public void Parse(string pcapFileName)
        {
            using (PcapFileReader pcapReader = new PcapFileReader(pcapFileName)) {
                ThreadStart threadStart      = new ThreadStart(pcapReader.ThreadStart);
                Thread      pcapReaderThread = new Thread(threadStart);
                //string exePath = System.IO.Path.GetFullPath(System.Windows.Forms.Application.ExecutablePath);
                //string executablePath = System.IO.Path.GetFullPath(System.Diagnostics.Process.GetCurrentProcess().MainModule.FileName);
                string executablePath = System.IO.Path.GetFullPath(System.Reflection.Assembly.GetEntryAssembly().Location);
                PacketParser.PacketHandler packetHandler = new PacketHandler(executablePath, System.Environment.CurrentDirectory, null, true, new Func <DateTime, string>((DateTime dateTime) => { return(dateTime.ToUniversalTime().ToString("u")); }), false);
                packetHandler.StartBackgroundThreads();

                int readFrames = 0;
                foreach (PcapFrame packet in pcapReader.PacketEnumerator())
                {
                    /*
                     * while (readFrames % (100) == 0 && packetHandler.FramesInQueue > 1000) {
                     *  System.Threading.Thread.Sleep(100);
                     * }
                     */

                    PacketParser.Frame frame = packetHandler.GetFrame(packet.Timestamp, packet.Data, packet.DataLinkType);
                    packetHandler.AddFrameToFrameParsingQueue(frame);
                    readFrames++;
                }
            }
        }
Exemplo n.º 2
0
        public void Parse(string pcapFileName)
        {
            using (PcapFileHandler.PcapFileReader pcapReader = new PcapFileHandler.PcapFileReader(pcapFileName)) {
                ThreadStart threadStart      = new ThreadStart(pcapReader.ThreadStart);
                Thread      pcapReaderThread = new Thread(threadStart);
                //string exePath = System.IO.Path.GetFullPath(System.Windows.Forms.Application.ExecutablePath);
                string executablePath = System.IO.Path.GetFullPath(System.Diagnostics.Process.GetCurrentProcess().MainModule.FileName);
                PacketParser.PacketHandler packetHandler = new PacketHandler(executablePath, System.Environment.CurrentDirectory);
                packetHandler.StartBackgroundThreads();

                int readFrames = 0;
                foreach (PcapFileHandler.PcapFrame packet in pcapReader.PacketEnumerator())
                {
                    while (readFrames % (100) == 0 && packetHandler.FramesInQueue > 1000)
                    {
                        System.Threading.Thread.Sleep(100);
                    }

                    PacketParser.Frame frame = packetHandler.GetFrame(packet.Timestamp, packet.Data, packet.DataLinkType);
                    packetHandler.AddFrameToFrameParsingQueue(frame);
                    readFrames++;
                }
            }
        }
        void pcapOverIpReceiver_DoWork(object sender, DoWorkEventArgs e)
        {
            this.receivedFrames = 0;
            DateTime lastGuiUpdateTime = DateTime.Now;
            TimeSpan updateRate        = new TimeSpan(2000000);

            DateTime firstFrameTimestamp = DateTime.MinValue;
            DateTime lastFrameTimestamp  = DateTime.MinValue;

            string filename     = Tools.GenerateCaptureFileName(DateTime.Now);
            string fileFullPath = this.packetHandler.OutputDirectory + "Captures" + System.IO.Path.DirectorySeparatorChar + filename;
            //string fileFullPath = System.IO.Path.GetDirectoryName(System.IO.Path.GetFullPath(System.Windows.Forms.Application.ExecutablePath)) + System.IO.Path.DirectorySeparatorChar + "Captures" + System.IO.Path.DirectorySeparatorChar + filename;

            PcapFileWriter pcapFileWriter = new PcapFileWriter(fileFullPath, this.pcapStreamReader.FileDataLinkType[0]);

            //this.caseFileLoadedCallback(
            this.addCaseFileCallback(fileFullPath, filename);

            using (pcapFileWriter) {
                //foreach (PcapFileHandler.PcapPacket pcapPacket in this.pcapStreamReader.PacketEnumerator(delegate() { Application.DoEvents(); }, null)) {
                foreach (PcapFrame pcapPacket in this.pcapStreamReader.PacketEnumerator())
                {
                    this.receivedFrames++;
                    if (this.pcapTcpStream.SocketState == PcapTcpStream.TcpSocketState.Connected)
                    {
                        this.pcapTcpStream.SocketState = PcapTcpStream.TcpSocketState.Receiving;
                    }
                    pcapFileWriter.WriteFrame(pcapPacket);
                    if (firstFrameTimestamp == DateTime.MinValue)
                    {
                        firstFrameTimestamp = pcapPacket.Timestamp;
                    }
                    lastFrameTimestamp = pcapPacket.Timestamp;

                    int millisecondsToSleep = 1;
                    while (this.packetHandler.FramesInQueue > 100)   //This can become a for-ever loop if packetHandler chokes and hangs might might be a good idea to do a this.pcapStreamReader.AbortFileRead() and throw an exception?
                    {
                        System.Threading.Thread.Sleep(millisecondsToSleep);
                        if (millisecondsToSleep < 200)
                        {
                            millisecondsToSleep *= 2;
                        }
                        //Application.DoEvents();//REMOVED 2014-06-24
                    }
                    PacketParser.Frame frame = packetHandler.GetFrame(pcapPacket.Timestamp, pcapPacket.Data, pcapPacket.DataLinkType);
                    packetHandler.AddFrameToFrameParsingQueue(frame);

                    if (DateTime.Now > lastGuiUpdateTime.Add(updateRate))
                    {
                        //we need to update the GUI


                        this.UpdateGui();
                        lastGuiUpdateTime = DateTime.Now;
                    }
                    if (this.pcapOverIpReceiver.CancellationPending)
                    {
                        break;
                    }
                }
            }
            this.UpdateGui();
            this.caseFileLoadedCallback(fileFullPath, this.receivedFrames, firstFrameTimestamp, lastFrameTimestamp);
        }
Exemplo n.º 4
0
            //Server Certificate: http://tools.ietf.org/html/rfc2246 7.4.2

            private void ParseExtensions(PacketParser.Frame parentFrame, int extensionsStartIndex, ushort extensionsLength)
            {
                int extensionIndex = extensionsStartIndex;

                while (extensionIndex < this.PacketEndIndex && extensionIndex < extensionsStartIndex + extensionsLength)
                {
                    ushort extensionType = Utils.ByteConverter.ToUInt16(parentFrame.Data, extensionIndex);
                    this.ExtensionTypes.Add(extensionType);
                    ushort extensionLength = Utils.ByteConverter.ToUInt16(parentFrame.Data, extensionIndex + 2);
                    if (extensionLength > 0)
                    {
                        if (extensionType == 0)  //Server Name Indication rfc6066
                        {
                            ushort serverNameListLength = Utils.ByteConverter.ToUInt16(parentFrame.Data, extensionIndex + 4);
                            int    offset = 6;
                            while (offset < serverNameListLength)
                            {
                                byte   serverNameType   = parentFrame.Data[extensionIndex + offset];
                                ushort serverNameLength = Utils.ByteConverter.ToUInt16(parentFrame.Data, extensionIndex + offset + 1);
                                if (serverNameLength == 0)
                                {
                                    break;
                                }
                                else
                                {
                                    if (serverNameType == 0)  //host_name(0)
                                    {
                                        this.ServerHostName = Utils.ByteConverter.ReadString(parentFrame.Data, extensionIndex + offset + 3, serverNameLength);
                                    }
                                    offset += serverNameLength;
                                }
                            }
                        }
                        else if (extensionType == 10)  //Eliptic Curve Groups (for JA3)
                        {
                            ushort length = Utils.ByteConverter.ToUInt16(parentFrame.Data, extensionIndex + 4);
                            int    offset = 6;
                            for (int i = 0; i < length; i += 2)
                            {
                                this.SupportedEllipticCurveGroups.Add(Utils.ByteConverter.ToUInt16(parentFrame.Data, extensionIndex + offset + i));
                            }
                        }
                        else if (extensionType == 11)  //Eliptic Curve Point Formats (for JA3)
                        {
                            byte length = parentFrame.Data[extensionIndex + 4];
                            int  offset = 5;
                            for (int i = 0; i < length; i += 2)
                            {
                                this.SupportedEllipticCurvePointFormats.Add(parentFrame.Data[extensionIndex + offset + i]);
                            }
                        }
                        else if (extensionType == 16)  //ALPN
                        {
                            int index = extensionIndex + 6;
                            while (index < extensionIndex + extensionLength + 4)
                            {
                                this.ApplicationLayerProtocolNegotiationStrings.Add(Utils.ByteConverter.ReadLengthValueString(parentFrame.Data, ref index, 1));
                            }
                        }
                        else if (extensionType == 43)  //Supported versions
                        {
                            for (int offset = 5; offset < extensionLength + 4; offset += 2)
                            {
                                this.supportedSslVersions.Add(new Tuple <byte, byte>(parentFrame.Data[extensionIndex + offset], parentFrame.Data[extensionIndex + offset + 1]));
                            }
                        }
                    }
                    extensionIndex += 4 + extensionLength;
                }
            }