// tcp
public void VerifyPacket1(Packet p, RawCapture rawCapture)
{
Console.WriteLine(p.ToString());
EthernetPacket e = (EthernetPacket)p;
Assert.AreEqual("0016CFC91E29", e.SourceHwAddress.ToString());
Assert.AreEqual("0014BFF2EF0A", e.DestinationHwAddress.ToString());
IpPacket ip = (IpPacket)p.PayloadPacket;
Assert.AreEqual(System.Net.IPAddress.Parse("192.168.1.104"), ip.SourceAddress);
Assert.AreEqual(System.Net.IPAddress.Parse("86.42.196.13"), ip.DestinationAddress);
Assert.AreEqual(64, ip.TimeToLive);
Assert.AreEqual(0x2ff4, ((IPv4Packet)ip).CalculateIPChecksum());
Assert.AreEqual(1171483600, rawCapture.Timeval.Seconds);
Assert.AreEqual(125234.000, rawCapture.Timeval.MicroSeconds);
TcpPacket tcp = (TcpPacket)ip.PayloadPacket;
Assert.AreEqual(56925, tcp.SourcePort);
Assert.AreEqual(50199, tcp.DestinationPort);
Assert.IsTrue(tcp.Ack);
Assert.IsTrue(tcp.Psh);
Assert.AreEqual(16666, tcp.WindowSize);
Assert.AreEqual(0x9b02, tcp.CalculateTCPChecksum());
Assert.AreEqual(0x9b02, tcp.Checksum);
Assert.IsTrue(tcp.ValidTCPChecksum);
}
// tcp
public void VerifyPacket0(Packet p, RawCapture rawCapture)
{
Console.WriteLine(p.ToString());
EthernetPacket e = (EthernetPacket)p;
Assert.AreEqual(PhysicalAddress.Parse("00-13-10-03-71-47"), e.SourceHwAddress);
Assert.AreEqual(PhysicalAddress.Parse("00-E0-4C-E5-73-AD"), e.DestinationHwAddress);
IpPacket ip = (IpPacket)e.PayloadPacket;
Assert.AreEqual(System.Net.IPAddress.Parse("82.165.240.134"), ip.SourceAddress);
Assert.AreEqual(System.Net.IPAddress.Parse("192.168.1.221"), ip.DestinationAddress);
Assert.AreEqual(IpVersion.IPv4, ip.Version);
Assert.AreEqual(IPProtocolType.TCP, ip.Protocol);
Assert.AreEqual(254, ip.TimeToLive);
Assert.AreEqual(0x0df8, ((IPv4Packet)ip).CalculateIPChecksum());
Assert.AreEqual(1176685346, rawCapture.Timeval.Seconds);
Assert.AreEqual(885259.000, rawCapture.Timeval.MicroSeconds);
TcpPacket tcp = (TcpPacket)ip.PayloadPacket;
Assert.AreEqual(80, tcp.SourcePort);
Assert.AreEqual(4324, tcp.DestinationPort);
Assert.IsTrue(tcp.Ack);
Assert.AreEqual(3536, tcp.WindowSize);
Assert.AreEqual(0xc835, tcp.CalculateTCPChecksum());
Console.WriteLine("tcp.Checksum is {0}", tcp.Checksum);
Assert.AreEqual(0xc835, tcp.Checksum, "tcp.Checksum mismatch");
Assert.IsTrue(tcp.ValidTCPChecksum);
}
//handles how packets are processed for connectivity check. if there are packts, sets flag to true. same logic as PacketHandler
private static void DeviceConnectivityHandler(object sender, CaptureEventArgs e)
{
PacketDotNet.Packet packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
string details = string.Format("{0}", packet.ToString());
if ((!string.IsNullOrEmpty(details)) && (!string.IsNullOrWhiteSpace(details)))
{
isDeviceActive = true;
}
}
// icmpv6
public void VerifyPacket0(Packet p, RawCapture rawCapture)
{
Assert.IsNotNull(p);
Console.WriteLine(p.ToString());
EthernetPacket e = (EthernetPacket)p;
Assert.AreEqual(PhysicalAddress.Parse("00-A0-CC-D9-41-75"), e.SourceHwAddress);
Assert.AreEqual(PhysicalAddress.Parse("33-33-00-00-00-02"), e.DestinationHwAddress);
var ip = IpPacket.GetEncapsulated(p);
Console.WriteLine("ip {0}", ip.ToString());
Assert.AreEqual(System.Net.IPAddress.Parse("fe80::2a0:ccff:fed9:4175"), ip.SourceAddress);
Assert.AreEqual(System.Net.IPAddress.Parse("ff02::2"), ip.DestinationAddress);
Assert.AreEqual(IpVersion.IPv6, ip.Version);
Assert.AreEqual(IPProtocolType.ICMPV6, ip.Protocol);
Assert.AreEqual(16, ip.PayloadPacket.Bytes.Length, "ip.PayloadPacket.Bytes.Length mismatch");
Assert.AreEqual(255, ip.HopLimit);
Assert.AreEqual(255, ip.TimeToLive);
Assert.AreEqual(0x3a, (byte)ip.NextHeader);
Console.WriteLine("Failed: ip.ComputeIPChecksum() not implemented.");
Assert.AreEqual(1221145299, rawCapture.Timeval.Seconds);
Assert.AreEqual(453568.000, rawCapture.Timeval.MicroSeconds);
}
// udp
public void VerifyPacket2(Packet p, RawCapture rawCapture)
{
Console.WriteLine(p.ToString());
EthernetPacket e = (EthernetPacket)p;
Assert.AreEqual("0014BFF2EF0A", e.SourceHwAddress.ToString());
Assert.AreEqual("0016CFC91E29", e.DestinationHwAddress.ToString());
var ip = (IpPacket)p.Extract (typeof(IpPacket));
Assert.AreEqual(System.Net.IPAddress.Parse("172.210.164.56"), ip.SourceAddress);
Assert.AreEqual(System.Net.IPAddress.Parse("192.168.1.104"), ip.DestinationAddress);
Assert.AreEqual(IpVersion.IPv4, ip.Version);
Assert.AreEqual(IPProtocolType.UDP, ip.Protocol);
Assert.AreEqual(112, ip.TimeToLive);
Assert.AreEqual(0xe0a2, ((IPv4Packet)ip).CalculateIPChecksum());
Assert.AreEqual(1171483602, rawCapture.Timeval.Seconds);
Assert.AreEqual(578641.000, rawCapture.Timeval.MicroSeconds);
var udp = (UdpPacket)p.Extract(typeof(UdpPacket));
Assert.AreEqual(52886, udp.SourcePort);
Assert.AreEqual(56924, udp.DestinationPort);
Assert.AreEqual(71, udp.Length);
Assert.AreEqual(0xc8b8, udp.Checksum);
}
// icmp
public void VerifyPacket5(Packet p, RawCapture rawCapture)
{
Console.WriteLine(p.ToString());
EthernetPacket e = (EthernetPacket)p;
Assert.AreEqual("0016CFC91E29", e.SourceHwAddress.ToString());
Assert.AreEqual("0014BFF2EF0A", e.DestinationHwAddress.ToString());
var ip = (IpPacket)p.Extract (typeof(IpPacket));
Assert.AreEqual(System.Net.IPAddress.Parse("192.168.1.104"), ip.SourceAddress);
Assert.AreEqual(System.Net.IPAddress.Parse("85.195.52.22"), ip.DestinationAddress);
}
// arp
public void VerifyPacket4(Packet p, RawCapture rawCapture)
{
Console.WriteLine(p.ToString());
EthernetPacket e = (EthernetPacket)p;
Assert.AreEqual("0018F84B17A0", e.SourceHwAddress.ToString());
Assert.AreEqual("FFFFFFFFFFFF", e.DestinationHwAddress.ToString());
}
// dns
public void VerifyPacket3(Packet p, RawCapture rawCapture)
{
Console.WriteLine(p.ToString());
EthernetPacket e = (EthernetPacket)p;
Assert.AreEqual("0016CFC91E29", e.SourceHwAddress.ToString());
Assert.AreEqual("0014BFF2EF0A", e.DestinationHwAddress.ToString());
var ip = (IpPacket)p.Extract (typeof(IpPacket));
Assert.AreEqual(System.Net.IPAddress.Parse("192.168.1.172"), ip.SourceAddress);
Assert.AreEqual(System.Net.IPAddress.Parse("66.189.0.29"), ip.DestinationAddress);
Assert.AreEqual(IPProtocolType.UDP, ip.Protocol);
Assert.AreEqual(0x7988, ((IPv4Packet)ip).CalculateIPChecksum());
var udp = (UdpPacket)p.Extract (typeof(UdpPacket));
Assert.AreEqual(3619, udp.SourcePort);
Assert.AreEqual(53, udp.DestinationPort);
Assert.AreEqual(47, udp.Length);
Assert.AreEqual(0xbe2d, udp.Checksum);
}
/*
* handles how packets are processed. prints off timestamp, length of packet, and readable packet information
* saves each packet to a queue for later processing. email admin if there are any issues
*/
private static void PacketHandler(object sender, CaptureEventArgs e)
{
try
{
PacketDotNet.Packet packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
DateTime time = e.Packet.Timeval.Date;
int length = e.Packet.Data.Length;
string details = string.Format("{0} Length={1}\n{2}\n\n", DateTime.Now, length, packet.ToString());
Console.WriteLine(details);
currentDetailsQueue.AppendLine(details);
IPv4Packet ipv4Packet = packet.PayloadPacket as IPv4Packet;
if ((currentTrafficQueue.Contains(ipv4Packet.SourceAddress) == false) && (ipv4Packet.SourceAddress.ToString().Contains("192.168") == false))
{
currentTrafficQueue.Add(ipv4Packet.SourceAddress);
}
}
catch (Exception exception)
{
Security.CheckInternetConnection();
Security.EmailAdmin(exception.ToString(), "PacketHandler");
}
}
/// <summary>
/// 从一个数据包中读取并填充需要的参数
/// </summary>
/// <param name="packet"></param>
/// <param name="src"></param>
/// <param name="dest"></param>
/// <param name="protocol"></param>
/// <param name="description"></param>
internal static void getInfoFromPacket(Packet packet, ref string src, ref string dest, ref string protocol, ref string description)
{
if (packet == null)
{
return;
}
description = packet.ToString();
if (packet is EthernetPacket)
{
//这样是为了保护原来的Packet被强制类型转换后无法恢复
Packet tmpPacket = packet;
EthernetPacket p = (EthernetPacket)tmpPacket;
src = p.SourceHwAddress.ToString();
dest = p.DestinationHwAddress.ToString();
protocol = "0X" + p.Type.ToString("X");
}
if (packet is ARPPacket)
{
Packet tmpPacket = packet;
ARPPacket p = (ARPPacket)tmpPacket;
src = p.SenderProtocolAddress.ToString();
dest = p.TargetProtocolAddress.ToString();
protocol = "0X" + p.ProtocolAddressType.ToString("X");
}
if (packet is IpPacket)
{
Packet tmpPacket = packet;
IpPacket p = (IpPacket)tmpPacket;
src = p.SourceAddress.ToString();
dest = p.DestinationAddress.ToString();
protocol = p.Protocol.ToString();
}
//采用递归,检查一边包的子包
getInfoFromPacket(packet.PayloadPacket, ref src, ref dest, ref protocol, ref description);
}
public void ReportPacketCapture(Packet packet, DateTime arrivalTime)
{
Console.WriteLine("packet captured" + packet.ToString(StringOutputType.Normal).Substring(0, 40));
}
private void OutputPacket(Packet p, StringOutputType outputType)
{
Console.WriteLine(currentPacketDescription + " - " + outputType);
Console.Write(p.ToString(outputType));
if(outputType == StringOutputType.Verbose || outputType == StringOutputType.VerboseColored)
Console.Write(p.PrintHex());
Console.WriteLine();
}