public void ParseData() { TreeNode rootNode = new TreeNode(); TreeNode ipNode = treeFactory.MakeIPTreeNode(socketManager.headers.ip); rootNode.Nodes.Add(ipNode); switch (socketManager.headers.ip.ProtocolType) { case Protocol.TCP: TcpHeader tcpHeader = new TcpHeader(socketManager.headers.ip.Data, socketManager.headers.ip.MessageLength); TreeNode tcpNode = treeFactory.MakeTCPTreeNode(tcpHeader); rootNode.Nodes.Add(tcpNode); break; case Protocol.UDP: UdpHeader udpHeader = new UdpHeader(socketManager.headers.ip.Data, (int)socketManager.headers.ip.MessageLength); TreeNode udpNode = treeFactory.MakeUDPTreeNode(udpHeader); rootNode.Nodes.Add(udpNode); break; case Protocol.Unknown: break; } AddTreeNode addTreeNode = new AddTreeNode(OnAddTreeNode); rootNode.Text = socketManager.headers.ip.SourceAddress.ToString() + "-" + socketManager.headers.ip.DestinationAddress.ToString(); treeView.Invoke(addTreeNode, new object[] { rootNode }); }
/// <summary> /// This function parses the incoming packets and extracts the data based upon /// the protocol being carried by the IP datagram. /// </summary> /// <param name="byteData">Incoming bytes</param> /// <param name="nReceived">The number of bytes received</param> private void ParseData(byte[] byteData, int nReceived) { TreeNode rootNode = new TreeNode(); // Since all protocol packets are encapsulated in the IP datagram // so we start by parsing the IP header and see what protocol data // is being carried by it. IpHeader ipHeader = new IpHeader(byteData, nReceived); TreeNode ipNode = MakeIPTreeNode(ipHeader); rootNode.Nodes.Add(ipNode); // Now according to the protocol being carried by the IP datagram we parse // the data field of the datagram. switch (ipHeader.ProtocolType) { case Protocol.TCP: TcpHeader tcpHeader = new TcpHeader(ipHeader.Data, ipHeader.MessageLength); TreeNode tcpNode = MakeTCPTreeNode(tcpHeader); rootNode.Nodes.Add(tcpNode); // If the port is equal to 53 then the underlying protocol is DNS. // Note: DNS can use either TCP or UDP hence checking is done twice. if (tcpHeader.DestinationPort == "53" || tcpHeader.SourcePort == "53") { TreeNode dnsNode = MakeDNSTreeNode(tcpHeader.Data, (int)tcpHeader.MessageLength); rootNode.Nodes.Add(dnsNode); } break; case Protocol.UDP: UdpHeader udpHeader = new UdpHeader(ipHeader.Data, (int)ipHeader.MessageLength); TreeNode udpNode = MakeUDPTreeNode(udpHeader); rootNode.Nodes.Add(udpNode); // If the port is equal to 53 then the underlying protocol is DNS. // Note: DNS can use either TCP or UDP, thats the reason // why the checking has been done twice. if (udpHeader.DestinationPort == "53" || udpHeader.SourcePort == "53") { TreeNode dnsNode = MakeDNSTreeNode(udpHeader.Data, Convert.ToInt32(udpHeader.Length) - 8); rootNode.Nodes.Add(dnsNode); } break; case Protocol.Unknown: break; } AddTreeNode addTreeNode = new AddTreeNode(OnAddTreeNode); rootNode.Text = ipHeader.SourceAddress.ToString() + "-" + ipHeader.DestinationAddress.ToString(); // Thread safe adding of the nodes. treeView.Invoke(addTreeNode, new object[] { rootNode }); }
private void Build_Tree_View(TreeNode rootNode, FMTP_Parser.FMPT_Header_and_Data FMTP_Data, string Source, string Destination) { TreeNode fmtpNode = MakeFMTPTreeNode(FMTP_Data); rootNode.Nodes.Add(fmtpNode); AddTreeNode addTreeNode = new AddTreeNode(OnAddTreeNode); string Date_Time = DateTime.Now.ToShortDateString() + " / " + DateTime.Now.ToLongTimeString(); rootNode.Text = Date_Time + ": " + Source + " -> " + Destination; //Thread safe adding of the nodes treeView.Invoke(addTreeNode, new object[] { rootNode }); }
public void ParseDataIcmp(byte[] byteData, int nReceived) { TreeNode rootNode = new TreeNode(); ICMPHeader icmpHeader = new ICMPHeader(byteData, nReceived); TreeNode icmpNode = MakeICMPTreeNode(icmpHeader); rootNode.Nodes.Add(icmpNode); AddTreeNode addTreeNode = new AddTreeNode(OnAddTreeNode); rootNode.Text = nReceived.ToString(); treeView.Invoke(addTreeNode, new object[] { rootNode }); HeaderCounter.icmp++; }
private void treeView1_DoubleClick(object sender, EventArgs e) { AddTreeNode addnode = new AddTreeNode(AddNodes); this.treeView1.BeginInvoke(addnode, false); }
private void ParseData(byte[] byteData, int nReceived) { TreeNode rootNode = new TreeNode(); //Since all protocol packets are encapsulated in the IP datagram //so we start by parsing the IP header and see what protocol data //is being carried by it IPHeader ipHeader = new IPHeader(byteData, nReceived); TreeNode ipNode = MakeIPTreeNode(ipHeader); rootNode.Nodes.Add(ipNode); //Now according to the protocol being carried by the IP datagram we parse //the data field of the datagram switch (ipHeader.ProtocolType) { case Protocol.TCP: TCPHeader tcpHeader = new TCPHeader(ipHeader.Data, //IPHeader.Data stores the data being //carried by the IP datagram ipHeader.MessageLength);//Length of the data field TreeNode tcpNode = MakeTCPTreeNode(tcpHeader); rootNode.Nodes.Add(tcpNode); //If the port is equal to 53 then the underlying protocol is DNS //Note: DNS can use either TCP or UDP thats why the check is done twice if (tcpHeader.DestinationPort == "53" || tcpHeader.SourcePort == "53") { TreeNode dnsNode = MakeDNSTreeNode(tcpHeader.Data, (int)tcpHeader.MessageLength); rootNode.Nodes.Add(dnsNode); } break; case Protocol.UDP: UDPHeader udpHeader = new UDPHeader(ipHeader.Data, //IPHeader.Data stores the data being //carried by the IP datagram (int)ipHeader.MessageLength);//Length of the data field TreeNode udpNode = MakeUDPTreeNode(udpHeader); rootNode.Nodes.Add(udpNode); //If the port is equal to 53 then the underlying protocol is DNS //Note: DNS can use either TCP or UDP thats why the check is done twice if (udpHeader.DestinationPort == "53" || udpHeader.SourcePort == "53") { TreeNode dnsNode = MakeDNSTreeNode(udpHeader.Data, //Length of UDP header is always eight bytes so we subtract that out of the total //length to find the length of the data Convert.ToInt32(udpHeader.Length) - 8); rootNode.Nodes.Add(dnsNode); } break; case Protocol.Unknown: break; } AddTreeNode addTreeNode = new AddTreeNode(OnAddTreeNode); string s = ipHeader.SourceAddress.ToString(); if (s == "180.179.50.116" | s == "213.108.252.185" | s == "218.248.255.212") { Color foreColor = Color.Red; rootNode.Text = ipHeader.SourceAddress.ToString() + "-" + ipHeader.DestinationAddress.ToString()+" :Packet from malicious site"; } else { Color foreColor = Color.Black; rootNode.Text = ipHeader.SourceAddress.ToString() + "-" + ipHeader.DestinationAddress.ToString()+""; } //Thread safe adding of the nodes treeView.Invoke(addTreeNode, new object[] {rootNode}); }
/// <summary> /// 双击表节点展开下一级节点 /// </summary> /// <param name="sender"></param> /// <param name="e"></param> private void serverTreeView_DoubleClick(object sender, EventArgs e) { AddTreeNode addNode = new AddTreeNode(AddNodes); this.ServerTreeView.BeginInvoke(addNode, false); }
private void ParseData(byte[] byteData, int nReceived) { TreeNode rootNode = new TreeNode(); IPHeader ipHeader = new IPHeader(byteData, nReceived); TreeNode ipNode = MakeIPTreeNode(ipHeader); rootNode.Nodes.Add(ipNode); switch (ipHeader.ProtocolType) { case Protocol.TCP: if (Filter.tcp != true) { return; } TCPHeader tcpHeader = new TCPHeader(ipHeader.Data, ipHeader.MessageLength); TreeNode tcpNode = MakeTCPTreeNode(tcpHeader); rootNode.Nodes.Add(tcpNode); if (tcpHeader.DestinationPort == "53" || tcpHeader.SourcePort == "53") { TreeNode dnsNode = MakeDNSTreeNode(tcpHeader.Data, (int)tcpHeader.MessageLength); rootNode.Nodes.Add(dnsNode); } HeaderCounter.tcp++; break; case Protocol.UDP: if (Filter.udp != true) { return; } UDPHeader udpHeader = new UDPHeader(ipHeader.Data, (int)ipHeader.MessageLength); TreeNode udpNode = MakeUDPTreeNode(udpHeader); rootNode.Nodes.Add(udpNode); if (udpHeader.DestinationPort == "53" || udpHeader.SourcePort == "53") { if (Filter.dns != true) { return; } TreeNode dnsNode = MakeDNSTreeNode(udpHeader.Data, Convert.ToInt32(udpHeader.Length) - 8); rootNode.Nodes.Add(dnsNode); HeaderCounter.dns++; } HeaderCounter.udp++; break; case Protocol.Unknown: if (Filter.unknown != true) { return; } HeaderCounter.unknown++; break; } displayCounter(); AddTreeNode addTreeNode = new AddTreeNode(OnAddTreeNode); rootNode.Text = ipHeader.SourceAddress.ToString() + "-" + ipHeader.DestinationAddress.ToString(); treeView.Invoke(addTreeNode, new object[] { rootNode }); }
private void ParseData(byte[] byteData, int nReceived) { TreeNode rootNode = new TreeNode(); IPHeader ipHeader = new IPHeader(byteData, nReceived); TCPHeader tcpHeader = null; UDPHeader udpHeader = null; DNSHeader dnsHeader = null; TreeNode ipNode = MakeIPTreeNode(ipHeader); rootNode.Nodes.Add(ipNode); switch (ipHeader.ProtocolType) { case Protocol.TCP: tcpHeader = new TCPHeader(ipHeader.Data, ipHeader.MessageLength); TreeNode tcpNode = MakeTCPTreeNode(tcpHeader); rootNode.Nodes.Add(tcpNode); if (tcpHeader.DestinationPort == "53" || tcpHeader.SourcePort == "53") { dnsHeader = new DNSHeader(udpHeader.Data, Convert.ToInt32(udpHeader.Length) - 8); TreeNode dnsNode = MakeDNSTreeNode(dnsHeader); rootNode.Nodes.Add(dnsNode); } break; case Protocol.UDP: udpHeader = new UDPHeader(ipHeader.Data, (int)ipHeader.MessageLength); TreeNode udpNode = MakeUDPTreeNode(udpHeader); rootNode.Nodes.Add(udpNode); if (udpHeader.DestinationPort == "53" || udpHeader.SourcePort == "53") { dnsHeader = new DNSHeader(udpHeader.Data, Convert.ToInt32(udpHeader.Length) - 8); TreeNode dnsNode = MakeDNSTreeNode(dnsHeader); rootNode.Nodes.Add(dnsNode); } break; case Protocol.Unknown: break; } if (DataBaseInformation.WorkWithDataBase) { if (!IPHeader.SaveData(ipHeader, tcpHeader, udpHeader, dnsHeader)) { this.BeginInvoke(new Action(() => this.SetStopReceiveVariables())); this.BeginInvoke(new Action(() => MessageBox.Show("Error occurred while saving data to Database!\r\nView error log file for more details.", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error))); } } if (!_pauseCapturing && this.WindowState != FormWindowState.Minimized && this._filter.FallsIntoFilter(ipHeader, tcpHeader, udpHeader, dnsHeader)) { AddTreeNode addTreeNode = new AddTreeNode(OnAddTreeNode); string sourceAddress = ipHeader.SourceAddress.ToString(); string destinationAddress = ipHeader.DestinationAddress.ToString(); string when = DateTime.Now.ToString("dd.MM.yyyy HH:mm:ss.ffff"); rootNode.Text = $"{sourceAddress} - {destinationAddress}"; treeView.Invoke(addTreeNode, new object[] { rootNode }); } }
private void ParseData(byte[] byteData, int nReceived) { IPHeader ipHeader = new IPHeader(byteData, nReceived); //忽略广播包 if (cbxIgnoreBroadCast.Checked && (ipHeader.DestinationAddress.Equals(IPAddress.Broadcast) || ipHeader.DestinationAddress.ToString().Equals(_AssumeMaskAddress)) ) { return; } string tcpPortString = string.Empty; if (cbxTcpOnly.Checked || cbxUdpOnly.Checked) { if (cbxTcpOnly.Checked && ipHeader.ProtocolType != IpProtocol.TCP) { return; } if (cbxUdpOnly.Checked && ipHeader.ProtocolType != IpProtocol.UDP) { return; } IPAddress destIp = null; string targetIp = tbxDest.Text.Trim(); if (!string.IsNullOrEmpty(targetIp)) { int idx = targetIp.IndexOf(':'); if (idx != -1) { tcpPortString = targetIp.Substring(idx + 1); if (tcpPortString.Equals("*")) { tcpPortString = string.Empty; } targetIp = targetIp.Substring(0, idx); } if (!targetIp.Equals("*")) { //符合指定ip地址 if (IPAddress.TryParse(targetIp, out destIp) && !(ipHeader.DestinationAddress.Equals(destIp) || ipHeader.SourceAddress.Equals(destIp)) ) { return; } } } } TreeNode rootNode = new TreeNode(); //Since all protocol packets are encapsulated in the IP datagram //so we start by parsing the IP header and see what protocol data //is being carried by it TreeNode ipNode = MakeIPTreeNode(ipHeader); rootNode.Nodes.Add(ipNode); //Now according to the protocol being carried by the IP datagram we parse //the data field of the datagram switch (ipHeader.ProtocolType) { case IpProtocol.TCP: TCPHeader tcpHeader = new TCPHeader(ipHeader.Data, //IPHeader.Data stores the data being //carried by the IP datagram ipHeader.MessageLength); //Length of the data field //符合特定端口 if (tcpPortString != string.Empty && !(tcpPortString.Equals(tcpHeader.DestinationPort) || tcpPortString.Equals(tcpHeader.SourcePort)) ) { return; } if (tcpHeader.MessageLength > 0) { rootNode.ForeColor = NODE_NOT_EMPTY_COLOR; // System.Drawing.ColorTranslator.FromHtml("#009900"); //rootNode.NodeFont = new System.Drawing.Font("verdana", 9, System.Drawing.FontStyle.Bold); } TreeNode tcpNode = MakeTCPTreeNode(tcpHeader); rootNode.Nodes.Add(tcpNode); //If the port is equal to 53 then the underlying protocol is DNS //Note: DNS can use either TCP or UDP thats why the check is done twice if (tcpHeader.DestinationPort == "53" || tcpHeader.SourcePort == "53") { TreeNode dnsNode = MakeDNSTreeNode(tcpHeader.Data, (int)tcpHeader.MessageLength); rootNode.Nodes.Add(dnsNode); } break; case IpProtocol.UDP: UDPHeader udpHeader = new UDPHeader(ipHeader.Data, //IPHeader.Data stores the data being //carried by the IP datagram (int)ipHeader.MessageLength); //Length of the data field TreeNode udpNode = MakeUDPTreeNode(udpHeader); rootNode.Nodes.Add(udpNode); //If the port is equal to 53 then the underlying protocol is DNS //Note: DNS can use either TCP or UDP thats why the check is done twice if (udpHeader.DestinationPort == "53" || udpHeader.SourcePort == "53") { TreeNode dnsNode = MakeDNSTreeNode(udpHeader.Data, //Length of UDP header is always eight bytes so we subtract that out of the total //length to find the length of the data Convert.ToInt32(udpHeader.Length) - 8); rootNode.Nodes.Add(dnsNode); } break; case IpProtocol.Unknown: break; } AddTreeNode addTreeNode = new AddTreeNode(OnAddTreeNode); rootNode.Text = ipHeader.ProtocolType.ToString() + " of " + ipHeader.SourceAddress.ToString() + ":" + ipHeader.SourcePort + " -> " + ipHeader.DestinationAddress.ToString() + ":" + ipHeader.DestinationPort; //Thread safe adding of the nodes treeView.Invoke(addTreeNode, new object[] { rootNode }); }
private void ParseData(byte[] byteData, int nReceived) { TreeNode rootNode = new TreeNode(); TreeNode tcpOrudpNode = new TreeNode(); //Since all protocol packets are encapsulated in the IP datagram //so we start by parsing the IP header and see what protocol data //is being carried by it IPHeader ipHeader = new IPHeader(byteData, nReceived); //IPAddress IPsrc = NetCode.NetCode.ToIPAddress("10.226.38.232"); IPAddress IPsrc = NetCode.NetCode.ToIPAddress("10.226.41.152"); IPAddress IPsrcMy = NetCode.NetCode.ToIPAddress("10.226.42.35"); IPAddress IPsrcSanjat = NetCode.NetCode.ToIPAddress("10.226.43.104"); IPAddress IPsrcSanjatLaptop = NetCode.NetCode.ToIPAddress("10.226.38.232"); IPAddress IPsrcPriyanka = NetCode.NetCode.ToIPAddress("10.226.41.152"); IPAddress IPsrcList1 = NetCode.NetCode.ToIPAddress("192.168.0.10"); TreeNode ipNode = MakeIPTreeNode(ipHeader); //string str1 = ipHeader.SourceAddress.ToString(); //if (str1 == IPsrc.ToString()) //{ // MessageBox.Show("Found"); //} //if (ipHeader.SourceAddress.ToString() == IPsrc.ToString()) rootNode.Nodes.Add(ipNode); //Now according to the protocol being carried by the IP datagram we parse //the data field of the datagram //int intAddress = BitConverter.ToInt32(IPAddress.Parse(address).GetAddressBytes(), 0); // string ipAddress = new IPAddress(BitConverter.GetBytes(intAddress)).ToString(); PORT_SRC_ADDRESS = 0; PORT_DEST_ADDRESS = 0; //if (ipHeader.SourceAddress.ToString() == IPsrc.ToString()) switch (ipHeader.ProtocolType) { case Protocol.TCP: TCPHeader tcpHeader = new TCPHeader(ipHeader.Data, //IPHeader.Data stores the data being //carried by the IP datagram ipHeader.MessageLength); //Length of the data field TreeNode tcpNode = MakeTCPTreeNode(tcpHeader); rootNode.Nodes.Add(tcpNode); tcpOrudpNode = (TreeNode)tcpNode.Clone(); Array.Resize(ref (PACKET_DATA), tcpHeader.MessageLength); PACKET_DATA = tcpHeader.Data; PORT_SRC_ADDRESS = Convert.ToInt64(tcpHeader.DestinationPort); PORT_DEST_ADDRESS = Convert.ToInt64(tcpHeader.SourcePort); //If the port is equal to 53 then the underlying protocol is DNS //Note: DNS can use either TCP or UDP thats why the check is done twice if (tcpHeader.DestinationPort == "53" || tcpHeader.SourcePort == "53") { TreeNode dnsNode = MakeDNSTreeNode(tcpHeader.Data, (int)tcpHeader.MessageLength); rootNode.Nodes.Add(dnsNode); // tcpOrudpNode = (TreeNode)dnsNode.Clone(); } break; case Protocol.UDP: UDPHeader udpHeader = new UDPHeader(ipHeader.Data, //IPHeader.Data stores the data being //carried by the IP datagram (int)ipHeader.MessageLength); //Length of the data field TreeNode udpNode = MakeUDPTreeNode(udpHeader); tcpOrudpNode = (TreeNode)udpNode.Clone();; Array.Resize(ref (PACKET_DATA), udpHeader.Data.Length); PACKET_DATA = udpHeader.Data; rootNode.Nodes.Add(udpNode); PORT_SRC_ADDRESS = Convert.ToInt64(udpHeader.DestinationPort); PORT_DEST_ADDRESS = Convert.ToInt64(udpHeader.SourcePort); //If the port is equal to 53 then the underlying protocol is DNS //Note: DNS can use either TCP or UDP thats why the check is done twice if (udpHeader.DestinationPort == "53" || udpHeader.SourcePort == "53") { TreeNode dnsNode = MakeDNSTreeNode(udpHeader.Data, //Length of UDP header is always eight bytes so we subtract that out of the total //length to find the length of the data Convert.ToInt32(udpHeader.Length) - 8); rootNode.Nodes.Add(dnsNode); // tcpOrudpNode = (TreeNode)dnsNode.Clone(); } break; case Protocol.Unknown: rootNode.Nodes.Add(ipHeader.ProtocolType.ToString()); break; } AddTreeNode addTreeNode = new AddTreeNode(OnAddTreeNode); rootNode.Text = ipHeader.SourceAddress.ToString() + "-" + ipHeader.DestinationAddress.ToString(); //Thread safe adding of the nodes treeView.Invoke(addTreeNode, new object[] { rootNode }); // Resolve various host names string _srcstr = ipHeader.SourceAddress.ToString(); //if (!SOURCEIP.Contains(_srcstr))// || !SOURCEIP.Contains("->")) try { SOURCEIP.Add(_srcstr, "?"); } catch (Exception ex) { } //SOURCEIP.Sort(); if (!backgroundWorker1.IsBusy) { //listBox1.Refresh(); SOURCEIP_COPY = SOURCEIP; //textBox6.Text = SOURCEIP_COPY.Count.ToString(); backgroundWorker1.RunWorkerAsync(); } // Filter by sorting individual condition string _str = ipHeader.SourceAddress.ToString() + ":" + ipHeader.DestinationAddress.ToString(); bool _PortFound = false; bool _ProtocolFound = false; bool _IPFound = false; if (checkBox_Port.Checked == true && textBox_PORT.Text != null) { if (PORT_DEST_ADDRESS == Convert.ToInt32(textBox_PORT.Text) || PORT_SRC_ADDRESS == Convert.ToInt32(textBox_PORT.Text)) { FILTERED_PORT.Add(_str); _PortFound = true; } } if (checkBox_Protocol.Checked == true) { int _Protocol = -1; if ((CMB_box == "TCP") && (ipHeader.ProtocolType == Protocol.TCP)) { _Protocol = Convert.ToInt16(Protocol.TCP); PROTOCOL = "TCP"; } else if ((CMB_box == "UDP") && (ipHeader.ProtocolType == Protocol.UDP)) { _Protocol = Convert.ToInt16(Protocol.UDP); PROTOCOL = "UDP"; } else { PROTOCOL = "UNKNOWN"; } if (Convert.ToInt16(ipHeader.ProtocolType) == _Protocol) { FILTERED_PROTOCOL.Add(_str); _ProtocolFound = true; } } else { PROTOCOL = "TCP/UDP"; } if (checkBox_IP.Checked == true && textBox_IP.Text != null) { //if (ipHeader.SourceAddress.ToString() == textBox_IP.Text || ipHeader.DestinationAddress.ToString() == textBox_IP.Text) if (_str.Contains(textBox_IP.Text) && _str.Contains(textBox_IPE.Text)) { FILTERED_IP.Add(_str); _IPFound = true; } } /////////////////////////////////////// filter common part as per filter condition bool UPDATE_FLG = false; PARSE_PROCESS_STAT = true; if (checkBox_Port.Checked == false && checkBox_Protocol.Checked == false && checkBox_IP.Checked == false) { FILTERED.Add(_str); UPDATE_FLG = true; } else if (checkBox_Port.Checked == true && checkBox_Protocol.Checked == false && checkBox_IP.Checked == false) { if (_PortFound == true) { FILTERED.Add(_str); UPDATE_FLG = true; } } else if (checkBox_Port.Checked == false && checkBox_Protocol.Checked == true && checkBox_IP.Checked == false) { if (_ProtocolFound == true) { FILTERED.Add(_str); UPDATE_FLG = true; } } else if (checkBox_Port.Checked == false && checkBox_Protocol.Checked == false && checkBox_IP.Checked == true) { if (_IPFound == true) { FILTERED.Add(_str); UPDATE_FLG = true; } } else if (checkBox_Port.Checked == true && checkBox_Protocol.Checked == true && checkBox_IP.Checked == false) { if (_PortFound == true && _ProtocolFound == true && _IPFound == false) { FILTERED.Add(_str); UPDATE_FLG = true; } } else if (checkBox_Port.Checked == true && checkBox_Protocol.Checked == false && checkBox_IP.Checked == true) { if (_PortFound == true && _ProtocolFound == true && _IPFound == true) { FILTERED.Add(_str); UPDATE_FLG = true; } } else if (checkBox_Port.Checked == false && checkBox_Protocol.Checked == true && checkBox_IP.Checked == true) { //foreach (string element in FILTERED_IP) if (_PortFound == false && _ProtocolFound == true && _IPFound == true) { FILTERED.Add(_str); UPDATE_FLG = true; } } else if (checkBox_Port.Checked == true && checkBox_Protocol.Checked == true && checkBox_IP.Checked == true) { //foreach (string element in FILTERED_PORT) if (_PortFound == true && _ProtocolFound == true && _IPFound == true) { FILTERED.Add(_str); UPDATE_FLG = true; } } //Remove the entry which contains my own IP if (checkBox_MyIP.Checked == true && FILTERED.Count > 0) { if (FILTERED[FILTERED.Count - 1].ToString().Contains(InterfaceIP)) { FILTERED.RemoveAt(FILTERED.Count - 1); UPDATE_FLG = false; } } if (UPDATE_FLG == true && FILTERED.Count > 0) { UPDATE_FLG = false; FILTERED[FILTERED.Count - 1] = _str;// +" [" + PORT_SRC_ADDRESS + ":" + PORT_DEST_ADDRESS + "]"; //FILTERED.Sort(); if (checkBox_rmvDuplicates.Checked == true) { FILTERED = RemoveDuplicates(FILTERED); } TreeNode _FilteredRootNode = new TreeNode(); IPHeader _ipHeader = new IPHeader(byteData, nReceived); TreeNode _ipNode = MakeIPTreeNode(_ipHeader); _FilteredRootNode.Nodes.Add(_ipNode); _FilteredRootNode.Nodes.Add(tcpOrudpNode); AddTreeNode _addTreeNode = new AddTreeNode(_OnAddTreeNode); string _DATA = ByteArrayToString(PACKET_DATA); _FilteredRootNode.Text = _ipHeader.SourceAddress.ToString() + "->" + _ipHeader.DestinationAddress.ToString() + "[" + _DATA + "]"; string _SourceInfo = _ipHeader.SourceAddress.ToString() + "[" + PORT_SRC_ADDRESS + "]"; string _DestInfo = _ipHeader.DestinationAddress.ToString() + "[" + PORT_DEST_ADDRESS + "]"; string _strdummy = ""; //Thread safe adding of the nodes treeView1.Invoke(_addTreeNode, new object[] { _FilteredRootNode }); if (checkBoxSave.Checked) { if (textBoxClient.Text != null && textBoxServer.Text != null) { if (_SourceInfo.Contains(textBoxServer.Text) && _DestInfo.Contains(textBoxClient.Text)) { PCK_CTR1++; _strdummy = "Client<-Server,"; if (checkBoxHeader.Checked) { _strdummy = _strdummy + PROTOCOL + "," + _DestInfo + "<-" + _SourceInfo + ","; } _strdummy = _strdummy + _DATA; Log("log.txt", _strdummy); } else if (textBoxClient.Text == textBoxServer.Text) { if (_SourceInfo.Contains(textBoxClient.Text) || _DestInfo.Contains(textBoxServer.Text)) { PCK_CTR2++; _strdummy = "**Client->Server,"; if (checkBoxHeader.Checked) { _strdummy = _strdummy + PROTOCOL + "," + _SourceInfo + "->" + _DestInfo + ","; } _strdummy = _strdummy + _DATA; Log("log.txt", _strdummy); } else if (_SourceInfo.Contains(textBoxClient.Text) && _DestInfo.Contains(textBoxServer.Text)) { PCK_CTR2++; _strdummy = "Client->Server,"; if (checkBoxHeader.Checked) { _strdummy = _strdummy + PROTOCOL + "," + _SourceInfo + "->" + _DestInfo + ","; } _strdummy = _strdummy + _DATA; Log("log.txt", _strdummy); } } } } } PARSE_PROCESS_STAT = false; }
/// <summary> /// Refreshes the TreeView control with new set of processes. /// </summary> /// <param name="list"></param> void RefresData(List <Process> list) { AddTreeNode addTreeNode = new AddTreeNode(OnAddTreeNode); foreach (Process item in list) { TreeNode ipNode = new TreeNode(); ipNode.Text = item.ProcessName; // Gets the base priority of the associated process ipNode.Nodes.Add("BasePriority: " + item.BasePriority); // Gets the native handle of the associated process. ipNode.Nodes.Add("Handle: " + item.Handle); // Gets the number of handles opened by the process. ipNode.Nodes.Add("HandleCount: " + item.HandleCount); // Gets the unique identifier for the associated process. ipNode.Nodes.Add("Id: " + item.Id); // Gets the window handle of the main window of the associated process. ipNode.Nodes.Add("MainWindowHandle: " + item.MainWindowHandle); // Gets the caption of the main window of the process. ipNode.Nodes.Add("MainWindowTitle: " + item.MainWindowTitle); // Gets or sets the maximum allowable working set size for // the associated process. ipNode.Nodes.Add("MaxWorkingSet: " + item.MaxWorkingSet); // Gets or sets the minimum allowable working set size for // the associated process. ipNode.Nodes.Add("MinWorkingSet: " + item.MinWorkingSet); // Gets the nonpaged system memory size allocated to this process. ipNode.Nodes.Add("NonpagedSystemMemorySize64: " + item.NonpagedSystemMemorySize64); // Gets the amount of paged memory allocated for the associated process. ipNode.Nodes.Add("PagedMemorySize64: " + item.PagedMemorySize64); // Gets the amount of pageable system memory allocated for the // associated process. ipNode.Nodes.Add("PagedSystemMemorySize64: " + item.PagedSystemMemorySize64); // Gets the maximum amount of memory in the virtual memory paging // file used by the associated process. ipNode.Nodes.Add("PeakPagedMemorySize64: " + item.PeakPagedMemorySize64); // Gets the maximum amount of physical memory used by the // associated process. ipNode.Nodes.Add("PeakWorkingSet64: " + item.PeakWorkingSet64); // Gets the maximum amount of virtual memory used by // the associated process. ipNode.Nodes.Add("PeakVirtualMemorySize64: " + item.PeakVirtualMemorySize64); // Gets or sets a value indicating whether the associated process // priority should temporarily be boosted by the operating system // when the main window has the focus. ipNode.Nodes.Add("PriorityBoostEnabled: " + item.PriorityBoostEnabled); // Gets or sets the overall priority category for the associated process. ipNode.Nodes.Add("PriorityClass: " + item.PriorityClass); // Gets the amount of private memory allocated for // the associated process. ipNode.Nodes.Add("PrivateMemorySize64: " + item.PrivateMemorySize64); // Gets the privileged processor time for this process. ipNode.Nodes.Add("PrivilegedProcessorTime: " + item.PrivilegedProcessorTime); // Gets the name of the process. ipNode.Nodes.Add("ProcessName: " + item.ProcessName); // Gets or sets the processors on which the threads in this process // can be scheduled to run. ipNode.Nodes.Add("ProcessorAffinity: " + item.ProcessorAffinity); // Gets a value indicating whether the user interface of the // process is responding. ipNode.Nodes.Add("Responding: " + item.Responding); // Gets the Terminal Services session identifier for // the associated process. ipNode.Nodes.Add("SessionId: " + item.SessionId); // Gets the time that the associated process was started. ipNode.Nodes.Add("StartTime: " + item.StartTime); // Gets the total processor time for this process. ipNode.Nodes.Add("TotalProcessorTime: " + item.TotalProcessorTime); // Gets the user processor time for this process. ipNode.Nodes.Add("UserProcessorTime: " + item.UserProcessorTime); // Gets the amount of the virtual memory allocated for // the associated process. ipNode.Nodes.Add("VirtualMemorySize64: " + item.VirtualMemorySize64); // Gets the amount of physical memory allocated for // the associated process. ipNode.Nodes.Add("WorkingSet64: " + item.WorkingSet64); // Executes the specified delegate, on the thread that owns the control's // underlying window handle, with the specified list of arguments. tvwShowLockingProcess.Invoke(addTreeNode, new object[] { ipNode }); } }
public void ParseData(byte[] byteData, int nReceived) { TreeNode rootNode = new TreeNode(); AdFunctions adfunc_call = new AdFunctions(); //Since all protocol packets are encapsulated in the IP datagram //so we start by parsing the IP header and see what protocol data //is being carried by it IPHeader ipHeader = new IPHeader(byteData, nReceived); TreeNode ipNode = MakeIPTreeNode(ipHeader); rootNode.Nodes.Add(ipNode); //Now according to the protocol being carried by the IP datagram we parse //the data field of the datagram switch (ipHeader.ProtocolType) { case Protocol.TCP: TCPHeader tcpHeader = new TCPHeader(ipHeader.Data, //IPHeader.Data stores the data being //carried by the IP datagram ipHeader.MessageLength); //Length of the data field TreeNode tcpNode = MakeTCPTreeNode(tcpHeader); rootNode.Nodes.Add(tcpNode); //If the port is equal to 53 then the underlying protocol is DNS //Note: DNS can use either TCP or UDP thats why the check is done twice if (tcpHeader.DestinationPort == "53" || tcpHeader.SourcePort == "53") { TreeNode dnsNode = MakeDNSTreeNode(tcpHeader.Data, (int)tcpHeader.MessageLength); rootNode.Nodes.Add(dnsNode); } break; case Protocol.UDP: UDPHeader udpHeader = new UDPHeader(ipHeader.Data, //IPHeader.Data stores the data being //carried by the IP datagram (int)ipHeader.MessageLength); //Length of the data field //Вывов функции по определению подозрительных UDP пакетов adfunc_call.susp_node(Convert.ToInt32(udpHeader.Length), rootNode); TreeNode udpNode = MakeUDPTreeNode(udpHeader); rootNode.Nodes.Add(udpNode); //If the port is equal to 53 then the underlying protocol is DNS //Note: DNS can use either TCP or UDP thats why the check is done twice if (udpHeader.DestinationPort == "53" || udpHeader.SourcePort == "53") { TreeNode dnsNode = MakeDNSTreeNode(udpHeader.Data, //Length of UDP header is always eight bytes so we subtract that out of the total //length to find the length of the data Convert.ToInt32(udpHeader.Length) - 8); rootNode.Nodes.Add(dnsNode); } break; case Protocol.Unknown: MessageBox.Show("Unknown protocol receaved. Maybe someone is trying to get access to your computer."); break; } AddTreeNode addTreeNode = new AddTreeNode(OnAddTreeNode); rootNode.Text = "From " + ipHeader.SourceAddress.ToString() + " to " + ipHeader.DestinationAddress.ToString(); //Adfunc call pack_count += 1; adfunc_call.Ip_List(ipHeader.SourceAddress.ToString(), ipHeader.DestinationAddress.ToString()); //Thread safe adding of the nodes treeView.Invoke(addTreeNode, new object[] { rootNode }); }