public void Parse(string pcapFileName)
{
using (PcapFileReader pcapReader = new PcapFileReader(pcapFileName)) {
ThreadStart threadStart = new ThreadStart(pcapReader.ThreadStart);
Thread pcapReaderThread = new Thread(threadStart);
//string exePath = System.IO.Path.GetFullPath(System.Windows.Forms.Application.ExecutablePath);
//string executablePath = System.IO.Path.GetFullPath(System.Diagnostics.Process.GetCurrentProcess().MainModule.FileName);
string executablePath = System.IO.Path.GetFullPath(System.Reflection.Assembly.GetEntryAssembly().Location);
PacketParser.PacketHandler packetHandler = new PacketHandler(executablePath, System.Environment.CurrentDirectory, null, true, new Func <DateTime, string>((DateTime dateTime) => { return(dateTime.ToUniversalTime().ToString("u")); }), false);
packetHandler.StartBackgroundThreads();
int readFrames = 0;
foreach (PcapFrame packet in pcapReader.PacketEnumerator())
{
/*
* while (readFrames % (100) == 0 && packetHandler.FramesInQueue > 1000) {
* System.Threading.Thread.Sleep(100);
* }
*/
PacketParser.Frame frame = packetHandler.GetFrame(packet.Timestamp, packet.Data, packet.DataLinkType);
packetHandler.AddFrameToFrameParsingQueue(frame);
readFrames++;
}
}
}
public void Parse(string pcapFileName)
{
using (PcapFileHandler.PcapFileReader pcapReader = new PcapFileHandler.PcapFileReader(pcapFileName)) {
ThreadStart threadStart = new ThreadStart(pcapReader.ThreadStart);
Thread pcapReaderThread = new Thread(threadStart);
//string exePath = System.IO.Path.GetFullPath(System.Windows.Forms.Application.ExecutablePath);
string executablePath = System.IO.Path.GetFullPath(System.Diagnostics.Process.GetCurrentProcess().MainModule.FileName);
PacketParser.PacketHandler packetHandler = new PacketHandler(executablePath, System.Environment.CurrentDirectory);
packetHandler.StartBackgroundThreads();
int readFrames = 0;
foreach (PcapFileHandler.PcapFrame packet in pcapReader.PacketEnumerator())
{
while (readFrames % (100) == 0 && packetHandler.FramesInQueue > 1000)
{
System.Threading.Thread.Sleep(100);
}
PacketParser.Frame frame = packetHandler.GetFrame(packet.Timestamp, packet.Data, packet.DataLinkType);
packetHandler.AddFrameToFrameParsingQueue(frame);
readFrames++;
}
}
}
void pcapOverIpReceiver_DoWork(object sender, DoWorkEventArgs e)
{
this.receivedFrames = 0;
DateTime lastGuiUpdateTime = DateTime.Now;
TimeSpan updateRate = new TimeSpan(2000000);
DateTime firstFrameTimestamp = DateTime.MinValue;
DateTime lastFrameTimestamp = DateTime.MinValue;
string filename = Tools.GenerateCaptureFileName(DateTime.Now);
string fileFullPath = this.packetHandler.OutputDirectory + "Captures" + System.IO.Path.DirectorySeparatorChar + filename;
//string fileFullPath = System.IO.Path.GetDirectoryName(System.IO.Path.GetFullPath(System.Windows.Forms.Application.ExecutablePath)) + System.IO.Path.DirectorySeparatorChar + "Captures" + System.IO.Path.DirectorySeparatorChar + filename;
PcapFileWriter pcapFileWriter = new PcapFileWriter(fileFullPath, this.pcapStreamReader.FileDataLinkType[0]);
//this.caseFileLoadedCallback(
this.addCaseFileCallback(fileFullPath, filename);
using (pcapFileWriter) {
//foreach (PcapFileHandler.PcapPacket pcapPacket in this.pcapStreamReader.PacketEnumerator(delegate() { Application.DoEvents(); }, null)) {
foreach (PcapFrame pcapPacket in this.pcapStreamReader.PacketEnumerator())
{
this.receivedFrames++;
if (this.pcapTcpStream.SocketState == PcapTcpStream.TcpSocketState.Connected)
{
this.pcapTcpStream.SocketState = PcapTcpStream.TcpSocketState.Receiving;
}
pcapFileWriter.WriteFrame(pcapPacket);
if (firstFrameTimestamp == DateTime.MinValue)
{
firstFrameTimestamp = pcapPacket.Timestamp;
}
lastFrameTimestamp = pcapPacket.Timestamp;
int millisecondsToSleep = 1;
while (this.packetHandler.FramesInQueue > 100) //This can become a for-ever loop if packetHandler chokes and hangs might might be a good idea to do a this.pcapStreamReader.AbortFileRead() and throw an exception?
{
System.Threading.Thread.Sleep(millisecondsToSleep);
if (millisecondsToSleep < 200)
{
millisecondsToSleep *= 2;
}
//Application.DoEvents();//REMOVED 2014-06-24
}
PacketParser.Frame frame = packetHandler.GetFrame(pcapPacket.Timestamp, pcapPacket.Data, pcapPacket.DataLinkType);
packetHandler.AddFrameToFrameParsingQueue(frame);
if (DateTime.Now > lastGuiUpdateTime.Add(updateRate))
{
//we need to update the GUI
this.UpdateGui();
lastGuiUpdateTime = DateTime.Now;
}
if (this.pcapOverIpReceiver.CancellationPending)
{
break;
}
}
}
this.UpdateGui();
this.caseFileLoadedCallback(fileFullPath, this.receivedFrames, firstFrameTimestamp, lastFrameTimestamp);
}
//Server Certificate: http://tools.ietf.org/html/rfc2246 7.4.2
private void ParseExtensions(PacketParser.Frame parentFrame, int extensionsStartIndex, ushort extensionsLength)
{
int extensionIndex = extensionsStartIndex;
while (extensionIndex < this.PacketEndIndex && extensionIndex < extensionsStartIndex + extensionsLength)
{
ushort extensionType = Utils.ByteConverter.ToUInt16(parentFrame.Data, extensionIndex);
this.ExtensionTypes.Add(extensionType);
ushort extensionLength = Utils.ByteConverter.ToUInt16(parentFrame.Data, extensionIndex + 2);
if (extensionLength > 0)
{
if (extensionType == 0) //Server Name Indication rfc6066
{
ushort serverNameListLength = Utils.ByteConverter.ToUInt16(parentFrame.Data, extensionIndex + 4);
int offset = 6;
while (offset < serverNameListLength)
{
byte serverNameType = parentFrame.Data[extensionIndex + offset];
ushort serverNameLength = Utils.ByteConverter.ToUInt16(parentFrame.Data, extensionIndex + offset + 1);
if (serverNameLength == 0)
{
break;
}
else
{
if (serverNameType == 0) //host_name(0)
{
this.ServerHostName = Utils.ByteConverter.ReadString(parentFrame.Data, extensionIndex + offset + 3, serverNameLength);
}
offset += serverNameLength;
}
}
}
else if (extensionType == 10) //Eliptic Curve Groups (for JA3)
{
ushort length = Utils.ByteConverter.ToUInt16(parentFrame.Data, extensionIndex + 4);
int offset = 6;
for (int i = 0; i < length; i += 2)
{
this.SupportedEllipticCurveGroups.Add(Utils.ByteConverter.ToUInt16(parentFrame.Data, extensionIndex + offset + i));
}
}
else if (extensionType == 11) //Eliptic Curve Point Formats (for JA3)
{
byte length = parentFrame.Data[extensionIndex + 4];
int offset = 5;
for (int i = 0; i < length; i += 2)
{
this.SupportedEllipticCurvePointFormats.Add(parentFrame.Data[extensionIndex + offset + i]);
}
}
else if (extensionType == 16) //ALPN
{
int index = extensionIndex + 6;
while (index < extensionIndex + extensionLength + 4)
{
this.ApplicationLayerProtocolNegotiationStrings.Add(Utils.ByteConverter.ReadLengthValueString(parentFrame.Data, ref index, 1));
}
}
else if (extensionType == 43) //Supported versions
{
for (int offset = 5; offset < extensionLength + 4; offset += 2)
{
this.supportedSslVersions.Add(new Tuple <byte, byte>(parentFrame.Data[extensionIndex + offset], parentFrame.Data[extensionIndex + offset + 1]));
}
}
}
extensionIndex += 4 + extensionLength;
}
}
