Exemplo n.º 1
0
        private void AddNewNode(TcpRecon recon)
        {
            int startAt = (int)recon.LastSavedOffset;
            int endAt = (int)recon.PreviousPacketEndOffset;
            if (recon.isComplete) endAt =(int)recon.CurrentOffset;

            DataBlock db = new DataBlock(recon.dumpFile, startAt, endAt - startAt, recon);

            db.EpochTimeStamp = curPacketTime.Seconds.ToString() + "." + curPacketTime.MicroSeconds.ToString();

            /*string fu = firstTimeStamp_s.ToString() + "." + firstTimeStamp_ms.ToString();
            string fu2 = firstpacketTimeStamp_s.ToString() + "." + firstpacketTimeStamp_ms.ToString();
            decimal tmp = decimal.Parse(fu);
            decimal temp2 = decimal.Parse(fu2);
            decimal x = temp2 - tmp;
            db.relativeTimeStamp = x.ToString();
            firstpacketTimeStamp_s = 0;*/

            /*long hi = (long)curPacket.PcapHeader.Seconds - firstTimeStamp_s;
            long low = (long)curPacket.PcapHeader.MicroSeconds - firstTimeStamp_ms;
            db.relativeTimeStamp = hi.ToString() + "." + low.ToString();
            */

            owner.Invoke(NewNode, db);

            recon.LastSavedOffset = recon.PreviousPacketEndOffset;
        }
Exemplo n.º 2
0
        private void Complete(List <string> ips)
        {
            ListViewItem    li  = null;
            List <TreeNode> rem = new List <TreeNode>();
            int             ii  = 0;

            if (rm.ErrorMessage.Length > 0)
            {
                this.Text = rm.ErrorMessage;
                this.Refresh();
                return;
            }

            this.Text = "Loading Complete now parsing...";
            this.Refresh();

            foreach (string s in ips)
            {
                lvIPs.Items.Add(s);
            }

            if (ConglomerateToolStripMenuItem.Checked)
            {
                this.Text = "Conglomerating streams option checked...";
                this.Refresh();
                Application.DoEvents();

startOver:
                ii = 0;

                foreach (TreeNode n in tv.Nodes)
                {
                    ii++;
                    if (ii % 2 == 0)
                    {
                        setpb(ii, tv.Nodes.Count);
                    }

                    foreach (TreeNode n2 in tv.Nodes)
                    {
                        if (n2 != n)
                        {
                            if (n2.Text == n.Text)
                            {
                                foreach (TreeNode n3 in n2.Nodes)
                                {
                                    TreeNode n4 = n.Nodes.Add(n3.Text);
                                    n4.Tag = n3.Tag;
                                }
                                tv.Nodes.Remove(n2);
                                goto startOver; //or you get invalid object reference..removing from treeviews is tricky..
                            }
                        }
                    }
                }
            }

            this.Text = "Scanning for http content..";
            this.Refresh();
            ii = 0;

            foreach (TreeNode n in tv.Nodes)//parent node shows stream info..
            {
                ii++;
                if (ii % 2 == 0)
                {
                    setpb(ii, tv.Nodes.Count);
                }
                int st = Environment.TickCount;

                if (n.Nodes.Count == 0)
                {
                    rem.Add(n);
                }
                else
                {
                    n.Text += "  (" + n.Nodes.Count + ")";

                    /*tv.Refresh();
                     * this.Refresh();
                     * Application.DoEvents();*/

                    setpb(0, 0, 2);
                    int ni = 0;
                    foreach (TreeNode nn in n.Nodes) //each subnode holds the actual data stream details..
                    {
                        //if (System.Diagnostics.Debugger.IsAttached && (Environment.TickCount - st) > 5000) System.Diagnostics.Debugger.Break();
                        ni++;
                        if (ni % 10 == 0)
                        {
                            setpb(ni, n.Nodes.Count, 2);
                        }

                        DataBlock db = (DataBlock)nn.Tag;
                        db.DetectType();
                        if (db.DataType != DataBlock.DataTypes.dtBinary)
                        {
                            nn.Text = db.HttpFirstLine;
                            if (db.DataType == DataBlock.DataTypes.dtHttpReq)
                            {
                                li     = lv.Items.Add(db.HttpFirstLine);
                                li.Tag = nn;
                            }
                            else
                            {//we have some extra display room with just short HTTP response code, so lets use it..
                                nn.Text = "   " + nn.Text + string.Format("   - 0x{0:x} bytes", db.length);
                                if (db.isChunked)
                                {
                                    nn.Text += " chunked ";
                                }
                                if (db.isGZip)
                                {
                                    nn.Text += " w/gzip";
                                }
                            }
                        }
                    }
                }
            }

            this.Text = "Pruning tree...";
            this.Refresh();
            foreach (TreeNode n in rem)
            {
                tv.Nodes.Remove(n);
            }

            lvDNS.Columns[0].Text = "DNS Requests: " + lvDNS.Items.Count;
            lv.Columns[0].Text    = "Web Requests: " + lv.Items.Count;
            TimeSpan totalTime = (DateTime.Now - startTime);

            this.Text = "  Pcap size: " + FileSizeToHumanReadable(txtPcap.Text) + string.Format("      Processing time: {0} seconds", totalTime.TotalSeconds);
            pb.Value  = 0;
            pb2.Value = 0;
        }
Exemplo n.º 3
0
        private void extractStreamsToolStripMenuItem_Click(object sender, EventArgs e)
        {
            //note we have simplified the output file name...does not include ip..
            //user dont extract multi ip streams..fix latter
            //should the name be client 1, server 1 or client 1 , server 2 client 3 ?

            fDlg.SelectedPath = outDir;
            if (fDlg.ShowDialog() != DialogResult.OK)
            {
                return;
            }

            string pDir = fDlg.SelectedPath + "\\";

            int      c = 0, s = 0, saved = 0, total = 0, failed = 0;
            TcpRecon recon;
            string   name = "";

            foreach (TreeNode n in tv.Nodes)
            {
                if (n.Checked) //parent stream node, extract all its children
                {
                    recon = (TcpRecon)n.Tag;
                    foreach (TreeNode nn in n.Nodes)
                    {
                        DataBlock db = (DataBlock)nn.Tag;
                        if (db.LoadData())
                        {
                            if (db.SourceAddress == recon.ServerAddress)
                            {
                                name = "server_" + string.Format("{0:D4}", s++);
                            }
                            else
                            {
                                name = "client_" + string.Format("{0:D4}", c++);
                            }

                            if (!db.SaveToFile(pDir + name + ".bin"))
                            {
                                failed++;
                            }
                            db.FreeData();
                            saved++;
                        }
                        total++;
                    }
                }
                else //scan its subnodes to see if any of them are selected..
                {
                    foreach (TreeNode nn in n.Nodes)
                    {
                        recon = (TcpRecon)n.Tag;
                        if (nn.Checked)
                        {
                            DataBlock db = (DataBlock)nn.Tag;
                            if (db.LoadData())
                            {
                                if (db.SourceAddress == recon.ServerAddress)
                                {
                                    name = "server_" + string.Format("{0:D4}", s++);
                                }
                                else
                                {
                                    name = "client_" + string.Format("{0:D4}", c++);
                                }

                                if (!db.SaveToFile(pDir + name + ".bin"))
                                {
                                    failed++;
                                }
                                db.FreeData();
                                saved++;
                            }
                            total++;
                        }
                    }
                }
            }

            MessageBox.Show(string.Format("Extraction Complete Saved:{0} Total:{1} Fails:{2} blocks extracted.", saved, total - 1, failed));
        }