = Convert.ToInt16(Protocol.UDP); PROTOCOL = "UDP";
}
else
{
PROTOCOL = "UNKNOWN";
}
if (Convert.ToInt16(ipHeader.ProtocolType) == _Protocol)
{
FILTERED_PROTOCOL.Add(_str); _ProtocolFound = true;
}
}
else
{
PROTOCOL = "TCP/UDP";
}
if (checkBox_IP.Checked == true && textBox_IP.Text != null)
{
//if (ipHeader.SourceAddress.ToString() == textBox_IP.Text || ipHeader.DestinationAddress.ToString() == textBox_IP.Text)
if (_str.Contains(textBox_IP.Text) && _str.Contains(textBox_IPE.Text))
{
FILTERED_IP.Add(_str); _IPFound = true;
}
}
/////////////////////////////////////// filter common part as per filter condition
bool UPDATE_FLG = false;
PARSE_PROCESS_STAT = true;
if (checkBox_Port.Checked == false && checkBox_Protocol.Checked == false && checkBox_IP.Checked == false)
{
FILTERED.Add(_str); UPDATE_FLG = true;
}
else if (checkBox_Port.Checked == true && checkBox_Protocol.Checked == false && checkBox_IP.Checked == false)
{
if (_PortFound == true)
{
FILTERED.Add(_str); UPDATE_FLG = true;
}
}
else if (checkBox_Port.Checked == false && checkBox_Protocol.Checked == true && checkBox_IP.Checked == false)
{
if (_ProtocolFound == true)
{
FILTERED.Add(_str); UPDATE_FLG = true;
}
}
else if (checkBox_Port.Checked == false && checkBox_Protocol.Checked == false && checkBox_IP.Checked == true)
{
if (_IPFound == true)
{
FILTERED.Add(_str); UPDATE_FLG = true;
}
}
else if (checkBox_Port.Checked == true && checkBox_Protocol.Checked == true && checkBox_IP.Checked == false)
{
if (_PortFound == true && _ProtocolFound == true && _IPFound == false)
{
FILTERED.Add(_str); UPDATE_FLG = true;
}
}
else if (checkBox_Port.Checked == true && checkBox_Protocol.Checked == false && checkBox_IP.Checked == true)
{
if (_PortFound == true && _ProtocolFound == true && _IPFound == true)
{
FILTERED.Add(_str); UPDATE_FLG = true;
}
}
else if (checkBox_Port.Checked == false && checkBox_Protocol.Checked == true && checkBox_IP.Checked == true)
{
//foreach (string element in FILTERED_IP)
if (_PortFound == false && _ProtocolFound == true && _IPFound == true)
{
FILTERED.Add(_str); UPDATE_FLG = true;
}
}
else if (checkBox_Port.Checked == true && checkBox_Protocol.Checked == true && checkBox_IP.Checked == true)
{
//foreach (string element in FILTERED_PORT)
if (_PortFound == true && _ProtocolFound == true && _IPFound == true)
{
FILTERED.Add(_str); UPDATE_FLG = true;
}
}
//Remove the entry which contains my own IP
if (checkBox_MyIP.Checked == true && FILTERED.Count > 0)
{
if (FILTERED[FILTERED.Count - 1].ToString().Contains(InterfaceIP))
{
FILTERED.RemoveAt(FILTERED.Count - 1); UPDATE_FLG = false;
}
}
if (UPDATE_FLG == true && FILTERED.Count > 0)
{
UPDATE_FLG = false;
FILTERED[FILTERED.Count - 1] = _str;// +" [" + PORT_SRC_ADDRESS + ":" + PORT_DEST_ADDRESS + "]";
//FILTERED.Sort();
if (checkBox_rmvDuplicates.Checked == true)
{
FILTERED = RemoveDuplicates(FILTERED);
}
TreeNode _FilteredRootNode = new TreeNode();
IPHeader _ipHeader = new IPHeader(byteData, nReceived);
TreeNode _ipNode = MakeIPTreeNode(_ipHeader);
_FilteredRootNode.Nodes.Add(_ipNode);
_FilteredRootNode.Nodes.Add(tcpOrudpNode);
AddTreeNode _addTreeNode = new AddTreeNode(_OnAddTreeNode);
string _DATA = ByteArrayToString(PACKET_DATA);
_FilteredRootNode.Text = _ipHeader.SourceAddress.ToString() + "->" + _ipHeader.DestinationAddress.ToString() + "[" + _DATA + "]";
string _SourceInfo = _ipHeader.SourceAddress.ToString() + "[" + PORT_SRC_ADDRESS + "]";
string _DestInfo = _ipHeader.DestinationAddress.ToString() + "[" + PORT_DEST_ADDRESS + "]";
string _strdummy = "";
//Thread safe adding of the nodes
treeView1.Invoke(_addTreeNode, new object[] { _FilteredRootNode });
if (checkBoxSave.Checked)
{
if (textBoxClient.Text != null && textBoxServer.Text != null)
{
if (_SourceInfo.Contains(textBoxServer.Text) && _DestInfo.Contains(textBoxClient.Text))
{
PCK_CTR1++;
_strdummy = "Client<-Server,";
if (checkBoxHeader.Checked)
{
_strdummy = _strdummy + PROTOCOL + "," + _DestInfo + "<-" + _SourceInfo + ",";
}
_strdummy = _strdummy + _DATA;
Log("log.txt", _strdummy);
}
else if (textBoxClient.Text == textBoxServer.Text)
{
if (_SourceInfo.Contains(textBoxClient.Text) || _DestInfo.Contains(textBoxServer.Text))
{
PCK_CTR2++;
_strdummy = "**Client->Server,";
if (checkBoxHeader.Checked)
{
_strdummy = _strdummy + PROTOCOL + "," + _SourceInfo + "->" + _DestInfo + ",";
}
_strdummy = _strdummy + _DATA;
Log("log.txt", _strdummy);
}
else if (_SourceInfo.Contains(textBoxClient.Text) && _DestInfo.Contains(textBoxServer.Text))
{
PCK_CTR2++;
_strdummy = "Client->Server,";
if (checkBoxHeader.Checked)
{
_strdummy = _strdummy + PROTOCOL + "," + _SourceInfo + "->" + _DestInfo + ",";
}
_strdummy = _strdummy + _DATA;
Log("log.txt", _strdummy);
}
}
}
}
}
PARSE_PROCESS_STAT = false;
}
/// <summary>
/// Refreshes the TreeView control with new set of processes.
/// </summary>
/// <param name="list"></param>
void RefresData(List <Process> list)
{
AddTreeNode addTreeNode = new AddTreeNode(OnAddTreeNode);
foreach (Process item in list)
{
TreeNode ipNode = new TreeNode();
ipNode.Text = item.ProcessName;
// Gets the base priority of the associated process
ipNode.Nodes.Add("BasePriority: " + item.BasePriority);
// Gets the native handle of the associated process.
ipNode.Nodes.Add("Handle: " + item.Handle);
// Gets the number of handles opened by the process.
ipNode.Nodes.Add("HandleCount: " + item.HandleCount);
// Gets the unique identifier for the associated process.
ipNode.Nodes.Add("Id: " + item.Id);
// Gets the window handle of the main window of the associated process.
ipNode.Nodes.Add("MainWindowHandle: " + item.MainWindowHandle);
// Gets the caption of the main window of the process.
ipNode.Nodes.Add("MainWindowTitle: " + item.MainWindowTitle);
// Gets or sets the maximum allowable working set size for
// the associated process.
ipNode.Nodes.Add("MaxWorkingSet: " + item.MaxWorkingSet);
// Gets or sets the minimum allowable working set size for
// the associated process.
ipNode.Nodes.Add("MinWorkingSet: " + item.MinWorkingSet);
// Gets the nonpaged system memory size allocated to this process.
ipNode.Nodes.Add("NonpagedSystemMemorySize64: " +
item.NonpagedSystemMemorySize64);
// Gets the amount of paged memory allocated for the associated process.
ipNode.Nodes.Add("PagedMemorySize64: " + item.PagedMemorySize64);
// Gets the amount of pageable system memory allocated for the
// associated process.
ipNode.Nodes.Add("PagedSystemMemorySize64: " +
item.PagedSystemMemorySize64);
// Gets the maximum amount of memory in the virtual memory paging
// file used by the associated process.
ipNode.Nodes.Add("PeakPagedMemorySize64: " + item.PeakPagedMemorySize64);
// Gets the maximum amount of physical memory used by the
// associated process.
ipNode.Nodes.Add("PeakWorkingSet64: " + item.PeakWorkingSet64);
// Gets the maximum amount of virtual memory used by
// the associated process.
ipNode.Nodes.Add("PeakVirtualMemorySize64: " +
item.PeakVirtualMemorySize64);
// Gets or sets a value indicating whether the associated process
// priority should temporarily be boosted by the operating system
// when the main window has the focus.
ipNode.Nodes.Add("PriorityBoostEnabled: " + item.PriorityBoostEnabled);
// Gets or sets the overall priority category for the associated process.
ipNode.Nodes.Add("PriorityClass: " + item.PriorityClass);
// Gets the amount of private memory allocated for
// the associated process.
ipNode.Nodes.Add("PrivateMemorySize64: " + item.PrivateMemorySize64);
// Gets the privileged processor time for this process.
ipNode.Nodes.Add("PrivilegedProcessorTime: " +
item.PrivilegedProcessorTime);
// Gets the name of the process.
ipNode.Nodes.Add("ProcessName: " + item.ProcessName);
// Gets or sets the processors on which the threads in this process
// can be scheduled to run.
ipNode.Nodes.Add("ProcessorAffinity: " + item.ProcessorAffinity);
// Gets a value indicating whether the user interface of the
// process is responding.
ipNode.Nodes.Add("Responding: " + item.Responding);
// Gets the Terminal Services session identifier for
// the associated process.
ipNode.Nodes.Add("SessionId: " + item.SessionId);
// Gets the time that the associated process was started.
ipNode.Nodes.Add("StartTime: " + item.StartTime);
// Gets the total processor time for this process.
ipNode.Nodes.Add("TotalProcessorTime: " + item.TotalProcessorTime);
// Gets the user processor time for this process.
ipNode.Nodes.Add("UserProcessorTime: " + item.UserProcessorTime);
// Gets the amount of the virtual memory allocated for
// the associated process.
ipNode.Nodes.Add("VirtualMemorySize64: " + item.VirtualMemorySize64);
// Gets the amount of physical memory allocated for
// the associated process.
ipNode.Nodes.Add("WorkingSet64: " + item.WorkingSet64);
// Executes the specified delegate, on the thread that owns the control's
// underlying window handle, with the specified list of arguments.
tvwShowLockingProcess.Invoke(addTreeNode, new object[] { ipNode });
}
}
public void ParseData(byte[] byteData, int nReceived)
{
TreeNode rootNode = new TreeNode();
AdFunctions adfunc_call = new AdFunctions();
//Since all protocol packets are encapsulated in the IP datagram
//so we start by parsing the IP header and see what protocol data
//is being carried by it
IPHeader ipHeader = new IPHeader(byteData, nReceived);
TreeNode ipNode = MakeIPTreeNode(ipHeader);
rootNode.Nodes.Add(ipNode);
//Now according to the protocol being carried by the IP datagram we parse
//the data field of the datagram
switch (ipHeader.ProtocolType)
{
case Protocol.TCP:
TCPHeader tcpHeader = new TCPHeader(ipHeader.Data, //IPHeader.Data stores the data being
//carried by the IP datagram
ipHeader.MessageLength); //Length of the data field
TreeNode tcpNode = MakeTCPTreeNode(tcpHeader);
rootNode.Nodes.Add(tcpNode);
//If the port is equal to 53 then the underlying protocol is DNS
//Note: DNS can use either TCP or UDP thats why the check is done twice
if (tcpHeader.DestinationPort == "53" || tcpHeader.SourcePort == "53")
{
TreeNode dnsNode = MakeDNSTreeNode(tcpHeader.Data, (int)tcpHeader.MessageLength);
rootNode.Nodes.Add(dnsNode);
}
break;
case Protocol.UDP:
UDPHeader udpHeader = new UDPHeader(ipHeader.Data, //IPHeader.Data stores the data being
//carried by the IP datagram
(int)ipHeader.MessageLength); //Length of the data field
//Вывов функции по определению подозрительных UDP пакетов
adfunc_call.susp_node(Convert.ToInt32(udpHeader.Length), rootNode);
TreeNode udpNode = MakeUDPTreeNode(udpHeader);
rootNode.Nodes.Add(udpNode);
//If the port is equal to 53 then the underlying protocol is DNS
//Note: DNS can use either TCP or UDP thats why the check is done twice
if (udpHeader.DestinationPort == "53" || udpHeader.SourcePort == "53")
{
TreeNode dnsNode = MakeDNSTreeNode(udpHeader.Data,
//Length of UDP header is always eight bytes so we subtract that out of the total
//length to find the length of the data
Convert.ToInt32(udpHeader.Length) - 8);
rootNode.Nodes.Add(dnsNode);
}
break;
case Protocol.Unknown:
MessageBox.Show("Unknown protocol receaved. Maybe someone is trying to get access to your computer.");
break;
}
AddTreeNode addTreeNode = new AddTreeNode(OnAddTreeNode);
rootNode.Text = "From " + ipHeader.SourceAddress.ToString() + " to " + ipHeader.DestinationAddress.ToString();
//Adfunc call
pack_count += 1;
adfunc_call.Ip_List(ipHeader.SourceAddress.ToString(), ipHeader.DestinationAddress.ToString());
//Thread safe adding of the nodes
treeView.Invoke(addTreeNode, new object[] { rootNode });
}
