void openfile(string capFile)
{
try
{
this.device.StopCapture();
this.device.Close();
}
catch (Exception)
{
;
}
this.packets = new ArrayList();
this.dataGridView1.Rows.Clear();
SharpPcap.LibPcap.CaptureFileReaderDevice captureFileReader = new SharpPcap.LibPcap.CaptureFileReaderDevice(capFile);
SharpPcap.RawCapture pPacket;
int indx = 0;
// Go through all packets in the file
while ((pPacket = captureFileReader.GetNextPacket()) != null)
{
try
{
packet temp = new packet(pPacket);
temp.index = indx;
indx++;
this.packets.Add(temp);
// if (filter_check(temp))
// {
if (this.dataGridView1.InvokeRequired)
{
this.dataGridView1.BeginInvoke(new setDataGridViewDelegate(setDataGridView), new object[] { temp });
}
else
{
int index = this.dataGridView1.Rows.Add();
this.dataGridView1.Rows[index].DefaultCellStyle.BackColor = Color.FromName(temp.color);
this.dataGridView1.Rows[index].Cells[0].Value = temp.time;
this.dataGridView1.Rows[index].Cells[1].Value = temp.srcIp;
this.dataGridView1.Rows[index].Cells[2].Value = temp.destIp;
this.dataGridView1.Rows[index].Cells[3].Value = temp.protocol;
this.dataGridView1.Rows[index].Cells[4].Value = temp.info;
this.dataGridView1.Rows[index].Cells[5].Value = temp.index;
this.dataGridView1.FirstDisplayedScrollingRowIndex = this.dataGridView1.Rows.Count - 1;
}
// }
}
catch (Exception)
{
;
}
}
//this.is_saved = true;
captureFileReader.Close();
MessageBox.Show("读取完毕");
}
//对某个包应用过滤规则
bool apply_filter(packet temp)
{
bool flag = false;
DataGridViewRowCollection rules = this.filter_rules.Rows;
//遍历所有规则
if (!this.radioButton2.Checked)
{
flag = true;
foreach (DataGridViewRow item in rules)
{
string key = (string)(item.Cells[0].Value);
string oper = (string)(item.Cells[1].Value);
string value = (string)(item.Cells[2].Value);
flag = flag && _filter_check(temp, key, oper, value);
}
}
else
{
flag = false;
foreach (DataGridViewRow item in rules)
{
string key = (string)(item.Cells[0].Value);
string oper = (string)(item.Cells[1].Value);
string value = (string)(item.Cells[2].Value);
flag = flag || _filter_check(temp, key, oper, value);
}
}
return(flag);
}
private void setDataGridView(packet Packet)
{
//依次显示包的各个信息
int index = this.dataGridView1.Rows.Add();
this.dataGridView1.Rows[index].DefaultCellStyle.BackColor = Color.FromName(Packet.color);
this.dataGridView1.Rows[index].Cells[0].Value = Packet.protocol;
this.dataGridView1.Rows[index].Cells[1].Value = Packet.srcIp;
this.dataGridView1.Rows[index].Cells[2].Value = Packet.destIp;
this.dataGridView1.Rows[index].Cells[3].Value = Packet.time;
this.dataGridView1.Rows[index].Cells[4].Value = Packet.info;
this.dataGridView1.Rows[index].Cells[5].Value = Packet.index;
this.dataGridView1.FirstDisplayedScrollingRowIndex = this.dataGridView1.Rows.Count - 1;
}
void show_pac(packet temp)
{
//是否跨线程
if (this.dataGridView1.InvokeRequired)
{
this.dataGridView1.BeginInvoke(new setDataGridViewDelegate(setDataGridView), new object[] { temp });
}
else
{
//依次显示包的各个信息
int index = this.dataGridView1.Rows.Add();
this.dataGridView1.Rows[index].DefaultCellStyle.BackColor = Color.FromName(temp.color);
this.dataGridView1.Rows[index].Cells[0].Value = temp.protocol;
this.dataGridView1.Rows[index].Cells[1].Value = temp.srcIp;
this.dataGridView1.Rows[index].Cells[2].Value = temp.destIp;
this.dataGridView1.Rows[index].Cells[3].Value = temp.time;
this.dataGridView1.Rows[index].Cells[4].Value = temp.info;
this.dataGridView1.Rows[index].Cells[5].Value = temp.index;
this.dataGridView1.FirstDisplayedScrollingRowIndex = this.dataGridView1.Rows.Count - 1;
}
}
private void PcapPorcessContext(SharpPcap.RawCapture pPacket)
{
//把包存起来(不论是否过滤)
packet temp = new packet(pPacket);
temp.index = packets.Count;
PacketDotNet.Packet rPacket = PacketDotNet.Packet.ParsePacket(pPacket.LinkLayerType, pPacket.Data);
bytes_persec += rPacket.Bytes.Length;
packets.Add(temp);
//判断是否过滤,若过滤,则调用过滤函数,否则直接显示
bool flag = true;
if (applyfilter)
{
flag = apply_filter(temp);
}
if (!flag)
{
return;
}
show_pac(temp);
}
//检查是否满足过滤条件
private bool _filter_check(packet Packet, string key, string oper, string value)
{
// 取出packet中对应key的value,string形式
List <string> pac_value = new List <string>();
switch (key)
{
case "IP地址":
//可能是源IP或目的IP
pac_value.Add(Packet.destIp);
pac_value.Add(Packet.srcIp);
break;
case "源IP":
pac_value.Add(Packet.srcIp);
break;
case "目的IP":
pac_value.Add(Packet.destIp);
break;
case "端口":
if (Packet.tcp_info.Count > 0)
{
//可能是源端口或目的端口
pac_value.Add(Packet.tcp_info["SourcePort(源端口)"]);
pac_value.Add(Packet.tcp_info["DestinationPort(目的端口)"]);
}
if (Packet.udp_info.Count > 0)
{
//可能是源端口或目的端口
pac_value.Add(Packet.udp_info["SourcePort(源端口)"]);
pac_value.Add(Packet.udp_info["DestinationPort(目的端口)"]);
}
break;
case "源端口":
if (Packet.tcp_info.Count > 0)
{
pac_value.Add(Packet.tcp_info["SourcePort(源端口)"]);
}
if (Packet.udp_info.Count > 0)
{
pac_value.Add(Packet.udp_info["SourcePort(源端口)"]);
}
break;
case "目的端口":
if (Packet.tcp_info.Count > 0)
{
pac_value.Add(Packet.tcp_info["DestinationPort(目的端口)"]);
}
if (Packet.udp_info.Count > 0)
{
pac_value.Add(Packet.udp_info["DestinationPort(目的端口)"]);
}
break;
case "IP版本":
if (Packet.ip_info.Count > 0)
{
pac_value.Add(Packet.ip_info["Version(版本)"]);
}
break;
case "协议":
//从IP层往上依次判断
if (Packet.ip_info.Count > 0)
{
pac_value.Add("IP");
}
if (Packet.tcp_info.Count > 0)
{
pac_value.Add("TCP");
}
if (Packet.udp_info.Count > 0)
{
pac_value.Add("UDP");
}
if (Packet.icmp_info.Count > 0)
{
pac_value.Add("ICMP");
}
if (Packet.igmp_info.Count > 0)
{
pac_value.Add("IGMP");
}
if (Packet.arp_info.Count > 0)
{
pac_value.Add("ARP");
}
if (Packet.application_info.Count > 0)
{
pac_value.Add(Packet.application_info["ApplicationType"]);
}
break;
case "应用数据":
if (Packet.application_info.Count > 0)
{
pac_value.Add(Packet.application_info["Data"]);
}
break;
//是否有合法校验和
case "合法校验和":
if (Packet.color == "Red")
{
return(false ^ (oper == "不等于"));
}
else
{
return(true ^ (oper == "不等于"));
}
default:
break;
}
//过滤操作符,可以是等于,不等于或包含
switch (oper)
{
case "等于":
if (include_array(pac_value, value))
{
return(true);
}
break;
case "不等于":
if (!include_array(pac_value, value))
{
return(true);
}
break;
case "包含":
if (include_array_like(pac_value, value))
{
return(true);
}
break;
default:
return(true);
}
return(false);
}
void showpac_detail(int pacindex)
{
textBox2.Text = "";
int n = pacindex;
//int n = int.Parse(dataGridView1.Rows[RowIndex].Cells[5].Value.ToString());
packet pac = (packet)MainForm.pointer.packets[n];
if (pac.frame_info.Count != 0)
{
textBox2.Text += "=====Frame info=====\r\n";
}
foreach (KeyValuePair <string, string> kv in pac.frame_info)
{
textBox2.Text += kv.Key + " : " + kv.Value + "\r\n";
}
if (pac.ethernet_info.Count != 0)
{
textBox2.Text += "=====Ethernet info=====\r\n";
}
foreach (KeyValuePair <string, string> kv in pac.ethernet_info)
{
textBox2.Text += kv.Key + " : " + kv.Value + "\r\n";
}
if (pac.ip_info.Count != 0)
{
textBox2.Text += "=====IP info=====\r\n";
}
foreach (KeyValuePair <string, string> kv in pac.ip_info)
{
textBox2.Text += kv.Key + " : " + kv.Value + "\r\n";
}
if (pac.arp_info.Count != 0)
{
textBox2.Text += "=====ARP info=====\r\n";
}
foreach (KeyValuePair <string, string> kv in pac.arp_info)
{
textBox2.Text += kv.Key + " : " + kv.Value + "\r\n";
}
if (pac.icmp_info.Count != 0)
{
textBox2.Text += "=====ICMP info=====\r\n";
}
foreach (KeyValuePair <string, string> kv in pac.icmp_info)
{
textBox2.Text += kv.Key + " : " + kv.Value + "\r\n";
}
if (pac.igmp_info.Count != 0)
{
textBox2.Text += "=====IGMP info=====\r\n";
}
foreach (KeyValuePair <string, string> kv in pac.igmp_info)
{
textBox2.Text += kv.Key + " : " + kv.Value + "\r\n";
}
if (pac.tcp_info.Count != 0)
{
textBox2.Text += "=====TCP info=====\r\n";
}
foreach (KeyValuePair <string, string> kv in pac.tcp_info)
{
textBox2.Text += kv.Key + " : " + kv.Value + "\r\n";
}
if (pac.udp_info.Count != 0)
{
textBox2.Text += "=====UDP info=====\r\n";
}
foreach (KeyValuePair <string, string> kv in pac.udp_info)
{
textBox2.Text += kv.Key + " : " + kv.Value + "\r\n";
}
if (pac.application_info.Count != 0)
{
textBox2.Text += "=====Application info=====\r\n";
}
foreach (KeyValuePair <string, string> kv in pac.application_info)
{
textBox2.Text += kv.Key + " : " + kv.Value + "\r\n";
}
if (pac.application_byte != null && pac.application_byte.Count() != 0)
{
textBox2.Text += "=====Application bytes=====\r\n" + pac.application_byte.ToString();
}
}
