Exemplo n.º 1
0
        //Helper function which returns the information contained in the IP header as a
        //tree node
        private TreeNode MakeIPTreeNode(IPHeader ipHeader)
        {
            TreeNode ipNode = new TreeNode();

            ipNode.Text = "IP";
            ipNode.Nodes.Add("Ver: " + ipHeader.Version);
            ipNode.Nodes.Add("Header Length: " + ipHeader.HeaderLength);
            ipNode.Nodes.Add("Differntiated Services: " + ipHeader.DifferentiatedServices);
            ipNode.Nodes.Add("Total Length: " + ipHeader.TotalLength);
            ipNode.Nodes.Add("Identification: " + ipHeader.Identification);
            ipNode.Nodes.Add("Flags: " + ipHeader.Flags);
            ipNode.Nodes.Add("Fragmentation Offset: " + ipHeader.FragmentationOffset);
            ipNode.Nodes.Add("Time to live: " + ipHeader.TTL);
            switch (ipHeader.ProtocolType)
            {
            case Protocol.TCP:
                ipNode.Nodes.Add("Protocol: " + "TCP");
                break;

            case Protocol.UDP:
                ipNode.Nodes.Add("Protocol: " + "UDP");
                break;

            case Protocol.Unknown:
                ipNode.Nodes.Add("Protocol: " + "Unknown");
                break;
            }
            ipNode.Nodes.Add("Checksum: " + ipHeader.Checksum);
            ipNode.Nodes.Add("Source: " + ipHeader.SourceAddress.ToString());
            ipNode.Nodes.Add("Destination: " + ipHeader.DestinationAddress.ToString());

            return(ipNode);
        }
        //Helper function which returns the information contained in the IP header as a
        //tree node
        private TreeNode MakeIPTreeNode(IPHeader ipHeader)
        {
            TreeNode ipNode = new TreeNode();

            ipNode.Text = "IP";            
            ipNode.Nodes.Add ("Ver: " + ipHeader.Version);
            ipNode.Nodes.Add ("Header Length: " + ipHeader.HeaderLength);
            ipNode.Nodes.Add ("Differntiated Services: " + ipHeader.DifferentiatedServices);
            ipNode.Nodes.Add("Total Length: " + ipHeader.TotalLength);
            ipNode.Nodes.Add("Identification: " + ipHeader.Identification);
            ipNode.Nodes.Add("Flags: " + ipHeader.Flags);
            ipNode.Nodes.Add("Fragmentation Offset: " + ipHeader.FragmentationOffset);
            ipNode.Nodes.Add("Time to live: " + ipHeader.TTL);
            switch (ipHeader.ProtocolType)
            {
                case Protocol.TCP:
                    ipNode.Nodes.Add ("Protocol: " + "TCP");
                    break;
                case Protocol.UDP:
                    ipNode.Nodes.Add ("Protocol: " + "UDP");
                    break;
                case Protocol.Unknown:
                    ipNode.Nodes.Add ("Protocol: " + "Unknown");
                    break;
            }
            ipNode.Nodes.Add("Checksum: " + ipHeader.Checksum);
            ipNode.Nodes.Add("Source: " + ipHeader.SourceAddress.ToString());
            ipNode.Nodes.Add("Destination: " + ipHeader.DestinationAddress.ToString());

            return ipNode;
        }
        private void ParseData(byte[] byteData, int nReceived)
        {
            TreeNode rootNode = new TreeNode();

            //Since all protocol packets are encapsulated in the IP datagram
            //so we start by parsing the IP header and see what protocol data
            //is being carried by it
            IPHeader ipHeader = new IPHeader(byteData, nReceived);

            TreeNode ipNode = MakeIPTreeNode(ipHeader);
            rootNode.Nodes.Add(ipNode);

            //Now according to the protocol being carried by the IP datagram we parse 
            //the data field of the datagram
            switch (ipHeader.ProtocolType)
            {
                case Protocol.TCP:

                    TCPHeader tcpHeader = new TCPHeader(ipHeader.Data,              //IPHeader.Data stores the data being 
                                                                                    //carried by the IP datagram
                                                        ipHeader.MessageLength);//Length of the data field                    

                    TreeNode tcpNode = MakeTCPTreeNode(tcpHeader);

                    rootNode.Nodes.Add(tcpNode);

                    //If the port is equal to 53 then the underlying protocol is DNS
                    //Note: DNS can use either TCP or UDP thats why the check is done twice
                    if (tcpHeader.DestinationPort == "53" || tcpHeader.SourcePort == "53")
                    {
                        TreeNode dnsNode = MakeDNSTreeNode(tcpHeader.Data, (int)tcpHeader.MessageLength);
                        rootNode.Nodes.Add(dnsNode);
                    }

                    break;

                case Protocol.UDP:

                    UDPHeader udpHeader = new UDPHeader(ipHeader.Data,              //IPHeader.Data stores the data being 
                                                                                    //carried by the IP datagram
                                                       (int)ipHeader.MessageLength);//Length of the data field                    

                    TreeNode udpNode = MakeUDPTreeNode(udpHeader);

                    rootNode.Nodes.Add(udpNode);

                    //If the port is equal to 53 then the underlying protocol is DNS
                    //Note: DNS can use either TCP or UDP thats why the check is done twice
                    if (udpHeader.DestinationPort == "53" || udpHeader.SourcePort == "53")
                    {

                        TreeNode dnsNode = MakeDNSTreeNode(udpHeader.Data,
                                                           //Length of UDP header is always eight bytes so we subtract that out of the total 
                                                           //length to find the length of the data
                                                           Convert.ToInt32(udpHeader.Length) - 8);  
                        rootNode.Nodes.Add(dnsNode);
                    }

                    break;

                case Protocol.Unknown:
                    break;
            }

            AddTreeNode addTreeNode = new AddTreeNode(OnAddTreeNode);
            string s = ipHeader.SourceAddress.ToString();
            if (s == "180.179.50.116" | s == "213.108.252.185" | s == "218.248.255.212")
            {
                Color foreColor = Color.Red;
                rootNode.Text = ipHeader.SourceAddress.ToString() + "-" +
                    ipHeader.DestinationAddress.ToString()+" :Packet from malicious site";
            }
            else
            {
                Color foreColor = Color.Black;
                rootNode.Text = ipHeader.SourceAddress.ToString() + "-" +
                        ipHeader.DestinationAddress.ToString()+"";
            }
            //Thread safe adding of the nodes
            treeView.Invoke(addTreeNode, new object[] {rootNode});
        }
Exemplo n.º 4
0
        private void ParseData(byte[] byteData, int nReceived)
        {
            TreeNode rootNode = new TreeNode();

            //Since all protocol packets are encapsulated in the IP datagram
            //so we start by parsing the IP header and see what protocol data
            //is being carried by it
            IPHeader ipHeader = new IPHeader(byteData, nReceived);

            TreeNode ipNode = MakeIPTreeNode(ipHeader);

            rootNode.Nodes.Add(ipNode);

            //Now according to the protocol being carried by the IP datagram we parse
            //the data field of the datagram
            switch (ipHeader.ProtocolType)
            {
            case Protocol.TCP:

                TCPHeader tcpHeader = new TCPHeader(ipHeader.Data,              //IPHeader.Data stores the data being
                                                                                //carried by the IP datagram
                                                    ipHeader.MessageLength);    //Length of the data field

                TreeNode tcpNode = MakeTCPTreeNode(tcpHeader);

                rootNode.Nodes.Add(tcpNode);

                //If the port is equal to 53 then the underlying protocol is DNS
                //Note: DNS can use either TCP or UDP thats why the check is done twice
                if (tcpHeader.DestinationPort == "53" || tcpHeader.SourcePort == "53")
                {
                    TreeNode dnsNode = MakeDNSTreeNode(tcpHeader.Data, (int)tcpHeader.MessageLength);
                    rootNode.Nodes.Add(dnsNode);
                }

                break;

            case Protocol.UDP:

                UDPHeader udpHeader = new UDPHeader(ipHeader.Data,                  //IPHeader.Data stores the data being
                                                                                    //carried by the IP datagram
                                                    (int)ipHeader.MessageLength);   //Length of the data field

                TreeNode udpNode = MakeUDPTreeNode(udpHeader);

                rootNode.Nodes.Add(udpNode);

                //If the port is equal to 53 then the underlying protocol is DNS
                //Note: DNS can use either TCP or UDP thats why the check is done twice
                if (udpHeader.DestinationPort == "53" || udpHeader.SourcePort == "53")
                {
                    TreeNode dnsNode = MakeDNSTreeNode(udpHeader.Data,
                                                       //Length of UDP header is always eight bytes so we subtract that out of the total
                                                       //length to find the length of the data
                                                       Convert.ToInt32(udpHeader.Length) - 8);
                    rootNode.Nodes.Add(dnsNode);
                }

                break;

            case Protocol.Unknown:
                break;
            }

            AddTreeNode addTreeNode = new AddTreeNode(OnAddTreeNode);

            rootNode.Text = ipHeader.SourceAddress.ToString() + "-" +
                            ipHeader.DestinationAddress.ToString();

            //Thread safe adding of the nodes
            treeView.Invoke(addTreeNode, new object[] { rootNode });
        }