Exemplo n.º 1
0
        public void Add(EthernetPacket packet)
        {
            if (packet.TCPHeader == null)
            {
                return;
            }
            TCP_StreamAddress address      = new TCP_StreamAddress(packet);
            TCP_StreamPacket  streamPacket = new TCP_StreamPacket();

            streamPacket.Direction = TCP_Direction.SourceToDestination;
            streamPacket.Address   = address;
            streamPacket.Packet    = packet;
            int        i = Streams.IndexOfKey(address);
            TCP_Stream stream;

            if (i == -1)
            {
                address.StreamNumber = Streams.Count;
                stream = new TCP_Stream(streamPacket);
                Streams.Add(address, stream);
            }
            else
            {
                stream = Streams.Values[i];
                address.StreamNumber = stream.Address.StreamNumber;
            }
            stream.Add(streamPacket);
            Packets.Add(streamPacket);
            packet.gGroupNumber = address.StreamNumber + 1;
        }
Exemplo n.º 2
0
 private void _Add(TCP_StreamPacket streamPacket)
 {
     if (streamPacket.Address.OriginalOrder == Address.OriginalOrder)
     {
         streamPacket.Direction = TCP_Direction.SourceToDestination;
     }
     else
     {
         streamPacket.Direction = TCP_Direction.DestinationToSource;
     }
     Packets.Add(streamPacket);
     AnalyzePacket(streamPacket);
 }
Exemplo n.º 3
0
        private void _Add(TCP_StreamPacket streamPacket)
        {
            if (streamPacket.Address.OriginalOrder == Address.OriginalOrder)
            {
                streamPacket.Direction = TCP_Direction.SourceToDestination;
            }
            else
            {
                streamPacket.Direction = TCP_Direction.DestinationToSource;
            }
            Packets.Add(streamPacket);
            TCPHeader tcp = streamPacket.Packet.TCPHeader;

            if (tcp.syn == 1)
            {
                // ****** OpenConnection1 SYN seq = x ******
                if (tcp.ack == 0)
                {
                    streamPacket.PacketType = TCP_PacketType.OpenConnection1;
                    OpenState             = TCP_PacketType.OpenConnection1;
                    InitialSourceSequence = CurrentSourceSequence = tcp.seq;
                    Message("TCP open connection step 1 : SYN seq = x (0x{0})", h(tcp.seq));
                    if (streamPacket.Direction != TCP_Direction.SourceToDestination)
                    {
                        Message("  warning wrong direction");
                    }
                }
                // ****** OpenConnection2 SYN seq = y, ACK x + 1 ******
                else
                {
                    if (streamPacket.Direction != TCP_Direction.DestinationToSource)
                    {
                        Message("TCP open connection step 2 : error wrong direction (SYN seq = y, ACK x + 1)");
                        streamPacket.PacketType = TCP_PacketType.Unknow;
                    }
                    else
                    {
                        streamPacket.PacketType = TCP_PacketType.OpenConnection2;
                        OpenState = TCP_PacketType.OpenConnection2;
                        InitialDestinationSequence = CurrentDestinationSequence = tcp.seq;
                        Message("TCP open connection step 2 : SYN seq = y (0x{0}), ACK x + 1 (0x{1})", h(tcp.seq), h(tcp.ack_seq));
                        if (tcp.ack_seq != CurrentSourceSequence + 1)
                        {
                            Message("  warning ack (0x{0}) != source seq + 1 (0x{1})", h(tcp.ack_seq), h(CurrentSourceSequence));
                        }
                        if (LastPacketType != TCP_PacketType.OpenConnection1)
                        {
                            Message("  warning message should be just after open connection step 1");
                        }
                        CurrentSourceSequence++;
                    }
                }
            }
            else if (tcp.fin == 1)
            {
                // ****** CloseSourceConnection1 FIN seq = x ******
                if (streamPacket.Direction == TCP_Direction.SourceToDestination)
                {
                    CloseSourceState = TCP_PacketType.CloseSourceConnection1;
                    Message("TCP close source connection step 1 : FIN seq = x (0x{0})", h(tcp.seq));
                    if (tcp.seq != CurrentSourceSequence)
                    {
                        Message("TCP close source connection step 1 : warning seq (0x{0}) != source seq (0x{1}) (FIN seq = x)", h(tcp.seq), h(CurrentSourceSequence));
                    }
                    if (tcp.ack != 0)
                    {
                        Message("TCP close source connection step 1 : warning ack should not be set (FIN seq = x)");
                    }
                }
                // ****** CloseDestinationConnection1 FIN seq = y, ACK x + 1 ******
                else // streamPacket.Direction == TCP_Direction.DestinationToSource
                {
                    CloseDestinationState = TCP_PacketType.CloseDestinationConnection1;
                    Message("TCP close destination connection step 1 : FIN seq = y (0x{0}), ACK x + 1 (0x{1})", h(tcp.seq), h(tcp.ack_seq));
                    if (tcp.seq != CurrentDestinationSequence)
                    {
                        Message("TCP close destination connection step 1 : warning seq (0x{0}) != destination seq (0x{1}) (FIN seq = y, ACK x + 1)", h(tcp.seq), h(CurrentDestinationSequence));
                    }
                    if (tcp.ack != 1)
                    {
                        Message("TCP close destination connection step 1 : warning ack should be set (FIN seq = y, ACK x + 1)");
                    }
                    else if (tcp.ack_seq != CurrentSourceSequence + 1)
                    {
                        Message("TCP close destination connection step 1 : warning ack (0x{0}) != source seq + 1 (0x{1}) (FIN seq = y, ACK x + 1)", h(tcp.ack_seq), h(CurrentSourceSequence));
                    }
                }
            }
            else if (tcp.ack == 1)
            {
                // ****** OpenConnection3 ACK y + 1 ******
                if (LastPacketType == TCP_PacketType.OpenConnection2 && streamPacket.Direction == TCP_Direction.SourceToDestination)
                {
                    streamPacket.PacketType = TCP_PacketType.OpenConnection3;
                    OpenState        = TCP_PacketType.OpenConnection3;
                    ConnectionOpened = true;
                    CurrentDestinationSequence++;
                    Message("TCP open connection step 3 : ACK y + 1 (0x{0})", h(tcp.ack_seq));

                    if (tcp.ack_seq != InitialDestinationSequence + 1)
                    {
                        Message("TCP open connection step 3 : warning ack (0x{0}) != destination seq + 1 (0x{1}) (ACK y + 1)", h(tcp.ack_seq), h(CurrentDestinationSequence));
                    }
                }
                // ****** CloseSourceConnection2 ACK x + 1 ******
                else if (CloseSourceState = TCP_PacketType.CloseSourceConnection1 && streamPacket.Direction == TCP_Direction.DestinationToSource)
                {
                    Message("TCP close source connection step 2 : ACK x + 1 (0x{0})", h(tcp.ack_seq));
                    if (tcp.ack_seq != CurrentSourceSequence + 1)
                    {
                        Message("TCP close source connection step 2 : warning ack (0x{0}) != source seq + 1 (0x{1}) (ACK x + 1)", h(tcp.ack_seq), h(CurrentSourceSequence));
                    }
                }
                // ****** CloseDestinationConnection2 ACK y + 1 ******
                else if (CloseDestinationState = TCP_PacketType.CloseDestinationConnection1 && streamPacket.Direction == TCP_Direction.SourceToDestination)
                {
                    Message("TCP close destination connection step 2 : ACK y + 1 (0x{0})", h(tcp.ack_seq));
                    if (tcp.ack_seq != CurrentDestinationSequence + 1)
                    {
                        Message("TCP close destination connection step 2 : warning ack (0x{0}) != destination seq + 1 (0x{1}) (ACK y + 1)", h(tcp.ack_seq), h(CurrentDestinationSequence));
                    }
                }
            }
            LastPacketType = streamPacket.PacketType;
        }
Exemplo n.º 4
0
 public void Add(TCP_StreamPacket streamPacket)
 {
     _Add(streamPacket);
 }
Exemplo n.º 5
0
 public TCP_Stream(TCP_StreamPacket streamPacket)
 {
     Address = streamPacket.Address;
     _Add(streamPacket);
 }
Exemplo n.º 6
0
        private void AnalyzePacket(TCP_StreamPacket streamPacket)
        {
            TCP tcp = streamPacket.Packet.TCP;

            streamPacket.PacketType = TCP_PacketType.Unknow;
            bool OpenConnectionPacketType  = false;
            bool CloseConnectionPacketType = false;

            if (tcp.Synchronize)
            {
                OpenConnectionPacketType = true;
                // ****** OpenConnection1 SYN seq = x ******
                if (!tcp.Ack)
                {
                    streamPacket.PacketType           = TCP_PacketType.OpenConnection1;
                    StreamState.OpenState             = TCP_PacketType.OpenConnection1;
                    StreamState.InitialSourceSequence = StreamState.CurrentSourceSequence = tcp.Sequence;
                    //streamPacket.Message("TCP open 1 : SYN seq = x (0x{0})", tcp.seq.zToHex());
                    if (streamPacket.Direction != TCP_Direction.SourceToDestination)
                    {
                        //streamPacket.Message("error wrong direction");
                        streamPacket.AddError(TCP_PacketError.ErrorBadDirection);
                    }
                }
                // ****** OpenConnection2 SYN seq = y, ACK x + 1 ******
                else
                {
                    if (streamPacket.Direction == TCP_Direction.DestinationToSource)
                    {
                        streamPacket.PacketType = TCP_PacketType.OpenConnection2;
                        StreamState.OpenState   = TCP_PacketType.OpenConnection2;
                        StreamState.InitialDestinationSequence = StreamState.CurrentDestinationSequence = tcp.Sequence;
                        //streamPacket.Message("TCP open 2 : SYN seq = y (0x{0}), ACK x + 1 (0x{1})", tcp.seq.zToHex(), tcp.ack_seq.zToHex());
                        StreamState.CurrentSourceSequence++;
                        if (tcp.AckSequence != StreamState.CurrentSourceSequence)
                        {
                            //streamPacket.Message("warning ack (0x{0}) != source seq + 1 (0x{1})", tcp.ack_seq.zToHex(), CurrentSourceSequence.zToHex());
                            streamPacket.AddError(TCP_PacketError.WarningOpenConnection2BadAck);
                        }
                        if (StreamState.LastPacketType != TCP_PacketType.OpenConnection1)
                        {
                            //streamPacket.Message("warning message should be just after open connection step 1");
                            streamPacket.AddError(TCP_PacketError.WarningOpenConnection2BadMessagePosition);
                        }
                    }
                    else
                    {
                        //streamPacket.Message("error wrong direction, TCP open 2, SYN seq = y (0x{0}), ACK x + 1 (0x{1})", tcp.seq.zToHex(), tcp.ack_seq.zToHex());
                        streamPacket.AddError(TCP_PacketError.ErrorOpenConnection2BadDirection);
                    }
                }
            }
            else if (tcp.Finish)
            {
                CloseConnectionPacketType = true;
                // ****** CloseSourceConnection1 FIN seq = x ******
                if (streamPacket.Direction == TCP_Direction.SourceToDestination)
                {
                    streamPacket.PacketType      = TCP_PacketType.CloseSourceConnection1;
                    StreamState.CloseSourceState = TCP_PacketType.CloseSourceConnection1;
                    //streamPacket.Message("TCP close source connection step 1 : FIN seq = x (0x{0})", tcp.seq.zToHex());
                    if (tcp.Sequence != StreamState.CurrentSourceSequence)
                    {
                        //streamPacket.Message("warning seq (0x{0}) != source seq (0x{1})", tcp.seq.zToHex(), CurrentSourceSequence.zToHex());
                        streamPacket.AddError(TCP_PacketError.WarningCloseSourceConnection1BadSeq);
                    }
                    if (tcp.Ack)
                    {
                        //streamPacket.Message("warning ack should not be set");
                        streamPacket.AddError(TCP_PacketError.WarningBadFlagAck);
                    }
                }
                // ****** CloseDestinationConnection1 FIN seq = y, ACK x + 1 ******
                else // streamPacket.Direction == TCP_Direction.DestinationToSource
                {
                    streamPacket.PacketType           = TCP_PacketType.CloseDestinationConnection1;
                    StreamState.CloseDestinationState = TCP_PacketType.CloseDestinationConnection1;
                    //streamPacket.Message("TCP close destination connection step 1 : FIN seq = y (0x{0}), ACK x + 1 (0x{1})", tcp.seq.zToHex(), tcp.ack_seq.zToHex());
                    if (tcp.Sequence != StreamState.CurrentDestinationSequence)
                    {
                        //streamPacket.Message("warning seq (0x{0}) != destination seq (0x{1})", tcp.seq.zToHex(), CurrentDestinationSequence.zToHex());
                        streamPacket.AddError(TCP_PacketError.WarningCloseDestinationConnection1BadSeq);
                    }
                    if (!tcp.Ack)
                    {
                        //streamPacket.Message("warning ack should be set");
                        streamPacket.AddError(TCP_PacketError.WarningBadFlagAck);
                    }
                    else if (tcp.AckSequence != StreamState.CurrentSourceSequence + 1)
                    {
                        //streamPacket.Message("warning ack (0x{0}) != source seq + 1 (0x{1})", tcp.ack_seq.zToHex(), CurrentSourceSequence.zToHex());
                        streamPacket.AddError(TCP_PacketError.WarningCloseDestinationConnection1BadAck);
                    }
                }
            }
            else if (tcp.Ack)
            {
                // ****** OpenConnection3 ACK y + 1 ******
                if (StreamState.LastPacketType == TCP_PacketType.OpenConnection2 && streamPacket.Direction == TCP_Direction.SourceToDestination)
                {
                    OpenConnectionPacketType     = true;
                    streamPacket.PacketType      = TCP_PacketType.OpenConnection3;
                    StreamState.OpenState        = TCP_PacketType.OpenConnection3;
                    StreamState.ConnectionOpened = true;
                    StreamState.CurrentDestinationSequence++;
                    //streamPacket.Message("TCP open 3 : ACK y + 1 (0x{0})", tcp.ack_seq.zToHex());
                    if (tcp.AckSequence != StreamState.InitialDestinationSequence + 1)
                    {
                        //streamPacket.Message("warning ack (0x{0}) != destination seq + 1 (0x{1})", tcp.ack_seq.zToHex(), CurrentDestinationSequence.zToHex());
                        streamPacket.AddError(TCP_PacketError.WarningOpenConnection3BadAck);
                    }
                }
                // ****** CloseSourceConnection2 ACK x + 1 ******
                else if (StreamState.CloseSourceState == TCP_PacketType.CloseSourceConnection1 && streamPacket.Direction == TCP_Direction.DestinationToSource)
                {
                    CloseConnectionPacketType    = true;
                    streamPacket.PacketType      = TCP_PacketType.CloseSourceConnection2;
                    StreamState.CloseSourceState = TCP_PacketType.CloseSourceConnection2;
                    //streamPacket.Message("TCP close source connection step 2 : ACK x + 1 (0x{0})", tcp.ack_seq.zToHex());
                    if (tcp.AckSequence != StreamState.CurrentSourceSequence + 1)
                    {
                        //streamPacket.Message("warning ack (0x{0}) != source seq + 1 (0x{1})", tcp.ack_seq.zToHex(), CurrentSourceSequence.zToHex());
                        streamPacket.AddError(TCP_PacketError.WarningCloseSourceConnection2BadAck);
                    }
                }
                // ****** CloseDestinationConnection2 ACK y + 1 ******
                else if (StreamState.CloseDestinationState == TCP_PacketType.CloseDestinationConnection1 && streamPacket.Direction == TCP_Direction.SourceToDestination)
                {
                    CloseConnectionPacketType         = true;
                    streamPacket.PacketType           = TCP_PacketType.CloseDestinationConnection2;
                    StreamState.CloseDestinationState = TCP_PacketType.CloseDestinationConnection2;
                    //streamPacket.Message("TCP close destination connection step 2 : ACK y + 1 (0x{0})", tcp.ack_seq.zToHex());
                    if (tcp.AckSequence != StreamState.CurrentDestinationSequence + 1)
                    {
                        //streamPacket.Message("warning ack (0x{0}) != destination seq + 1 (0x{1}) (ACK y + 1)", tcp.ack_seq.zToHex(), CurrentDestinationSequence.zToHex());
                        streamPacket.AddError(TCP_PacketError.WarningCloseDestinationConnection2BadAck);
                    }
                }
                else
                {
                    streamPacket.PacketType |= TCP_PacketType.Ack;
                }
            }

            //if (OpenConnectionPacketType || CloseConnectionPacketType)
            //{
            //    if (tcp.DataLength > 0)
            //    {
            //        if (tcp.psh == 1)
            //            streamPacket.Message("error data with push option cannot be send with syn flag");
            //        else
            //            streamPacket.Message("error data with cannot be send with syn flag");
            //    }
            //    if (tcp.psh == 1)
            //        streamPacket.Message("error push option without data cannot be send with syn flag");
            //}

            if (tcp.Push)
            {
                streamPacket.PacketType |= TCP_PacketType.Push;
            }
            if (tcp.DataLength > 0)
            {
                streamPacket.PacketType |= TCP_PacketType.Data;
            }
            StreamState.LastPacketType = streamPacket.PacketType;
            streamPacket.StreamState   = StreamState;
        }