static void Main(string[] args)
{
AppDomain.CurrentDomain.UnhandledException += new UnhandledExceptionEventHandler(ExceptionTrapper.UnhandledExceptionTrapper);
if (args.Length < 2)
{
PrintUsage();
return;
}
var etlFilePath = args[0];
var pcapFilePath = args[1];
ResultSummary = new ResultSummary();
var stopwatch = new Stopwatch();
stopwatch.Start();
var packets = LoadNdisRecords(etlFilePath);
PcapFile.WritePcapFile(pcapFilePath, packets);
stopwatch.Stop();
ResultSummary.Elapsed = stopwatch.Elapsed;
PrintResultSummary();
}
public void read()
{
var pcapFile = new PcapFile(AppContext.BaseDirectory + "PcapTests/PcapFileTests/test.pcap");
pcapFile.Header.IsLittleEndian.Should().Be(true);
pcapFile.Header.MagicNumber.Should().Be(0xA1B2C3D4);
pcapFile.Header.VersionMajor.Should().Be(2);
pcapFile.Header.VersionMinor.Should().Be(4);
pcapFile.Header.PacketMaxLength.Should().Be(65535);
pcapFile.Header.Type.Should().Be(DataLinkType.Ethernet);
Packet packet = null;
var i = 0;
do
{
packet = pcapFile.ReadNextPacket();
if (packet != null)
{
packet.FileHeader.IsLittleEndian.Should().Be(true);
packet.Header.IsLittleEndian.Should().Be(true);
var ethernetFrame = new EthernetFrame
{
Bytes = packet.Data
};
ethernetFrame.IsLittleEndian.Should().Be(false);
ethernetFrame.Length.Should().BeGreaterThan(0);
i++;
}
}while (packet != null);
i.Should().Be(27);
}
/// <summary>
///
/// </summary>
/// <param name="this"></param>
/// <param name="fileName"></param>
/// <param name="action"></param>
/// <returns></returns>
public static void PcapFileForEach(this Object @this, String fileName, Action <Byte[]> action)
{
var type = @this.GetType();
var resourceFileName = type.Namespace + "." + fileName;
var stream = type.Assembly.GetManifestResourceStream(resourceFileName);
var pcapFile = new PcapFile(stream);
Packet packet;
do
{
packet = pcapFile.ReadNextPacket();
if (packet != null)
{
action(packet.Data);
}
}while (packet != null);
}
private void LoadFile(string filePath)
{
var insertResult = this.pcapFileRepository.Create(filePath);
if (insertResult.AlreadyExists)
{
Console.WriteLine($"File already processed: {filePath}{Environment.NewLine}");
return;
}
var file = new PcapFile
{
Id = insertResult.Id,
FilePath = filePath
};
Console.WriteLine($"Loading file: {filePath}");
this.packetSummaryService.LoadPcapFile(file);
}
public void LoadPcapFile(PcapFile file)
{
var stopwatch = Stopwatch.StartNew();
int packetCount = 0;
var errors = new List <Exception>();
var packetSummaries = new List <PacketSummary>();
PcapParser.Parse(file.FilePath, p =>
{
try
{
// insert packet summaries in batches
if (packetSummaries.Count >= 50000)
{
this.packetSummaryRepository.Create(packetSummaries);
packetCount += packetSummaries.Count;
packetSummaries.Clear();
}
Console.Write($"\rPackets: {packetCount}\tElapsed Time: {(int)(stopwatch.ElapsedMilliseconds / 1000)} (s)");
packetSummaries.Add(PacketSummary.Parse(p).ForFile(file.Id));
}
catch (Exception e)
{
errors.Add(e);
}
});
this.packetSummaryRepository.Create(packetSummaries);
packetCount += packetSummaries.Count;
packetSummaries.Clear();
Console.Write($"\rPackets: {packetCount}/{packetCount + errors.Count}\tElapsed Time: {(int)(stopwatch.ElapsedMilliseconds / 1000)} (s)");
Console.WriteLine(Environment.NewLine);
stopwatch.Stop();
//errors.ForEach(e => this.userInterface.Error(e.ToString()));
}
private void openPcap()
{
pcap = new PcapFile("UniversalScanner_" + DateTime.Now.ToString("yyyy-MM-dd_HH-mm-ss") + ".pcap");
packetCounter = 0;
}
private void Button_Click_1(object sender, RoutedEventArgs e)
{
m_Packets = null;
PacketList.SelectionChanged += PacketList_SelectionChanged;
m_Packets = new List<ArcheAgePacket>();
OpenFileDialog dial = new OpenFileDialog();
PacketFamily family = null;
try
{
using (var fs = new FileStream(System.IO.Path.Combine("PacketFamily.xml"), FileMode.Open, FileAccess.Read))
using (XmlReader reader = XmlReader.Create(fs))
{
XmlSerializer ser = new XmlSerializer(typeof(PacketFamily));
family = ser.Deserialize(reader) as PacketFamily;
}
}
catch (Exception x)
{
MessageBox.Show(x.ToString());
}
m_CurrentFamily = family;
AA_LOGINPORT = 3724;
bool router = true;
if (dial.ShowDialog() != null)
{
string name = dial.FileName;
if (String.IsNullOrEmpty(name))
return;
PcapFile file = new PcapFile(name);
foreach (PcapPacket packet in file)
{
if (packet.Data.Length < 62)
continue;
BinaryReader reader = new BinaryReader(new MemoryStream(packet.Data));
reader.ReadBytes(router ? 26 : 34);
string SourceIp = reader.ReadByte() + "." + reader.ReadByte() + "." + reader.ReadByte() + "." + reader.ReadByte();
string DestIp = reader.ReadByte() + "." + reader.ReadByte() + "." + reader.ReadByte() + "." + reader.ReadByte();
ushort Source = ReverseShort(reader.ReadUInt16());
ushort Destination = ReverseShort(reader.ReadUInt16());
reader.ReadBytes(16);
//Now - Going Data =)
if ((reader.BaseStream.Length - reader.BaseStream.Position) > 2)
{
short len = BitConverter.ToInt16(new byte[] { packet.Data[reader.BaseStream.Position], packet.Data[(reader.BaseStream.Position) + 1] }, 0);
//if there's will be data with such length - its ArcheAge =)
try
{
reader.ReadInt16(); //old length :D
if (reader.BaseStream.Length - reader.BaseStream.Position == len)
{
//Construct Packet
byte[] data = reader.ReadBytes(len);
string type = "";
string direct = "";
//Set General IP Addresses =)
if (CLIENT_IP == null)
{
if (Source == AA_LOGINPORT)
CLIENT_IP = SourceIp;
else
CLIENT_IP = DestIp;
}
if (MINE_IP == null)
{
if (Destination == AA_LOGINPORT)
MINE_IP = SourceIp;
else
MINE_IP = DestIp;
}
short thisport;
//Proxies Will not work Correctly.
if (Source == AA_LOGINPORT || Destination == AA_LOGINPORT)
{
direct = "[LP]";
thisport = AA_LOGINPORT;
}
else if (Source == AA_GAMEPORT || Destination == AA_GAMEPORT)
{
direct = "[GP]";
thisport = AA_GAMEPORT;
}
else if (Source == AA_CHATPORT || Destination == AA_CHATPORT)
{
direct = "[CP]";
thisport = AA_CHATPORT;
}
else
continue; //Undefined
if (SourceIp == CLIENT_IP && DestIp == MINE_IP)
type = "[S]";
else if (SourceIp == MINE_IP && DestIp == CLIENT_IP)
type = "[C]";
else
continue;
m_Packets.Add(new ArcheAgePacket(data, type, direct, thisport));
}
}
catch (Exception)
{
continue;
}
}
}
file.Dispose();
file = null;
dial = null;
RefreshListBox(true);
}
DefinePacket.IsEnabled = true;
}
