Exemplo n.º 1
0
 public void Add(TcpStreamPacket streamPacket)
 {
     if (_address == null)
         _address = streamPacket.Connection;
     if (streamPacket.Connection.OriginalOrder == _address.OriginalOrder)
         streamPacket.Direction = TcpDirection.SourceToDestination;
     else
         streamPacket.Direction = TcpDirection.DestinationToSource;
     _packets.Add(streamPacket);
     AnalyzePacket(streamPacket);
 }
Exemplo n.º 2
0
 public void Add(TcpStreamPacket streamPacket)
 {
     if (_address == null)
     {
         _address = streamPacket.Connection;
     }
     if (streamPacket.Connection.OriginalOrder == _address.OriginalOrder)
     {
         streamPacket.Direction = TcpDirection.SourceToDestination;
     }
     else
     {
         streamPacket.Direction = TcpDirection.DestinationToSource;
     }
     _packets.Add(streamPacket);
     AnalyzePacket(streamPacket);
 }
Exemplo n.º 3
0
 public void Add(PPacket packet)
 {
     if (packet.Tcp == null)
         return;
     TcpStreamPacket streamPacket = new TcpStreamPacket(packet);
     int i = _streams.IndexOfKey(streamPacket.Connection);
     TcpStream0 stream;
     if (i == -1)
     {
         stream = new TcpStream0();
         stream.StreamNumber = _streams.Count + 1;
         _streams.Add(streamPacket.Connection, stream);
     }
     else
     {
         stream = _streams.Values[i];
     }
     streamPacket.StreamNumber = stream.StreamNumber;
     stream.Add(streamPacket);
     _packets.Add(streamPacket);
 }
Exemplo n.º 4
0
        public void Add(PPacket packet)
        {
            if (packet.Tcp == null)
            {
                return;
            }
            TcpStreamPacket streamPacket = new TcpStreamPacket(packet);
            int             i            = _streams.IndexOfKey(streamPacket.Connection);
            TcpStream0      stream;

            if (i == -1)
            {
                stream = new TcpStream0();
                stream.StreamNumber = _streams.Count + 1;
                _streams.Add(streamPacket.Connection, stream);
            }
            else
            {
                stream = _streams.Values[i];
            }
            streamPacket.StreamNumber = stream.StreamNumber;
            stream.Add(streamPacket);
            _packets.Add(streamPacket);
        }
Exemplo n.º 5
0
        private void AnalyzePacket(TcpStreamPacket streamPacket)
        {
            //TCP tcp = streamPacket.Packet.TCP;
            TcpDatagram tcp = streamPacket.Packet.Ethernet.IpV4.Tcp;
            streamPacket.PacketType = TcpPacketType.Unknow;
            bool OpenConnectionPacketType = false;
            bool CloseConnectionPacketType = false;
            //if (tcp.Synchronize)
            if (tcp.IsSynchronize)
            {
                OpenConnectionPacketType = true;
                // ****** OpenConnection1 SYN seq = x ******
                //if (!tcp.Ack)
                if (!tcp.IsAcknowledgment)
                {
                    streamPacket.PacketType = TcpPacketType.OpenConnection1;
                    _streamState.OpenState = TcpPacketType.OpenConnection1;
                    _streamState.InitialSourceSequence = _streamState.CurrentSourceSequence = tcp.SequenceNumber;
                    //streamPacket.Message("TCP open 1 : SYN seq = x (0x{0})", tcp.seq.zToHex());
                    if (streamPacket.Direction != TcpDirection.SourceToDestination)
                        //streamPacket.Message("error wrong direction");
                        streamPacket.AddError(TcpPacketError.ErrorBadDirection);
                }
                // ****** OpenConnection2 SYN seq = y, ACK x + 1 ******
                else
                {
                    if (streamPacket.Direction == TcpDirection.DestinationToSource)
                    {
                        streamPacket.PacketType = TcpPacketType.OpenConnection2;
                        _streamState.OpenState = TcpPacketType.OpenConnection2;
                        _streamState.InitialDestinationSequence = _streamState.CurrentDestinationSequence = tcp.SequenceNumber;
                        //streamPacket.Message("TCP open 2 : SYN seq = y (0x{0}), ACK x + 1 (0x{1})", tcp.seq.zToHex(), tcp.ack_seq.zToHex());
                        _streamState.CurrentSourceSequence++;
                        if (tcp.AcknowledgmentNumber != _streamState.CurrentSourceSequence)
                            //streamPacket.Message("warning ack (0x{0}) != source seq + 1 (0x{1})", tcp.ack_seq.zToHex(), CurrentSourceSequence.zToHex());
                            streamPacket.AddError(TcpPacketError.WarningOpenConnection2BadAck);
                        if (_streamState.LastPacketType != TcpPacketType.OpenConnection1)
                            //streamPacket.Message("warning message should be just after open connection step 1");
                            streamPacket.AddError(TcpPacketError.WarningOpenConnection2BadMessagePosition);
                    }
                    else
                        //streamPacket.Message("error wrong direction, TCP open 2, SYN seq = y (0x{0}), ACK x + 1 (0x{1})", tcp.seq.zToHex(), tcp.ack_seq.zToHex());
                        streamPacket.AddError(TcpPacketError.ErrorOpenConnection2BadDirection);
                }
            }
            //else if (tcp.Finish)
            else if (tcp.IsFin)
            {
                CloseConnectionPacketType = true;
                // ****** CloseSourceConnection1 FIN seq = x ******
                if (streamPacket.Direction == TcpDirection.SourceToDestination)
                {
                    streamPacket.PacketType = TcpPacketType.CloseSourceConnection1;
                    _streamState.CloseSourceState = TcpPacketType.CloseSourceConnection1;
                    //streamPacket.Message("TCP close source connection step 1 : FIN seq = x (0x{0})", tcp.seq.zToHex());
                    if (tcp.SequenceNumber != _streamState.CurrentSourceSequence)
                        //streamPacket.Message("warning seq (0x{0}) != source seq (0x{1})", tcp.seq.zToHex(), CurrentSourceSequence.zToHex());
                        streamPacket.AddError(TcpPacketError.WarningCloseSourceConnection1BadSeq);
                    //if (tcp.Ack)
                    if (tcp.IsAcknowledgment)
                        //streamPacket.Message("warning ack should not be set");
                        streamPacket.AddError(TcpPacketError.WarningBadFlagAck);
                }
                // ****** CloseDestinationConnection1 FIN seq = y, ACK x + 1 ******
                else // streamPacket.Direction == TcpDirection.DestinationToSource
                {
                    streamPacket.PacketType = TcpPacketType.CloseDestinationConnection1;
                    _streamState.CloseDestinationState = TcpPacketType.CloseDestinationConnection1;
                    //streamPacket.Message("TCP close destination connection step 1 : FIN seq = y (0x{0}), ACK x + 1 (0x{1})", tcp.seq.zToHex(), tcp.ack_seq.zToHex());
                    if (tcp.SequenceNumber != _streamState.CurrentDestinationSequence)
                        //streamPacket.Message("warning seq (0x{0}) != destination seq (0x{1})", tcp.seq.zToHex(), CurrentDestinationSequence.zToHex());
                        streamPacket.AddError(TcpPacketError.WarningCloseDestinationConnection1BadSeq);
                    //if (!tcp.Ack)
                    if (!tcp.IsAcknowledgment)
                        //streamPacket.Message("warning ack should be set");
                        streamPacket.AddError(TcpPacketError.WarningBadFlagAck);
                    else if (tcp.AcknowledgmentNumber != _streamState.CurrentSourceSequence + 1)
                        //streamPacket.Message("warning ack (0x{0}) != source seq + 1 (0x{1})", tcp.ack_seq.zToHex(), CurrentSourceSequence.zToHex());
                        streamPacket.AddError(TcpPacketError.WarningCloseDestinationConnection1BadAck);
                }
            }
            //else if (tcp.Ack)
            else if (tcp.IsAcknowledgment)
            {
                // ****** OpenConnection3 ACK y + 1 ******
                if (_streamState.LastPacketType == TcpPacketType.OpenConnection2 && streamPacket.Direction == TcpDirection.SourceToDestination)
                {
                    OpenConnectionPacketType = true;
                    streamPacket.PacketType = TcpPacketType.OpenConnection3;
                    _streamState.OpenState = TcpPacketType.OpenConnection3;
                    _streamState.ConnectionOpened = true;
                    _streamState.CurrentDestinationSequence++;
                    //streamPacket.Message("TCP open 3 : ACK y + 1 (0x{0})", tcp.ack_seq.zToHex());
                    if (tcp.AcknowledgmentNumber != _streamState.InitialDestinationSequence + 1)
                        //streamPacket.Message("warning ack (0x{0}) != destination seq + 1 (0x{1})", tcp.ack_seq.zToHex(), CurrentDestinationSequence.zToHex());
                        streamPacket.AddError(TcpPacketError.WarningOpenConnection3BadAck);
                }
                // ****** CloseSourceConnection2 ACK x + 1 ******
                else if (_streamState.CloseSourceState == TcpPacketType.CloseSourceConnection1 && streamPacket.Direction == TcpDirection.DestinationToSource)
                {
                    CloseConnectionPacketType = true;
                    streamPacket.PacketType = TcpPacketType.CloseSourceConnection2;
                    _streamState.CloseSourceState = TcpPacketType.CloseSourceConnection2;
                    //streamPacket.Message("TCP close source connection step 2 : ACK x + 1 (0x{0})", tcp.ack_seq.zToHex());
                    if (tcp.AcknowledgmentNumber != _streamState.CurrentSourceSequence + 1)
                        //streamPacket.Message("warning ack (0x{0}) != source seq + 1 (0x{1})", tcp.ack_seq.zToHex(), CurrentSourceSequence.zToHex());
                        streamPacket.AddError(TcpPacketError.WarningCloseSourceConnection2BadAck);
                }
                // ****** CloseDestinationConnection2 ACK y + 1 ******
                else if (_streamState.CloseDestinationState == TcpPacketType.CloseDestinationConnection1 && streamPacket.Direction == TcpDirection.SourceToDestination)
                {
                    CloseConnectionPacketType = true;
                    streamPacket.PacketType = TcpPacketType.CloseDestinationConnection2;
                    _streamState.CloseDestinationState = TcpPacketType.CloseDestinationConnection2;
                    //streamPacket.Message("TCP close destination connection step 2 : ACK y + 1 (0x{0})", tcp.ack_seq.zToHex());
                    if (tcp.AcknowledgmentNumber != _streamState.CurrentDestinationSequence + 1)
                        //streamPacket.Message("warning ack (0x{0}) != destination seq + 1 (0x{1}) (ACK y + 1)", tcp.ack_seq.zToHex(), CurrentDestinationSequence.zToHex());
                        streamPacket.AddError(TcpPacketError.WarningCloseDestinationConnection2BadAck);
                }
                else
                    streamPacket.PacketType |= TcpPacketType.Ack;
            }

            //if (OpenConnectionPacketType || CloseConnectionPacketType)
            //{
            //    if (tcp.DataLength > 0)
            //    {
            //        if (tcp.psh == 1)
            //            streamPacket.Message("error data with push option cannot be send with syn flag");
            //        else
            //            streamPacket.Message("error data with cannot be send with syn flag");
            //    }
            //    if (tcp.psh == 1)
            //        streamPacket.Message("error push option without data cannot be send with syn flag");
            //}

            //if (tcp.Push)
            if (tcp.IsPush)
                streamPacket.PacketType |= TcpPacketType.Push;
            if (tcp.PayloadLength > 0)
                streamPacket.PacketType |= TcpPacketType.Data;
            _streamState.LastPacketType = streamPacket.PacketType;
            streamPacket.StreamState = _streamState;
        }
Exemplo n.º 6
0
        private void AnalyzePacket(TcpStreamPacket streamPacket)
        {
            //TCP tcp = streamPacket.Packet.TCP;
            TcpDatagram tcp = streamPacket.Packet.Ethernet.IpV4.Tcp;

            streamPacket.PacketType = TcpPacketType.Unknow;
            bool OpenConnectionPacketType  = false;
            bool CloseConnectionPacketType = false;

            //if (tcp.Synchronize)
            if (tcp.IsSynchronize)
            {
                OpenConnectionPacketType = true;
                // ****** OpenConnection1 SYN seq = x ******
                //if (!tcp.Ack)
                if (!tcp.IsAcknowledgment)
                {
                    streamPacket.PacketType            = TcpPacketType.OpenConnection1;
                    _streamState.OpenState             = TcpPacketType.OpenConnection1;
                    _streamState.InitialSourceSequence = _streamState.CurrentSourceSequence = tcp.SequenceNumber;
                    //streamPacket.Message("TCP open 1 : SYN seq = x (0x{0})", tcp.seq.zToHex());
                    if (streamPacket.Direction != TcpDirection.SourceToDestination)
                    {
                        //streamPacket.Message("error wrong direction");
                        streamPacket.AddError(TcpPacketError.ErrorBadDirection);
                    }
                }
                // ****** OpenConnection2 SYN seq = y, ACK x + 1 ******
                else
                {
                    if (streamPacket.Direction == TcpDirection.DestinationToSource)
                    {
                        streamPacket.PacketType = TcpPacketType.OpenConnection2;
                        _streamState.OpenState  = TcpPacketType.OpenConnection2;
                        _streamState.InitialDestinationSequence = _streamState.CurrentDestinationSequence = tcp.SequenceNumber;
                        //streamPacket.Message("TCP open 2 : SYN seq = y (0x{0}), ACK x + 1 (0x{1})", tcp.seq.zToHex(), tcp.ack_seq.zToHex());
                        _streamState.CurrentSourceSequence++;
                        if (tcp.AcknowledgmentNumber != _streamState.CurrentSourceSequence)
                        {
                            //streamPacket.Message("warning ack (0x{0}) != source seq + 1 (0x{1})", tcp.ack_seq.zToHex(), CurrentSourceSequence.zToHex());
                            streamPacket.AddError(TcpPacketError.WarningOpenConnection2BadAck);
                        }
                        if (_streamState.LastPacketType != TcpPacketType.OpenConnection1)
                        {
                            //streamPacket.Message("warning message should be just after open connection step 1");
                            streamPacket.AddError(TcpPacketError.WarningOpenConnection2BadMessagePosition);
                        }
                    }
                    else
                    {
                        //streamPacket.Message("error wrong direction, TCP open 2, SYN seq = y (0x{0}), ACK x + 1 (0x{1})", tcp.seq.zToHex(), tcp.ack_seq.zToHex());
                        streamPacket.AddError(TcpPacketError.ErrorOpenConnection2BadDirection);
                    }
                }
            }
            //else if (tcp.Finish)
            else if (tcp.IsFin)
            {
                CloseConnectionPacketType = true;
                // ****** CloseSourceConnection1 FIN seq = x ******
                if (streamPacket.Direction == TcpDirection.SourceToDestination)
                {
                    streamPacket.PacketType       = TcpPacketType.CloseSourceConnection1;
                    _streamState.CloseSourceState = TcpPacketType.CloseSourceConnection1;
                    //streamPacket.Message("TCP close source connection step 1 : FIN seq = x (0x{0})", tcp.seq.zToHex());
                    if (tcp.SequenceNumber != _streamState.CurrentSourceSequence)
                    {
                        //streamPacket.Message("warning seq (0x{0}) != source seq (0x{1})", tcp.seq.zToHex(), CurrentSourceSequence.zToHex());
                        streamPacket.AddError(TcpPacketError.WarningCloseSourceConnection1BadSeq);
                    }
                    //if (tcp.Ack)
                    if (tcp.IsAcknowledgment)
                    {
                        //streamPacket.Message("warning ack should not be set");
                        streamPacket.AddError(TcpPacketError.WarningBadFlagAck);
                    }
                }
                // ****** CloseDestinationConnection1 FIN seq = y, ACK x + 1 ******
                else // streamPacket.Direction == TcpDirection.DestinationToSource
                {
                    streamPacket.PacketType            = TcpPacketType.CloseDestinationConnection1;
                    _streamState.CloseDestinationState = TcpPacketType.CloseDestinationConnection1;
                    //streamPacket.Message("TCP close destination connection step 1 : FIN seq = y (0x{0}), ACK x + 1 (0x{1})", tcp.seq.zToHex(), tcp.ack_seq.zToHex());
                    if (tcp.SequenceNumber != _streamState.CurrentDestinationSequence)
                    {
                        //streamPacket.Message("warning seq (0x{0}) != destination seq (0x{1})", tcp.seq.zToHex(), CurrentDestinationSequence.zToHex());
                        streamPacket.AddError(TcpPacketError.WarningCloseDestinationConnection1BadSeq);
                    }
                    //if (!tcp.Ack)
                    if (!tcp.IsAcknowledgment)
                    {
                        //streamPacket.Message("warning ack should be set");
                        streamPacket.AddError(TcpPacketError.WarningBadFlagAck);
                    }
                    else if (tcp.AcknowledgmentNumber != _streamState.CurrentSourceSequence + 1)
                    {
                        //streamPacket.Message("warning ack (0x{0}) != source seq + 1 (0x{1})", tcp.ack_seq.zToHex(), CurrentSourceSequence.zToHex());
                        streamPacket.AddError(TcpPacketError.WarningCloseDestinationConnection1BadAck);
                    }
                }
            }
            //else if (tcp.Ack)
            else if (tcp.IsAcknowledgment)
            {
                // ****** OpenConnection3 ACK y + 1 ******
                if (_streamState.LastPacketType == TcpPacketType.OpenConnection2 && streamPacket.Direction == TcpDirection.SourceToDestination)
                {
                    OpenConnectionPacketType      = true;
                    streamPacket.PacketType       = TcpPacketType.OpenConnection3;
                    _streamState.OpenState        = TcpPacketType.OpenConnection3;
                    _streamState.ConnectionOpened = true;
                    _streamState.CurrentDestinationSequence++;
                    //streamPacket.Message("TCP open 3 : ACK y + 1 (0x{0})", tcp.ack_seq.zToHex());
                    if (tcp.AcknowledgmentNumber != _streamState.InitialDestinationSequence + 1)
                    {
                        //streamPacket.Message("warning ack (0x{0}) != destination seq + 1 (0x{1})", tcp.ack_seq.zToHex(), CurrentDestinationSequence.zToHex());
                        streamPacket.AddError(TcpPacketError.WarningOpenConnection3BadAck);
                    }
                }
                // ****** CloseSourceConnection2 ACK x + 1 ******
                else if (_streamState.CloseSourceState == TcpPacketType.CloseSourceConnection1 && streamPacket.Direction == TcpDirection.DestinationToSource)
                {
                    CloseConnectionPacketType     = true;
                    streamPacket.PacketType       = TcpPacketType.CloseSourceConnection2;
                    _streamState.CloseSourceState = TcpPacketType.CloseSourceConnection2;
                    //streamPacket.Message("TCP close source connection step 2 : ACK x + 1 (0x{0})", tcp.ack_seq.zToHex());
                    if (tcp.AcknowledgmentNumber != _streamState.CurrentSourceSequence + 1)
                    {
                        //streamPacket.Message("warning ack (0x{0}) != source seq + 1 (0x{1})", tcp.ack_seq.zToHex(), CurrentSourceSequence.zToHex());
                        streamPacket.AddError(TcpPacketError.WarningCloseSourceConnection2BadAck);
                    }
                }
                // ****** CloseDestinationConnection2 ACK y + 1 ******
                else if (_streamState.CloseDestinationState == TcpPacketType.CloseDestinationConnection1 && streamPacket.Direction == TcpDirection.SourceToDestination)
                {
                    CloseConnectionPacketType          = true;
                    streamPacket.PacketType            = TcpPacketType.CloseDestinationConnection2;
                    _streamState.CloseDestinationState = TcpPacketType.CloseDestinationConnection2;
                    //streamPacket.Message("TCP close destination connection step 2 : ACK y + 1 (0x{0})", tcp.ack_seq.zToHex());
                    if (tcp.AcknowledgmentNumber != _streamState.CurrentDestinationSequence + 1)
                    {
                        //streamPacket.Message("warning ack (0x{0}) != destination seq + 1 (0x{1}) (ACK y + 1)", tcp.ack_seq.zToHex(), CurrentDestinationSequence.zToHex());
                        streamPacket.AddError(TcpPacketError.WarningCloseDestinationConnection2BadAck);
                    }
                }
                else
                {
                    streamPacket.PacketType |= TcpPacketType.Ack;
                }
            }

            //if (OpenConnectionPacketType || CloseConnectionPacketType)
            //{
            //    if (tcp.DataLength > 0)
            //    {
            //        if (tcp.psh == 1)
            //            streamPacket.Message("error data with push option cannot be send with syn flag");
            //        else
            //            streamPacket.Message("error data with cannot be send with syn flag");
            //    }
            //    if (tcp.psh == 1)
            //        streamPacket.Message("error push option without data cannot be send with syn flag");
            //}

            //if (tcp.Push)
            if (tcp.IsPush)
            {
                streamPacket.PacketType |= TcpPacketType.Push;
            }
            if (tcp.PayloadLength > 0)
            {
                streamPacket.PacketType |= TcpPacketType.Data;
            }
            _streamState.LastPacketType = streamPacket.PacketType;
            streamPacket.StreamState    = _streamState;
        }