private void getHosts()
{
//获取列表大概耗时35秒
packetArrayList = utility.ARPBroadcast(utility.getLiveDevice());
int ItemIndex = 0;
foreach (Object obj in packetArrayList)
{
ARPPacket pkt = (ARPPacket)obj;
string srcIP = pkt.SenderProtocolAddress.ToString();
IPHostEntry entry = Dns.GetHostEntry(pkt.SenderProtocolAddress);
string hostName = entry.HostName;
//各项逐个添加的原因是解析HostName耗时不同
ListViewItem tmp = new ListViewItem();
tmp.Text = ItemIndex.ToString();
tmp.SubItems.Add(hostName);
tmp.SubItems.Add(pkt.SenderProtocolAddress.ToString());
tmp.SubItems.Add(pkt.SenderHardwareAddress.ToString());
//若源MAC已有对应注释,加载之
string[] commentItem = File.ReadAllLines(commentFile);
for (int i = 0; i < commentItem.Length; i++)
{
if (commentItem[i].Substring(0, 12) == pkt.SenderHardwareAddress.ToString())
{
string tmpComment = commentItem[i].Substring(13);
tmp.SubItems.Add(tmpComment);
tmp.BackColor = Color.BurlyWood;
}
}
lstHost.Items.Insert(ItemIndex, tmp);
ItemIndex++;
}
this.pbScan.Value = pbScan.Maximum;
MessageBox.Show("数据包捕获完毕!");
}
private EthernetPacket aARPPacket()
{
string strEthDestMAC = txtEhDestMac.Text;
string strEhSourMac = txtEhSourMac.Text;
string strARPSourIP = txtARPSourIP.Text;
string strARPSourMac = txtARPSourMac.Text;
string strARPDestIP = txtARPDestIP.Text;
string strARPDestMac = txtARPDestMac.Text;
if (rdoReq.Checked)
{
ARPPacket arp = new ARPPacket(ARPOperation.Request, PhysicalAddress.Parse(strARPDestMac), IPAddress.Parse(strARPDestIP), PhysicalAddress.Parse(strARPSourMac), IPAddress.Parse(strARPSourIP));
EthernetPacket eth = new EthernetPacket(PhysicalAddress.Parse(strEhSourMac), PhysicalAddress.Parse(strEthDestMAC), EthernetPacketType.Arp);
eth.PayloadPacket = arp;
return(eth);
}
else
{
ARPPacket arp = new ARPPacket(ARPOperation.Response, PhysicalAddress.Parse(strARPDestMac), IPAddress.Parse(strARPDestIP), PhysicalAddress.Parse(strARPSourMac), IPAddress.Parse(strARPSourIP));
EthernetPacket eth = new EthernetPacket(PhysicalAddress.Parse(strEhSourMac), PhysicalAddress.Parse(strEthDestMAC), EthernetPacketType.Arp);
eth.PayloadPacket = arp;
return(eth);
}
}
public static Packet BuildArpReply(PhysicalAddress srcMAC, PhysicalAddress dstMAC, IPAddress senderIP, IPAddress targetIP, PhysicalAddress senderMAC, PhysicalAddress targetMAC, int vlanID)
{
EthernetPacket ePacket = new EthernetPacket(srcMAC, dstMAC, EthernetPacketType.Arp);
ARPPacket aPacket = new ARPPacket(ARPOperation.Response, targetMAC, targetIP, senderMAC, senderIP);
return(PacketBuilder.BuildPacket(vlanID, ePacket, aPacket));
}
public static void Disconnect(IView view, Dictionary <IPAddress, PhysicalAddress> targetlist, IPAddress gatewayipaddress, PhysicalAddress gatewaymacaddress, string interfacefriendlyname)
{
engagedclientlist = new Dictionary <IPAddress, PhysicalAddress>();
capturedevice = (from devicex in CaptureDeviceList.Instance where ((SharpPcap.WinPcap.WinPcapDevice)devicex).Interface.FriendlyName == interfacefriendlyname select devicex).ToList()[0];
capturedevice.Open();
foreach (var target in targetlist)
{
IPAddress myipaddress = ((SharpPcap.WinPcap.WinPcapDevice)capturedevice).Addresses[1].Addr.ipAddress; //possible critical point : Addresses[1] in hardcoding the index for obtaining ipv4 address
ARPPacket arppacketforgatewayrequest = new ARPPacket(ARPOperation.Request, PhysicalAddress.Parse("00-00-00-00-00-00"), gatewayipaddress, capturedevice.MacAddress, target.Key);
EthernetPacket ethernetpacketforgatewayrequest = new EthernetPacket(capturedevice.MacAddress, gatewaymacaddress, EthernetPacketType.Arp);
ethernetpacketforgatewayrequest.PayloadPacket = arppacketforgatewayrequest;
new Thread(() =>
{
disengageflag = false;
DebugOutputClass.Print(view, "Spoofing target " + target.Value.ToString() + " @ " + target.Key.ToString());
try
{
while (!disengageflag)
{
capturedevice.SendPacket(ethernetpacketforgatewayrequest);
}
}
catch (PcapException ex)
{
DebugOutputClass.Print(view, "PcapException @ DisconnectReconnect.Disconnect() [" + ex.Message + "]");
}
DebugOutputClass.Print(view, "Spoofing thread @ DisconnectReconnect.Disconnect() for " + target.Value.ToString() + " @ " + target.Key.ToString() + " is terminating.");
}).Start();
engagedclientlist.Add(target.Key, target.Value);
}
;
}
/// <summary>
/// Generate and return an ARP packet
/// </summary>
/// <param name="from">The FROM address to be used in the ARP layer (user)</param>
/// <param name="to">The TO address (gateway)</param>
/// <param name="mFrom">The MAC address of the user (or attacker)</param>
/// <param name="mTo">The MAC address of the gateway</param>
/// <returns></returns>
private ARPPacket generateARP(IPAddress from, IPAddress to, PhysicalAddress mFrom, PhysicalAddress mTo)
{
// build the ethernet layer packet
EthPacket eth = new EthPacket(42);
eth.FromMac = mFrom.GetAddressBytes();
eth.ToMac = mTo.GetAddressBytes();
eth.Proto = new byte[2] {
0x08, 0x06
};
// build the arp
ARPPacket arp = new ARPPacket(eth);
arp.HardwareSize = 6;
arp.HardwareType = 1;
arp.ProtocolType = 0x0800;
arp.ProtocolSize = 4;
arp.ASenderIP = from;
arp.ATargetIP = to;
arp.ASenderMac = mFrom.GetAddressBytes();
arp.ATargetMac = mTo.GetAddressBytes();
arp.Outbound = true;
arp.ProtocolSize = 0x04;
// mark it REPLY
arp.ARPOpcode = 2;
return(arp);
}
/**
* Process packets when they arrive
*/
private void device_onPacketArrival(Object sender, CaptureEventArgs packet)
{
try
{
String address = null, protocol = null;
// Convert the packet data from a byte array to a EthernetPacket instance
EthernetPacket ethernetPacket = (EthernetPacket)Packet.ParsePacket(packet.Packet.LinkLayerType, packet.Packet.Data);
// IPv4
if (ethernetPacket.PayloadPacket is IPv4Packet)
{
IPv4Packet ip = (IPv4Packet)ethernetPacket.PayloadPacket;
address = ip.SourceAddress.ToString();
protocol = ip.Protocol.ToString();
}
// IPv6
else if (ethernetPacket.PayloadPacket is IPv6Packet)
{
IPv6Packet ip = (IPv6Packet)ethernetPacket.PayloadPacket;
// Convert address to IPv4 since the GeoIP database we're using doesn't support IPv6 lookups
address = ip.SourceAddress.MapToIPv4().ToString();
protocol = ip.Protocol.ToString();
}
// ARP
else if (ethernetPacket.PayloadPacket is ARPPacket)
{
ARPPacket arp = (ARPPacket)ethernetPacket.PayloadPacket;
address = arp.SenderProtocolAddress.ToString();
// Check if this is a gratuitious ARP
checkForGratuitiousArp(arp);
protocol = "ARP";
}
// Other
else
{
// Don't care about other packet types
return;
}
// We care about this packet, so the packet counter can increment
numPackets++;
// If we haven't processes this IP address yet, add it to the address queue
if (address != null && !addedAddresses.Contains(address) && !pendingAddresses.ContainsKey(address))
{
pendingAddresses.Add(address, protocol);
}
} catch (Exception)
{
// Handle issues gracefully
}
}
private bool TryHandleArp(ARPPacket packet, out ARPPacket response)
{
response = null;
this.Log(LogLevel.Noisy, "Handling ARP packet: {0}", packet);
if (packet.Operation != ARPOperation.Request)
{
this.Log(LogLevel.Warning, "Unsupported ARP packet: {0}", packet);
return(false);
}
if (!packet.TargetProtocolAddress.Equals(IP))
{
this.Log(LogLevel.Noisy, "This ARP packet is not directed to me. Ignoring");
return(false);
}
response = new ARPPacket(
ARPOperation.Response,
packet.SenderHardwareAddress,
packet.SenderProtocolAddress,
(PhysicalAddress)MAC,
IP);
this.Log(LogLevel.Noisy, "Sending ARP response");
return(true);
}
/// <summary>
/// 设备扫描发包线程。
/// </summary>
/// <param name="obj">地址列表。</param>
private void ScanPacketSendThread(object obj)
{
try {
// 获取当前设备
var device = DeviceList[CurDevName];
// 获取地址列表
var ipAddresses = (List <IPAddress>)obj;
// 构建包信息
var ether = new EthernetPacket(device.MacAddress,
new PhysicalAddress(new byte[] { 255, 255, 255, 255, 255, 255 }),
EthernetPacketType.Arp);
var arp = new ARPPacket(ARPOperation.Request,
new PhysicalAddress(new byte[] { 0, 0, 0, 0, 0, 0 }),
new IPAddress(new byte[] { 0, 0, 0, 0 }),
device.MacAddress,
Ipv4Address)
{
HardwareAddressType = LinkLayers.Ethernet,
ProtocolAddressType = EthernetPacketType.IPv4
};
ether.PayloadPacket = arp;
arp.ParentPacket = ether;
// 根据目标地址信息发送ARP请求
foreach (var targetAddress in ipAddresses)
{
arp.TargetProtocolAddress = targetAddress;
arp.UpdateCalculatedValues();
device.SendPacket(ether);
}
}
catch (ThreadAbortException) { }
}
public void BinarySerialization()
{
var dev = new CaptureFileReaderDevice("../../CaptureFiles/arp_request_response.pcap");
dev.Open();
RawCapture rawCapture;
Boolean foundARP = false;
while ((rawCapture = dev.GetNextPacket()) != null)
{
var p = PacketDotNet.Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data);
var arpPacket = (ARPPacket)p.Extract(typeof(ARPPacket));
if (arpPacket == null)
{
continue;
}
foundARP = true;
var memoryStream = new MemoryStream();
BinaryFormatter serializer = new BinaryFormatter();
serializer.Serialize(memoryStream, arpPacket);
memoryStream.Seek(0, SeekOrigin.Begin);
BinaryFormatter deserializer = new BinaryFormatter();
ARPPacket fromFile = (ARPPacket)deserializer.Deserialize(memoryStream);
CollectionAssert.AreEqual(arpPacket.Bytes, fromFile.Bytes);
Assert.AreEqual(arpPacket.BytesHighPerformance.Bytes, fromFile.BytesHighPerformance.Bytes);
Assert.AreEqual(arpPacket.BytesHighPerformance.BytesLength, fromFile.BytesHighPerformance.BytesLength);
Assert.AreEqual(arpPacket.BytesHighPerformance.Length, fromFile.BytesHighPerformance.Length);
Assert.AreEqual(arpPacket.BytesHighPerformance.NeedsCopyForActualBytes, fromFile.BytesHighPerformance.NeedsCopyForActualBytes);
Assert.AreEqual(arpPacket.BytesHighPerformance.Offset, fromFile.BytesHighPerformance.Offset);
Assert.AreEqual(arpPacket.Color, fromFile.Color);
Assert.AreEqual(arpPacket.HardwareAddressLength, fromFile.HardwareAddressLength);
Assert.AreEqual(arpPacket.HardwareAddressType, fromFile.HardwareAddressType);
CollectionAssert.AreEqual(arpPacket.HeaderData, fromFile.HeaderData);
Assert.AreEqual(arpPacket.Operation, fromFile.Operation);
Assert.AreEqual(arpPacket.ParentPacket, fromFile.ParentPacket);
CollectionAssert.AreEqual(arpPacket.PayloadData, fromFile.PayloadData);
Assert.AreEqual(arpPacket.PayloadPacket, fromFile.PayloadPacket);
Assert.AreEqual(arpPacket.ProtocolAddressLength, fromFile.ProtocolAddressLength);
Assert.AreEqual(arpPacket.ProtocolAddressType, fromFile.ProtocolAddressType);
Assert.AreEqual(arpPacket.SenderHardwareAddress, fromFile.SenderHardwareAddress);
Assert.AreEqual(arpPacket.SenderProtocolAddress, fromFile.SenderProtocolAddress);
Assert.AreEqual(arpPacket.TargetHardwareAddress, fromFile.TargetHardwareAddress);
Assert.AreEqual(arpPacket.TargetProtocolAddress, fromFile.TargetProtocolAddress);
//Method Invocations to make sure that a deserialized packet does not cause
//additional errors.
arpPacket.PrintHex();
arpPacket.UpdateCalculatedValues();
}
dev.Close();
Assert.IsTrue(foundARP, "Capture file contained no ARP packets");
}
void pasiveScan_NewARP(object sender, Core.ArpEventArgs e)
{
if (e.p == null)
{
return;
}
Packet p = e.p;
if (!(p.PayloadPacket is ARPPacket))
{
return;
}
ARPPacket arp = (ARPPacket)p.PayloadPacket;
foreach (Data.Attack attack in attacks.Where(A => A.attackType == Data.AttackType.InvalidMacSpoofIpv4 && A.attackStatus == Data.AttackStatus.Attacking))
{
if (attack is InvalidMacSpoofAttackIpv4Attack)
{
InvalidMacSpoofAttackIpv4Attack spoofAttack = (InvalidMacSpoofAttackIpv4Attack)attack;
if ((spoofAttack.t1.mac.Equals(arp.SenderHardwareAddress)) && arp.TargetProtocolAddress.Equals(spoofAttack.t2.ip))
{
ForceAttack(spoofAttack);
}
}
}
}
private static void HandleArpPacket(ARPPacket arpPacket)
{
if (Properties.Settings.Default.DiscoveryMode)
{
Console.WriteLine(arpPacket);
}
if (arpPacket.SenderHardwareAddress.Equals(dashMac))
{
Console.WriteLine(DateTime.Now + " Dash ARP");
// Dash seems to send two ARP packets per button press, one second apart.
// Dash device is active (blinking) for about 10 seconds after button press,
// and doesn't allow another press for another 25 seconds.
// 36 seconds after the initial push, the device sends the same two ARP packets.
var now = DateTime.Now;
if (now - Properties.Settings.Default.DuplicateIgnoreInterval > lastEventTime)
{
lastEventTime = now;
Console.WriteLine("Dash button event");
// TODO: What to do here?
}
}
}
private bool is_injected_packet_to_be_filtered(ref ARPPacket p_arp, ref IPv4Packet p_ipv4, ref UdpPacket p_udp, ref TcpPacket p_tcp)
{
// FILTER ARP PACKETS
if (p_arp != null)
{
// FILTER ARP PACKETS TO OR FROM GATEWAY IPs
foreach (IPAddress ip in gateway_ips)
{
if (p_arp.TargetProtocolAddress.Equals(ip))
{
return(true);
}
else if (p_arp.SenderProtocolAddress.Equals(ip))
{
return(true);
}
}
}
// FILTER IPv4 PACKETS
if (p_ipv4 != null)
{
// FILTER IP PACKETS TO OR FROM GATEWAY IPs
if (pdev_filter_exclude_gatway_ips)
{
foreach (IPAddress ip in gateway_ips)
{
if (p_ipv4.DestinationAddress.Equals(ip))
{
return(true);
}
else if (p_ipv4.SourceAddress.Equals(ip))
{
return(true);
}
}
}
}
// FILTER UDP PACKETS
if (p_udp != null)
{
// FILTER UDP PACKETS TO WELL KNOWN PORTS
if (pdev_filter_wellknown_ports && p_udp.DestinationPort < 1024)
{
return(true);
}
}
// FILTER TCP PACKETS
if (p_tcp != null)
{
// FILTER TCP PACKETS TO WELL KNOWN PORTS
if (pdev_filter_wellknown_ports && p_tcp.DestinationPort < 1024)
{
return(true);
}
}
return(false);
}
public static EthernetPacket Protect_Arp(string Router_mac, string My_pc_mac, string Router_ip, string My_pc_ip)
{
var eth = new EthernetPacket(PhysicalAddress.Parse(Router_mac), PhysicalAddress.Parse(My_pc_mac), EthernetPacketType.Arp);
var arp = new ARPPacket(ARPOperation.Request, PhysicalAddress.Parse(My_pc_mac), IPAddress.Parse(My_pc_ip), PhysicalAddress.Parse(Router_mac), IPAddress.Parse(Router_ip));
eth.PayloadPacket = arp;
return(eth);
}
private Packet BuildResponse(IPAddress destIP, PhysicalAddress destMac, IPAddress senderIP, PhysicalAddress senderMac)
{
var ethernetPacket = new EthernetPacket(senderMac, destMac, EthernetPacketType.Arp);
var arpPacket = new ARPPacket(ARPOperation.Response, destMac, destIP, senderMac, senderIP);
ethernetPacket.PayloadPacket = arpPacket;
return(ethernetPacket);
}
private static EthernetPacket CreateARPRequest(IPAddress sourceAddress, PhysicalAddress sourceMAC, IPAddress destinationAddress)
{
var ethernetPacket = new EthernetPacket(sourceMAC, BroadcastMAC, EthernetPacketType.Arp);
var arpPacket = new ARPPacket(ARPOperation.Request, BroadcastMAC, destinationAddress, sourceMAC, sourceAddress);
ethernetPacket.PayloadPacket = arpPacket;
return(ethernetPacket);
}
// create ARP reply packet (sender IP, target IP, target MAC, specific source MAC)
private EthernetPacket GenerateARPReply(string senderIP, string targetIP, PhysicalAddress targetMAC, PhysicalAddress sourceMAC)
{
var ethernetPacket = new EthernetPacket(physicalAddress, targetMAC, EthernetPacketType.Arp);
var arpPacket = new ARPPacket(ARPOperation.Response, targetMAC, IPAddress.Parse(targetIP), sourceMAC, IPAddress.Parse(senderIP));
ethernetPacket.PayloadPacket = arpPacket;
return(ethernetPacket);
}
// create ARP request packet (destination IP, deviceInfo)
private EthernetPacket GenerateARPRequest(IPAddress destinationIP, IPAddress senderIP)
{
var ethernetPacket = new EthernetPacket(physicalAddress, broadcastMAC, EthernetPacketType.Arp);
var arpPacket = new ARPPacket(ARPOperation.Request, broadcastMAC, destinationIP, physicalAddress, senderIP);
ethernetPacket.PayloadPacket = arpPacket;
return(ethernetPacket);
}
private EthernetPacket GenerateARPReply(IPAddress sourceAddress, PhysicalAddress sourceMAC, IPAddress targetAddress, PhysicalAddress targetMAC, PhysicalAddress ethernetSourceMAC)
{
var ethernetPacket = new EthernetPacket(ethernetSourceMAC, targetMAC, EthernetPacketType.Arp);
var arpPacket = new ARPPacket(ARPOperation.Response, targetMAC, targetAddress, sourceMAC, sourceAddress);
ethernetPacket.PayloadPacket = arpPacket;
return(ethernetPacket);
}
public static void SendARPresponse(ICaptureDevice device, IPAddress srcIP, IPAddress dstIP, PhysicalAddress srcMac, PhysicalAddress dstMac)
{
ARPPacket arp = new ARPPacket(ARPOperation.Response, dstMac, dstIP, srcMac, srcIP);
EthernetPacket eth = new EthernetPacket(srcMac, dstMac, EthernetPacketType.Arp);
arp.PayloadData = new byte[] { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
eth.PayloadPacket = arp;
device.SendPacket(eth);
}
private Packet CreateArpPacket(IPAddress senderIpAddress, PhysicalAddress senderPhysicalAddress,
IPAddress targetIpAddress, PhysicalAddress targetPhysicalAddress)
{
var arpPacket = new ARPPacket(ARPOperation.Request, PhysicalAddress.Parse("000000000000"), targetIpAddress, senderPhysicalAddress, senderIpAddress);
return(new EthernetPacket(_device.MacAddress, targetPhysicalAddress, EthernetPacketType.Arp)
{
PayloadPacket = arpPacket
});
}
private ARPPacket BuildRequest(string destIP, string localMAC, string localIP)
{
ARPPacket arp = BuildARP(localMAC, localIP);
arp.ARPOperation = ARPFields_Fields.ARP_OP_REQ_CODE;
arp.ARPTargetHwAddress = "00:00:00:00:00:00";
arp.ARPTargetProtoAddress = destIP;
arp.DestinationHwAddress = "ff:ff:ff:ff:ff:ff";
return(arp);
}
public EthernetPacket CreateRequestArpPacket(ICaptureDevice dev, PhysicalAddress srcMac, IPAddress srcIp, IPAddress targetIp, PhysicalAddress trgtMac)
{
var ethernetPacket = new EthernetPacket(srcMac, trgtMac, EthernetPacketType.Arp);
var arpPacket = new ARPPacket(PacketDotNet.ARPOperation.Request, trgtMac, targetIp, srcMac, srcIp);
ethernetPacket.PayloadPacket = arpPacket;
return(ethernetPacket);
}
public void arp_request(Rozhranie rozhranie, IPAddress hladana_ip)
{
if (rozhranie.adapter.MacAddress != null)
{
EthernetPacket ethernet_packet = new EthernetPacket(rozhranie.adapter.MacAddress, PhysicalAddress.Parse("FF-FF-FF-FF-FF-FF"), EthernetPacketType.Arp);
arp_packet = new ARPPacket(ARPOperation.Request, PhysicalAddress.Parse("00-00-00-00-00-00"), hladana_ip, rozhranie.adapter.MacAddress, IPAddress.Parse(rozhranie.ip_adresa));
ethernet_packet.PayloadPacket = arp_packet;
rozhranie.adapter.SendPacket(ethernet_packet);
}
}
public PacketDetials(Packet packet)
{
this.packet = packet;
ethernetPacket = EthernetPacket.GetEncapsulated(packet);
if (ethernetPacket != null)
{
typeName = "Ethernet";
}
ipPacket = IpPacket.GetEncapsulated(packet);
if (ipPacket != null)
{
typeName = "Ip";
}
arpPacket = ARPPacket.GetEncapsulated(packet);
if (arpPacket != null)
{
typeName = "ARP";
}
icmpv4Packet = ICMPv4Packet.GetEncapsulated(packet);
if (icmpv4Packet != null)
{
typeName = "ICMPv4";
}
icmpv6Packet = ICMPv6Packet.GetEncapsulated(packet);
if (icmpv6Packet != null)
{
typeName = "ICMPv6";
}
igmpv2Packet = IGMPv2Packet.GetEncapsulated(packet);
if (igmpv2Packet != null)
{
typeName = "IGMPv2";
}
pppoePacket = PPPoEPacket.GetEncapsulated(packet);
if (pppoePacket != null)
{
typeName = "PPPoE";
}
pppPacket = PPPPacket.GetEncapsulated(packet);
if (pppPacket != null)
{
typeName = "PPP";
}
tcpPacket = TcpPacket.GetEncapsulated(packet);
if (tcpPacket != null)
{
typeName = "TCP";
}
udpPacket = UdpPacket.GetEncapsulated(packet);
if (udpPacket != null)
{
typeName = "UDP";
}
}
public void BlockOrRedirect()
{
ICaptureDevice capturedevice = (from devicex in CaptureDeviceList.Instance where ((SharpPcap.WinPcap.WinPcapDevice)devicex).Interface.FriendlyName == NetStalker.Properties.Settings.Default.friendlyname select devicex).ToList()[0];
capturedevice.Open();
#region Spoof
ARPPacket ArpPacketForVicSpoof = new ARPPacket(ARPOperation.Request, MAC, IP, capturedevice.MacAddress, GatewayIP);
ARPPacket ArpPacketForGatewaySpoof = new ARPPacket(ARPOperation.Request, GatewayMAC, GatewayIP, capturedevice.MacAddress, IP);
EthernetPacket EtherPacketForVicSpoof = new EthernetPacket(capturedevice.MacAddress, MAC, EthernetPacketType.Arp);
EthernetPacket EtherPacketForGatewaySpoof = new EthernetPacket(capturedevice.MacAddress, GatewayMAC, EthernetPacketType.Arp);
EtherPacketForGatewaySpoof.PayloadPacket = ArpPacketForGatewaySpoof;
EtherPacketForVicSpoof.PayloadPacket = ArpPacketForVicSpoof;
#endregion
#region Protection
ARPPacket ArpPacketForVicProtection = new ARPPacket(ARPOperation.Request, capturedevice.MacAddress, LocalIP, MAC, IP);
ARPPacket ArpPacketForGatewayProtection = new ARPPacket(ARPOperation.Request, capturedevice.MacAddress, LocalIP, GatewayMAC, GatewayIP);
EthernetPacket EtherPacketForVicProtection = new EthernetPacket(MAC, capturedevice.MacAddress, EthernetPacketType.Arp);
EthernetPacket EtherPacketForGatewayProtection = new EthernetPacket(GatewayMAC, capturedevice.MacAddress, EthernetPacketType.Arp);
EtherPacketForGatewayProtection.PayloadPacket = ArpPacketForGatewayProtection;
EtherPacketForVicProtection.PayloadPacket = ArpPacketForVicProtection;
#endregion
new Thread(() =>
{
try
{
while (Blocked)
{
capturedevice.SendPacket(EtherPacketForVicSpoof);
if (Redirected)
{
capturedevice.SendPacket(EtherPacketForGatewaySpoof);
}
if (SpoofProtection)
{
capturedevice.SendPacket(EtherPacketForGatewayProtection);
capturedevice.SendPacket(EtherPacketForVicProtection);
}
Thread.Sleep(500);
}
}
catch (PcapException)
{
}
}).Start();
}
public void arp_reply(EthernetPacket eth, Rozhranie rozhranie, IPAddress odosielatel_address, IPAddress ciel_adres)
{
if (rozhranie.adapter.MacAddress != null)
{
EthernetPacket ethernet_packet = new EthernetPacket(rozhranie.adapter.MacAddress, eth.SourceHwAddress, EthernetPacketType.Arp);
arp_packet = new ARPPacket(ARPOperation.Response, eth.SourceHwAddress, odosielatel_address, rozhranie.adapter.MacAddress, ciel_adres);
ethernet_packet.PayloadPacket = arp_packet;
rozhranie.adapter.SendPacket(ethernet_packet);
}
}
/// <summary>
/// Actively monitor ARP packets for signs of new clients after GetAllClients active scan is done
/// </summary>
public static void BackgroundScanStart(IView view, string interfacefriendlyname)
{
try
{
IPAddress myipaddress = ((SharpPcap.WinPcap.WinPcapDevice)capturedevice).Addresses[1].Addr.ipAddress; //possible critical point : Addresses[1] in hardcoding the index for obtaining ipv4 address
#region Sending ARP requests to probe for all possible IP addresses on LAN
new Thread(() =>
{
try
{
while (capturedevice != null)
{
for (int ipindex = 1; ipindex <= 255; ipindex++)
{
ARPPacket arprequestpacket = new ARPPacket(ARPOperation.Request, PhysicalAddress.Parse("00-00-00-00-00-00"), IPAddress.Parse(GetRootIp(myipaddress) + ipindex), capturedevice.MacAddress, myipaddress);
EthernetPacket ethernetpacket = new EthernetPacket(capturedevice.MacAddress, PhysicalAddress.Parse("FF-FF-FF-FF-FF-FF"), EthernetPacketType.Arp);
ethernetpacket.PayloadPacket = arprequestpacket;
capturedevice.SendPacket(ethernetpacket);
}
}
}
catch (PcapException ex)
{
DebugOutputClass.Print(view, "PcapException @ GetClientList.BackgroundScanStart() probably due to capturedevice being closed by refreshing or by exiting application [" + ex.Message + "]");
}
catch (Exception ex)
{
DebugOutputClass.Print(view, "Exception at GetClientList.BackgroundScanStart() inside new Thread(()=>{}) while sending packets [" + ex.Message + "]");
}
}).Start();
#endregion
#region Assign OnPacketArrival event handler and start capturing
capturedevice.OnPacketArrival += (object sender, CaptureEventArgs e) =>
{
Packet packet = Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
ARPPacket arppacket = (ARPPacket)packet.Extract(typeof(ARPPacket));
if (!clientlist.ContainsKey(arppacket.SenderProtocolAddress) && arppacket.SenderProtocolAddress.ToString() != "0.0.0.0" && areCompatibleIPs(arppacket.SenderProtocolAddress, myipaddress))
{
DebugOutputClass.Print(view, "Added " + arppacket.SenderProtocolAddress.ToString() + " @ " + GetMACString(arppacket.SenderHardwareAddress) + " from background scan!");
clientlist.Add(arppacket.SenderProtocolAddress, arppacket.SenderHardwareAddress);
view.ListView1.Invoke(new Action(() => view.ListView1.Items.Add(new ListViewItem(new string[] { (clientlist.Count).ToString(), arppacket.SenderProtocolAddress.ToString(), GetMACString(arppacket.SenderHardwareAddress), "On", ApplicationSettingsClass.GetSavedClientNameFromMAC(GetMACString(arppacket.SenderHardwareAddress)) }))));
view.MainForm.Invoke(new Action(() => view.ToolStripStatusScan.Text = clientlist.Count + " device(s) found"));
}
};
capturedevice.StartCapture();
#endregion
}
catch (Exception ex)
{
DebugOutputClass.Print(view, "Exception at GetClientList.BackgroundScanStart() [" + ex.Message + "]");
}
}
private void Run()
{
var l_Mac = NetworkUtils.GetMacFromIp(IPAddress.Parse(m_Ip));
if (l_Mac != null)
{
m_Mac = l_Mac.ToString();
var l_ArpPacket = new ARPPacket(ARPOperation.Response, l_Mac, IPAddress.Parse(m_Ip), NetworkUtils.GetLocalMac(), NetworkUtils.GetGatewayAddr());
m_ArpPacket = new EthernetPacket(NetworkUtils.GetLocalMac(), l_Mac, EthernetPacketType.Arp);
m_ArpPacket.PayloadPacket = l_ArpPacket;
}
}
/// <summary>
/// 以太网
/// </summary>
/// <param name="packet"></param>
private void Ethernet(Packet packet)
{
EthernetPacket e = EthernetPacket.GetEncapsulated(packet);
if (EthernetNode == null)
{
EthernetNode = new TreeNode("EthernetII");
EthernetNode.Name = "Ethernet";
EthernetNode.ImageIndex = 0;
EthernetNode.SelectedImageIndex = 0;
}
EthernetNode.Nodes.Clear();
EthernetNode.Nodes.Add("Destination: " + Format.MacFormat(e.DestinationHwAddress.ToString()));
EthernetNode.Nodes.Add("Source: " + Format.MacFormat(e.SourceHwAddress.ToString()));
EthernetNode.Nodes.Add("Type: " + e.Type.ToString() + " [0x" + e.Type.ToString("X") + "]");
Tree.Nodes.Add(EthernetNode);
switch (e.Type)
{
case EthernetPacketType.Arp: //ARP协议
ARPPacket arp = ARPPacket.GetEncapsulated(packet);
Arp(arp);
break;
case EthernetPacketType.IpV4: //IP协议
case EthernetPacketType.IpV6:
IpPacket ip = IpPacket.GetEncapsulated(packet);
IP(ip);
break;
case EthernetPacketType.WakeOnLan: //网络唤醒协议
WakeOnLanPacket wake = WakeOnLanPacket.GetEncapsulated(packet);
Wake_on_Lan(wake);
break;
case EthernetPacketType.LLDP: //链路层发现协议
LLDPPacket ll = LLDPPacket.GetEncapsulated(packet);
LLDPProtocol(ll);
break;
case EthernetPacketType.PointToPointProtocolOverEthernetDiscoveryStage:
case EthernetPacketType.PPPoE:
PPPoEPacket pppoe = PPPoEPacket.GetEncapsulated(packet);
PPPOE(pppoe);
break;
case EthernetPacketType.None: //无可用协议
default:
PayLoadData = e.PayloadData;
break;
}
}
private ARPPacket BuildRequest(System.Net.IPAddress destIP,
PhysicalAddress localMAC,
System.Net.IPAddress localIP)
{
ARPPacket arp = BuildARP(localMAC, localIP);
arp.ARPOperation = ARPFields_Fields.ARP_OP_REQ_CODE;
arp.ARPTargetHwAddress = PhysicalAddress.Parse("00-00-00-00-00-00");
arp.ARPTargetProtoAddress = destIP;
arp.DestinationHwAddress = PhysicalAddress.Parse("FF-FF-FF-FF-FF-FF");
return(arp);
}
