Exemplo n.º 1
0
        /// <summary> Convert captured packet data into an object.</summary>
        public static Packet dataToPacket(LinkLayers linkType, byte[] bytes, Timeval tv)
        {
            EthernetPacketType ethProtocol;

            // retrieve the length of the headers associated with this link layer type.
            // this length is the offset to the header embedded in the packet.
            int byteOffsetToEthernetPayload = LinkLayer.LinkLayerLength(linkType);

            // extract the protocol code for the type of header embedded in the
            // link-layer of the packet
            int offset = LinkLayer.ProtocolOffset(linkType);
            if (offset == -1)
            {
                // if there is no embedded protocol, assume IpV4
                ethProtocol = EthernetPacketType.IPv4;
            }
            else
            {
                ethProtocol = (EthernetPacketType)ArrayHelper.extractInteger(bytes, offset, EthernetFields_Fields.ETH_CODE_LEN);
            }

            string errorString;
            Packet parsedPacket = null;
            try
            {
                // try to recognize the ethernet type..
                switch (ethProtocol)
                {
                    // arp
                    case EthernetPacketType.ARP:
                        parsedPacket = new ARPPacket(byteOffsetToEthernetPayload, bytes, tv);
                        break;

                    case EthernetPacketType.IPv6:
                    case EthernetPacketType.IPv4:
                        try
                        {
                            // ethernet level code is recognized as IP, figure out what kind..
                            int ipProtocol = IPProtocol.extractProtocol(byteOffsetToEthernetPayload, bytes);
                            switch (ipProtocol)
                            {
                                case (int)IPProtocol.IPProtocolType.ICMP:
                                    parsedPacket = new ICMPPacket(byteOffsetToEthernetPayload, bytes, tv);
                                    break;

                                case (int)IPProtocol.IPProtocolType.IGMP:
                                    parsedPacket = new IGMPPacket(byteOffsetToEthernetPayload, bytes, tv);
                                    break;

                                case (int)IPProtocol.IPProtocolType.TCP:
                                    parsedPacket = new TCPPacket(byteOffsetToEthernetPayload, bytes, tv);
                                    break;

                                case (int)IPProtocol.IPProtocolType.UDP:
                                    parsedPacket = new UDPPacket(byteOffsetToEthernetPayload, bytes, tv);
                                    break;

                                // unidentified ip..
                                default:
                                    parsedPacket = new IPPacket(byteOffsetToEthernetPayload, bytes, tv);
                                    break;
                            }

                            // check that the parsed packet is valid
                            if (!parsedPacket.IsValid(out errorString))
                            {
                                throw new PcapException(errorString);
                            }
                            else
                            {
                                return parsedPacket;
                            }
                        }
                        catch
                        {
                            // error parsing the specific ip packet type, parse as a generic IPPacket
                            parsedPacket = new IPPacket(byteOffsetToEthernetPayload, bytes, tv);

                            // check that the parsed packet is valid
                            if (!parsedPacket.IsValid(out errorString))
                            {
                                throw new PcapException(errorString);
                            }
                            else
                            {
                                return parsedPacket;
                            }
                        }

                    // ethernet level code not recognized, default to anonymous packet..
                    default:
                        parsedPacket = new EthernetPacket(byteOffsetToEthernetPayload, bytes, tv);
                        break;
                }

                return parsedPacket;
            }
            catch
            {
                // we know we have at least an ethernet packet, so return that
                return new EthernetPacket(byteOffsetToEthernetPayload, bytes, tv);
            }
        }