Exemplo n.º 1
0
        //Helper function which returns the information contained in the TCP header as a
        //tree node
        private TreeNode MakeTCPTreeNode(TCPHeader tcpHeader)
        {
            TreeNode tcpNode = new TreeNode();

            tcpNode.Text = "TCP";

            tcpNode.Nodes.Add("Source Port: " + tcpHeader.SourcePort);
            tcpNode.Nodes.Add("Destination Port: " + tcpHeader.DestinationPort);
            tcpNode.Nodes.Add("Sequence Number: " + tcpHeader.SequenceNumber);

            if (tcpHeader.AcknowledgementNumber != "")
            {
                tcpNode.Nodes.Add("Acknowledgement Number: " + tcpHeader.AcknowledgementNumber);
            }

            tcpNode.Nodes.Add("Header Length: " + tcpHeader.HeaderLength);
            tcpNode.Nodes.Add("Flags: " + tcpHeader.Flags);
            tcpNode.Nodes.Add("Window Size: " + tcpHeader.WindowSize);
            tcpNode.Nodes.Add("Checksum: " + tcpHeader.Checksum);

            if (tcpHeader.UrgentPointer != "")
            {
                tcpNode.Nodes.Add("Urgent Pointer: " + tcpHeader.UrgentPointer);
            }

            return(tcpNode);
        }
Exemplo n.º 2
0
        public void ParseData(byte[] byteData, int nReceived)
        {
            TreeNode rootNode = new TreeNode();

            AdFunctions adfunc_call = new AdFunctions();

            //Since all protocol packets are encapsulated in the IP datagram
            //so we start by parsing the IP header and see what protocol data
            //is being carried by it
            IPHeader ipHeader = new IPHeader(byteData, nReceived);

            TreeNode ipNode = MakeIPTreeNode(ipHeader);

            rootNode.Nodes.Add(ipNode);

            //Now according to the protocol being carried by the IP datagram we parse
            //the data field of the datagram
            switch (ipHeader.ProtocolType)
            {
            case Protocol.TCP:

                TCPHeader tcpHeader = new TCPHeader(ipHeader.Data,              //IPHeader.Data stores the data being
                                                                                //carried by the IP datagram
                                                    ipHeader.MessageLength);    //Length of the data field


                TreeNode tcpNode = MakeTCPTreeNode(tcpHeader);

                rootNode.Nodes.Add(tcpNode);

                //If the port is equal to 53 then the underlying protocol is DNS
                //Note: DNS can use either TCP or UDP thats why the check is done twice
                if (tcpHeader.DestinationPort == "53" || tcpHeader.SourcePort == "53")
                {
                    TreeNode dnsNode = MakeDNSTreeNode(tcpHeader.Data, (int)tcpHeader.MessageLength);
                    rootNode.Nodes.Add(dnsNode);
                }

                break;

            case Protocol.UDP:

                UDPHeader udpHeader = new UDPHeader(ipHeader.Data,                  //IPHeader.Data stores the data being
                                                                                    //carried by the IP datagram
                                                    (int)ipHeader.MessageLength);   //Length of the data field

                //Вывов функции по определению подозрительных UDP пакетов
                adfunc_call.susp_node(Convert.ToInt32(udpHeader.Length), rootNode);


                TreeNode udpNode = MakeUDPTreeNode(udpHeader);

                rootNode.Nodes.Add(udpNode);

                //If the port is equal to 53 then the underlying protocol is DNS
                //Note: DNS can use either TCP or UDP thats why the check is done twice
                if (udpHeader.DestinationPort == "53" || udpHeader.SourcePort == "53")
                {
                    TreeNode dnsNode = MakeDNSTreeNode(udpHeader.Data,
                                                       //Length of UDP header is always eight bytes so we subtract that out of the total
                                                       //length to find the length of the data
                                                       Convert.ToInt32(udpHeader.Length) - 8);


                    rootNode.Nodes.Add(dnsNode);
                }

                break;

            case Protocol.Unknown:
                MessageBox.Show("Unknown protocol receaved. Maybe someone is trying to get access to your computer.");
                break;
            }

            AddTreeNode addTreeNode = new AddTreeNode(OnAddTreeNode);


            rootNode.Text = "From    " + ipHeader.SourceAddress.ToString() + "    to    " + ipHeader.DestinationAddress.ToString();


            //Adfunc call
            pack_count += 1;


            adfunc_call.Ip_List(ipHeader.SourceAddress.ToString(), ipHeader.DestinationAddress.ToString());


            //Thread safe adding of the nodes
            treeView.Invoke(addTreeNode, new object[] { rootNode });
        }