/// <summary>
/// Build the default Wireshark filter for data analysis
/// </summary>
private void BuildDefaultWiresharkFilter()
{
string text = Constants.DefaultWiresharkFilterEtherNetIPClass1Multicast;
IPv4Addr ip_addr = new IPv4Addr(textBoxIpAddress.Text);
if (ip_addr.IsValid == true)
{
text += " && " + Constants.DefaultWiresharkFilterIpSourcePart1 +
ip_addr.ToString() + Constants.DefaultWiresharkFilterIpSourcePart2;
}
if (checkBoxWiresharkFilterOverride.IsChecked == false)
{
textBoxWiresharkFilter.Text = text;
}
}
/// <summary>
/// Process the Wireshark packets and determine the number of datasets
/// </summary>
/// <returns>An <c>AnalysisStatus</c> enumeration indicating whether the analysis process completed successfuly.</returns>
private Enums.AnalysisStatus ProcessWiresharkOutput()
{
Enums.AnalysisStatus status = Enums.AnalysisStatus.Success;
DateTime start_step = new DateTime();
DateTime end_step = new DateTime();
TimeSpan time_step = new TimeSpan();
WiresharkPSMLStructure psml_structure = new WiresharkPSMLStructure();
WiresharkPSMLPacket psml_packet = new WiresharkPSMLPacket();
string[] delimiters = {" ",",",":"};
int num;
double time;
EthernetMACAddr mac_src = new EthernetMACAddr();
EthernetMACAddr mac_dst = new EthernetMACAddr();
IPv4Addr ip_src = new IPv4Addr();
IPv4Addr ip_dst = new IPv4Addr();
int enip_cid = 0;
int enip_seq = 0;
string index_name;
List<string> indices_names = new List<string>();
int index;
NetworkPair pair = new NetworkPair();
JitterDatum datum = new JitterDatum();
_process_log.Add(DateTime.Now.ToString() + ": Process Wireshark Output: Started.");
start_step = DateTime.Now;
_progress.Current = _progress.Minimum;
_background_worker.ReportProgress(_progress.Current);
_tshark.Progress = _progress;
XmlReader reader = XmlReader.Create(_tshark.TemporaryFile.FullName);
XmlDocument doc = new XmlDocument();
doc.Load(reader);
XmlNodeList structure;
XmlNode root = doc.DocumentElement;
structure = root.SelectNodes("//structure");
if (structure.Count == 1)
{
XmlNode structure_node = structure.Item(0);
List<string> sections = new List<string>();
for (int i = 0; i < structure_node.ChildNodes.Count; i++)
{
sections.Add(structure_node.ChildNodes[i].InnerText);
}
int temp = sections.FindIndex(delegate(string title) { return title == psml_structure.NumberTitle; });
if (temp == -1)
status = Enums.AnalysisStatus.Error;
else
psml_structure.NumberIndex = temp;
temp = sections.FindIndex(delegate(string title) { return title == psml_structure.TimeTitle; });
if (temp == -1)
status = Enums.AnalysisStatus.Error;
else
psml_structure.TimeIndex = temp;
temp = sections.FindIndex(delegate(string title) { return title == psml_structure.SourceTitle; });
if (temp == -1)
status = Enums.AnalysisStatus.Error;
else
psml_structure.SourceIndex = temp;
temp = sections.FindIndex(delegate(string title) { return title == psml_structure.DestinationTitle; });
if (temp == -1)
status = Enums.AnalysisStatus.Error;
else
psml_structure.DestinationIndex = temp;
temp = sections.FindIndex(delegate(string title) { return title == psml_structure.ProtocolTitle; });
if (temp == -1)
status = Enums.AnalysisStatus.Error;
else
psml_structure.ProtocolIndex = temp;
temp = sections.FindIndex(delegate(string title) { return title == psml_structure.EnipCidTitle; });
if (temp == -1)
status = Enums.AnalysisStatus.Error;
else
psml_structure.EnipCidIndex = temp;
temp = sections.FindIndex(delegate(string title) { return title == psml_structure.EnipSeqTitle; });
if (temp == -1)
status = Enums.AnalysisStatus.Error;
else
psml_structure.EnipSeqIndex = temp;
temp = sections.FindIndex(delegate(string title) { return title == psml_structure.InfoTitle; });
if (temp == -1)
status = Enums.AnalysisStatus.Error;
else
psml_structure.InfoIndex = temp;
}
else
{
status = Enums.AnalysisStatus.Error;
}
if (status == Enums.AnalysisStatus.Error)
{
_process_log.Add(DateTime.Now.ToString() + ": Process Wireshark Output: Error reading structure of Wireshark PSML output.");
}
else
{
XmlNodeList packets = root.SelectNodes("//packet");
XmlNode packet;
if (packets.Count > 0)
{
_process_log.Add(DateTime.Now.ToString() + ": Process Wireshark Output: " + packets.Count + " filtered packets");
for (int i = 0; i < packets.Count; i++)
{
packet = packets[i];
psml_packet = new WiresharkPSMLPacket();
psml_packet.Number = packet.ChildNodes[psml_structure.NumberIndex].InnerText;
psml_packet.Time = packet.ChildNodes[psml_structure.TimeIndex].InnerText;
psml_packet.Source = packet.ChildNodes[psml_structure.SourceIndex].InnerText;
psml_packet.Destination = packet.ChildNodes[psml_structure.DestinationIndex].InnerText;
psml_packet.Protocol = packet.ChildNodes[psml_structure.ProtocolIndex].InnerText;
psml_packet.EnipCid = packet.ChildNodes[psml_structure.EnipCidIndex].InnerText;
psml_packet.EnipSeq = packet.ChildNodes[psml_structure.EnipSeqIndex].InnerText;
psml_packet.Info = packet.ChildNodes[psml_structure.InfoIndex].InnerText;
pair = new NetworkPair();
int.TryParse(psml_packet.Number, out num);
double.TryParse(psml_packet.Time, out time);
mac_src = new EthernetMACAddr(psml_packet.Source);
pair.MacSource = mac_src;
ip_src = new IPv4Addr(psml_packet.Source);
pair.IpSource = ip_src;
mac_dst = new EthernetMACAddr(psml_packet.Destination);
pair.MacDestination = mac_dst;
ip_dst = new IPv4Addr(psml_packet.Destination);
pair.IpDestination = ip_dst;
if (psml_packet.Protocol == "ENIP")
{
if (!string.IsNullOrEmpty(psml_packet.EnipCid))
{
// remove the extra "0x" that appears on the EtherNet/IP Connection ID
int.TryParse(psml_packet.EnipCid.Remove(0, 2), NumberStyles.HexNumber, null, out enip_cid);
pair.UseEtherNetIP = true;
pair.EtherNetIPConnID = enip_cid;
}
if (!string.IsNullOrEmpty(psml_packet.EnipSeq))
{
int.TryParse(psml_packet.EnipSeq, out enip_seq);
}
}
// Determine index for this packet
index_name = pair.ToString();
if (indices_names.Contains(index_name))
{
index = indices_names.IndexOf(index_name);
}
else
{
index = indices_names.Count;
indices_names.Add(index_name);
string comment = "IP Source == " + ip_src.ToString() + "\nIP Destination == " + ip_dst.ToString();
if (pair.UseEtherNetIP)
comment += "\nEtherNet/IP Connection ID == 0x" + enip_cid.ToString("X");
Identification new_index = new Identification(indices_names.Count, index_name, "Network Address Pair", comment);
_indices.Add(new_index);
}
datum = new JitterDatum(index, time);
_full_data.Add(datum);
_progress.Current = (int)(i / packets.Count * 100);
_background_worker.ReportProgress(_progress.Current);
}
if (_indices.Count == 1)
_process_log.Add(DateTime.Now.ToString() + ": Process Wireshark Output: " + _indices.Count + " dataset");
else
_process_log.Add(DateTime.Now.ToString() + ": Process Wireshark Output: " + _indices.Count + " datasets");
}
else
{
status = Enums.AnalysisStatus.NoPacketsCaptured;
_process_log.Add(DateTime.Now.ToString() + ": Process Wireshark Output: No packets captured that match the desired filter.");
}
}
_progress.Current = _progress.Maximum;
_background_worker.ReportProgress(_progress.Current);
end_step = DateTime.Now;
time_step = TimeSpan.FromTicks(end_step.Ticks - start_step.Ticks);
_process_log.Add(DateTime.Now.ToString() + ": Process Wireshark Output: Completed in " + time_step.TotalSeconds.ToString() + " s");
return status;
}
/// <summary>
///
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
private void textBoxIpAddress_TextChanged(object sender, TextChangedEventArgs e)
{
if (string.IsNullOrWhiteSpace(textBoxIpAddress.Text))
{
textBoxIpAddress.Background = Constants.TextBoxBackgroundBrushBlank;
}
else
{
IPv4Addr addr = new IPv4Addr(textBoxIpAddress.Text.Trim());
if (addr.IsValid == true)
textBoxIpAddress.Background = Constants.TextBoxBackgroundBrushValid;
else
textBoxIpAddress.Background = Constants.TextBoxBackgroundBrushInvalid;
_activate_save = true;
}
BuildDefaultWiresharkFilter();
}
