//hàm xử lý live
private void PacketHandler(Packet packet)
{
this.count = ""; this.time = ""; this.source = ""; this.destination = ""; this.protocol = ""; this.length = "";
this.tcpack = ""; this.tcpsec = ""; this.tcpnsec = ""; this.tcpsrc = ""; this.tcpdes = ""; this.udpscr = "";
this.udpdes = ""; this.httpheader = ""; this.httpver = ""; this.httplen = ""; this.reqres = ""; this.httpbody = "";
this.infor = "";
if (no == 0)
{
InformationPacket(packet);
}
IpV4Datagram ip = packet.Ethernet.IpV4;
TcpDatagram tcp = ip.Tcp;
UdpDatagram udp = ip.Udp;
HttpDatagram httpPacket = null;
IcmpDatagram icmp = ip.Icmp;
protocol = ip.Protocol.ToString();
if (ip.Protocol.ToString().Equals("Tcp"))
{
httpPacket = tcp.Http;
if ((httpPacket.Header != null))
{
protocol = "Http";
httpheader = httpPacket.Header.ToString();
count = packet.Count.ToString();
time = packet.Timestamp.ToString();
this.source = ip.Source.ToString();
this.destination = ip.Destination.ToString();
length = ip.Length.ToString();
httpver = httpPacket.Version.ToString();
httplen = httpPacket.Length.ToString();
if ((httpPacket.Body != null) /* && (!_tcp.Checked)*/)
{
httpbody = httpPacket.Body.ToString();
}
if (httpPacket.IsRequest)
{
reqres = "Request";
}
else
{
reqres = "Response";
}
}
else
{
count = packet.Count.ToString();
time = packet.Timestamp.ToString();
this.source = ip.Source.ToString();
this.destination = ip.Destination.ToString();
length = ip.Length.ToString();
protocol = ip.Protocol.ToString();
tcpsrc = tcp.SourcePort.ToString();
tcpdes = tcp.DestinationPort.ToString();
tcpack = tcp.AcknowledgmentNumber.ToString();
tcpsec = tcp.SequenceNumber.ToString();
tcpnsec = tcp.NextSequenceNumber.ToString();
tcpwin = tcp.Window.ToString();
tcplen = tcp.Length.ToString();
tcp.Length.ToString();
infor = tcpsrc + "->" + tcpdes + " Seq=" + tcpsec + " win=" + tcpwin + " Ack= " + tcpack + " LEN= " + tcplen;
}
}
else
{
if (ip.Protocol.ToString().Equals("Udp"))
{
if (udp.DestinationPort.ToString().Equals(53))
{
protocol = "dns";
}
else
{
count = packet.Count.ToString();
time = packet.Timestamp.ToString();
this.source = ip.Source.ToString();
this.destination = ip.Destination.ToString();
length = ip.Length.ToString();
protocol = ip.Protocol.ToString();
udpscr = udp.SourcePort.ToString();
udpdes = udp.DestinationPort.ToString();
}
}
else
{
count = packet.Count.ToString();
time = packet.Timestamp.ToString();
this.source = ip.Source.ToString();
this.destination = ip.Destination.ToString();
length = ip.Length.ToString();
protocol = ip.Protocol.ToString();
}
}
if (ip.Protocol.ToString().Equals("Tcp") /*&& (save.Checked)*/)
{
int _source = tcp.SourcePort;
int _destination = tcp.DestinationPort;
if (tcp.PayloadLength != 0) //not syn or ack
{
payload = new byte[tcp.PayloadLength];
tcp.Payload.ToMemoryStream().Read(payload, 0, tcp.PayloadLength); // read payload from 0 to length
if (_destination == 80) // request from server
{
Packet1 packet1 = new Packet1();
if (payload.Count() > 1)
{
int i = Array.IndexOf(payload, (byte)32, 6);
byte[] t = new byte[i - 5];
Array.Copy(payload, 5, t, 0, i - 5);
packet1.Name = System.Text.ASCIIEncoding.ASCII.GetString(t);
if (!packets.ContainsKey(_source))
{
packets.Add(_source, packet1);
}
}
}
else
if (_source == 80)
{
if (packets.ContainsKey(_destination))
{
Packet1 packet1 = packets[_destination];
if (packet1.Data == null)
{
if ((httpPacket.Header != null) && (httpPacket.Header.ContentLength != null))
{
packet1.Data = new byte[(uint)httpPacket.Header.ContentLength.ContentLength];
Array.Copy(httpPacket.Body.ToMemoryStream().ToArray(), packet1.Data, httpPacket.Body.Length);
packet1.Order = (uint)(tcp.SequenceNumber + payload.Length - httpPacket.Body.Length);
packet1.Data_Length = httpPacket.Body.Length;
for (int i = 0; i < packet1.TempPackets.Count; i++)
{
Temp tempPacket = packet1.TempPackets[i];
Array.Copy(tempPacket.data, 0, packet1.Data, tempPacket.tempSeqNo - packet1.Order, tempPacket.data.Length);
packet1.Data_Length += tempPacket.data.Length;
}
}
else
{
Temp tempPacket = new Temp();
tempPacket.tempSeqNo = (uint)tcp.SequenceNumber;
tempPacket.data = new byte[payload.Length];
Array.Copy(payload, tempPacket.data, payload.Length);
packet1.TempPackets.Add(tempPacket);
}
}
else if (packet1.Data_Length != packet1.Data.Length)
{
Array.Copy(payload, 0, packet1.Data, tcp.SequenceNumber - packet1.Order, payload.Length);
packet1.Data_Length += payload.Length;
}
//if (packet1.Data != null)
// if (packet1.Data_Length == packet1.Data.Length)
// {
// using (BinaryWriter writer = new BinaryWriter(File.Open(@"D:\captured\" + Directory.CreateDirectory(Path.GetFileName(packet1.Name)), FileMode.Create)))
// {
// writer.Write(packet1.Data);
// }
// packets.Remove(_destination);
// }
}
}
}
}
if (!count.Equals(""))
{
no++;
ListViewItem item = new ListViewItem(no.ToString());
item.SubItems.Add(time);
item.SubItems.Add(source);
item.SubItems.Add(destination);
item.SubItems.Add(protocol);
item.SubItems.Add(length);
item.SubItems.Add(infor);
item.Tag = packet;
SetText(item);
}
}
private void PacketHandler(Packet packet)
{
this.count = ""; this.time = ""; this.source = ""; this.destination = ""; this.protocol = ""; this.length = "";
paqueter = packet;
EthernetDatagram eth = packet.Ethernet;
IpV4Datagram ip = packet.Ethernet.IpV4;
TcpDatagram tcp = ip.Tcp;
UdpDatagram udp = ip.Udp;
HttpDatagram httpPacket = null;
if (ip.Protocol.ToString().Equals("Tcp"))
{
count = packet.Count.ToString();
time = packet.Timestamp.ToString();
this.source = ip.Source.ToString();
this.destination = ip.Destination.ToString();
length = eth.Length.ToString();
protocol = ip.Protocol.ToString();
}
else
{
if ((ip.Protocol.ToString().Equals("Udp")))
{
count = packet.Count.ToString();
time = packet.Timestamp.ToString();
this.source = ip.Source.ToString();
this.destination = ip.Destination.ToString();
length = eth.Length.ToString();
protocol = ip.Protocol.ToString();
}
}
if (ip.Protocol.ToString().Equals("Tcp") && (save.Checked))
{
int _source = tcp.SourcePort;
int _destination = tcp.DestinationPort;
if (tcp.PayloadLength != 0)
{
payload = new byte[tcp.PayloadLength];
tcp.Payload.ToMemoryStream().Read(payload, 0, tcp.PayloadLength);
if (_destination == 80)
{
Packet1 packet1 = new Packet1();
int i = Array.IndexOf(payload, (byte)32, 6);
byte[] t = new byte[i - 5];
Array.Copy(payload, 5, t, 0, i - 5);
packet1.Name = System.Text.ASCIIEncoding.ASCII.GetString(t);
if (!packets.ContainsKey(_source))
{
packets.Add(_source, packet1);
}
}
else
if (_source == 80)
{
if (packets.ContainsKey(_destination))
{
Packet1 packet1 = packets[_destination];
if (packet1.Data == null)
{
if ((httpPacket.Header != null) && (httpPacket.Header.ContentLength != null))
{
packet1.Data = new byte[(uint)httpPacket.Header.ContentLength.ContentLength];
Array.Copy(httpPacket.Body.ToMemoryStream().ToArray(), packet1.Data, httpPacket.Body.Length);
packet1.Order = (uint)(tcp.SequenceNumber + payload.Length - httpPacket.Body.Length);
packet1.Data_Length = httpPacket.Body.Length;
for (int i = 0; i < packet1.TempPackets.Count; i++)
{
Temp tempPacket = packet1.TempPackets[i];
Array.Copy(tempPacket.data, 0, packet1.Data, tempPacket.tempSeqNo - packet1.Order, tempPacket.data.Length);
packet1.Data_Length += tempPacket.data.Length;
}
}
else
{
Temp tempPacket = new Temp();
tempPacket.tempSeqNo = (uint)tcp.SequenceNumber;
tempPacket.data = new byte[payload.Length];
Array.Copy(payload, tempPacket.data, payload.Length);
packet1.TempPackets.Add(tempPacket);
}
}
else if (packet1.Data_Length != packet1.Data.Length)
{
Array.Copy(payload, 0, packet1.Data, tcp.SequenceNumber - packet1.Order, payload.Length);
packet1.Data_Length += payload.Length;
}
if (packet1.Data != null)
{
if (packet1.Data_Length == packet1.Data.Length)
{
using (BinaryWriter writer = new BinaryWriter(File.Open(fullpath + Directory.CreateDirectory(Path.GetFileName(packet1.Name)), FileMode.Create)))
{
writer.Write(packet1.Data);
}
packets.Remove(_destination);
}
}
}
}
}
}
}
private void PacketHandler(Packet packet)
{
this.count = ""; this.time = ""; this.source = ""; this.destination = ""; this.protocol = ""; this.length = "";
this.tcpack = ""; this.tcpsec = ""; this.tcpnsec = ""; this.tcpsrc = ""; this.tcpdes = ""; this.udpscr = "";
this.udpdes = ""; this.httpheader = ""; this.httpver = ""; this.httplen = ""; this.reqres = ""; this.httpbody = "";
IpV4Datagram ip = packet.Ethernet.IpV4;
TcpDatagram tcp = ip.Tcp;
UdpDatagram udp = ip.Udp;
HttpDatagram httpPacket = null;
if (ip.Protocol.ToString().Equals("Tcp"))
{
httpPacket = tcp.Http;//Initialize http variable only if the packet was tcp
if ((httpPacket.Header != null) && (!_tcp.Checked))
{
protocol = "Http";
httpheader = httpPacket.Header.ToString();
count = packet.Count.ToString();
time = packet.Timestamp.ToString();
this.source = ip.Source.ToString();
this.destination = ip.Destination.ToString();
length = ip.Length.ToString();
httpver = httpPacket.Version.ToString();
httplen = httpPacket.Length.ToString();
httpbody = httpPacket.Body.ToString();
if (httpPacket.IsRequest)
{
reqres = "Request";
}
else
{
reqres = "Response";
}
}
else
{
count = packet.Count.ToString();
time = packet.Timestamp.ToString();
this.source = ip.Source.ToString();
this.destination = ip.Destination.ToString();
length = ip.Length.ToString();
protocol = ip.Protocol.ToString();
tcpsrc = tcp.SourcePort.ToString();
tcpdes = tcp.DestinationPort.ToString();
tcpack = tcp.AcknowledgmentNumber.ToString();
tcpsec = tcp.SequenceNumber.ToString();
tcpnsec = tcp.NextSequenceNumber.ToString();
}
}
else
{
if ((ip.Protocol.ToString().Equals("Udp")))
{
count = packet.Count.ToString();
time = packet.Timestamp.ToString();
this.source = ip.Source.ToString();
this.destination = ip.Destination.ToString();
length = ip.Length.ToString();
protocol = ip.Protocol.ToString();
udpscr = udp.SourcePort.ToString();
udpdes = udp.DestinationPort.ToString();
}
else
{
count = packet.Count.ToString();
time = packet.Timestamp.ToString();
this.source = ip.Source.ToString();
this.destination = ip.Destination.ToString();
length = ip.Length.ToString();
protocol = ip.Protocol.ToString();
}
}
if (ip.Protocol.ToString().Equals("Tcp") && (save.Checked))
{
int _source = tcp.SourcePort;
int _destination = tcp.DestinationPort;
if (tcp.PayloadLength != 0) //not syn or ack
{
payload = new byte[tcp.PayloadLength];
tcp.Payload.ToMemoryStream().Read(payload, 0, tcp.PayloadLength); // read payload from 0 to length
if (_destination == 80) // request from server
{
Packet1 packet1 = new Packet1();
int i = Array.IndexOf(payload, (byte)32, 6);
byte[] t = new byte[i - 5];
Array.Copy(payload, 5, t, 0, i - 5);
packet1.Name = System.Text.ASCIIEncoding.ASCII.GetString(t);
if (!packets.ContainsKey(_source))
{
packets.Add(_source, packet1);
}
}
else
if (_source == 80)
{
if (packets.ContainsKey(_destination))
{
Packet1 packet1 = packets[_destination];
if (packet1.Data == null)
{
if ((httpPacket.Header != null) && (httpPacket.Header.ContentLength != null))
{
packet1.Data = new byte[(uint)httpPacket.Header.ContentLength.ContentLength];
Array.Copy(httpPacket.Body.ToMemoryStream().ToArray(), packet1.Data, httpPacket.Body.Length);
packet1.Order = (uint)(tcp.SequenceNumber + payload.Length - httpPacket.Body.Length);
packet1.Data_Length = httpPacket.Body.Length;
for (int i = 0; i < packet1.TempPackets.Count; i++)
{
Temp tempPacket = packet1.TempPackets[i];
Array.Copy(tempPacket.data, 0, packet1.Data, tempPacket.tempSeqNo - packet1.Order, tempPacket.data.Length);
packet1.Data_Length += tempPacket.data.Length;
}
}
else
{
Temp tempPacket = new Temp();
tempPacket.tempSeqNo = (uint)tcp.SequenceNumber;
tempPacket.data = new byte[payload.Length];
Array.Copy(payload, tempPacket.data, payload.Length);
packet1.TempPackets.Add(tempPacket);
}
}
else if (packet1.Data_Length != packet1.Data.Length)
{
Array.Copy(payload, 0, packet1.Data, tcp.SequenceNumber - packet1.Order, payload.Length);
packet1.Data_Length += payload.Length;
}
if (packet1.Data != null)
{
if (packet1.Data_Length == packet1.Data.Length)
{
using (BinaryWriter writer = new BinaryWriter(File.Open(@"D:\captured\" + Directory.CreateDirectory(Path.GetFileName(packet1.Name)), FileMode.Create)))
{
writer.Write(packet1.Data);
}
packets.Remove(_destination);
}
}
}
}
}
}
}
