public void IgmpPacketCapture(object sender, CaptureEventArgs e) //Packet capture and return to string (async) { RawCapture capturePacket = e.Packet; try { if (this.NowCaptureNum <= this.CaptureNum) { var packet = PacketDotNet.Packet.ParsePacket(capturePacket.LinkLayerType, capturePacket.Data); IpPacket ipPacket = (IpPacket)packet.Extract(typeof(PacketDotNet.IpPacket)); if (ipPacket.Version != IpVersion.IPv4 || ipPacket.Protocol != IPProtocolType.IGMP) { return; } IGMPv2Packet igmpPacket = (IGMPv2Packet)ipPacket.Extract(typeof(PacketDotNet.IGMPv2Packet)); this.NowCaptureNum++; ResultData += "Header:" + igmpPacket.Header + "\n"; int i = 1; if (igmpPacket.PayloadData != null) { foreach (byte data in igmpPacket.PayloadData) { ResultData += Convert.ToString(data, 16) + " "; if (i % 8 == 0) { ResultData += "\n"; } i++; } } ResultData += "\n--------------------------------------------\n"; if (this.NowCaptureNum == this.CaptureNum) { StopPacketCapture(); } SendPacketData(); } else { StopPacketCapture(); //PacketCaptureDevice.Close(); CaptureEndEvent(); } } catch (NullReferenceException nullException) { Console.WriteLine(nullException.StackTrace); MessageBox.Show("Can't packet extracted. \n Are you set others protocol in filter?" , "Warining", System.Windows.MessageBoxButton.OK); StopPacketCapture(); //PacketCaptureDevice.Close(); } }
private static void device_OnPacketArrival(object sender, CaptureEventArgs e) { try { Kavprot.Packets.Packet packet = Kavprot.Packets.Packet.ParsePacket(e.Packet); if (packet is Kavprot.Packets.EthernetPacket) { var ip = Kavprot.Packets.IpPacket.GetEncapsulated(packet); if (ip.Protocol == Kavprot.Packets.IPProtocolType.TCP) { TcpPacket tcp = TcpPacket.GetEncapsulated(packet); if (tcp != null) { Alert.Attack("Intrusion Detected", "an intrusion was detected using TCP from " + ip.SourceAddress.ToString() + " @port " + tcp.SourcePort.ToString(), ToolTipIcon.Warning, true); } } else if (ip.Protocol == Kavprot.Packets.IPProtocolType.UDP) { UdpPacket udp = UdpPacket.GetEncapsulated(packet); if (udp != null) { Alert.Attack("Intrusion Detected", "an intrusion was detected using UDP from " + ip.SourceAddress.ToString() + " @port " + udp.SourcePort.ToString(), ToolTipIcon.Warning, true); } } else if (ip.Protocol == Kavprot.Packets.IPProtocolType.IGMP) { IGMPv2Packet igmp = IGMPv2Packet.GetEncapsulated(packet); if (igmp != null) { Alert.Attack("Intrusion Detected : Unwanted IGMP Packet", "an intrusion was detected using IGMP from " + ip.SourceAddress.ToString(), ToolTipIcon.Warning, true); } } else if (ip.Protocol == Kavprot.Packets.IPProtocolType.ICMPV6) { ICMPv6Packet icmp6 = ICMPv6Packet.GetEncapsulated(packet); if (icmp6 != null) { Alert.Attack("Intrusion Detected : Unwanted ICMPv6 Packet", "an intrusion was detected using ICMPv6 from " + ip.SourceAddress.ToString(), ToolTipIcon.Warning, true); } } else if (ip.Protocol == Kavprot.Packets.IPProtocolType.ICMP) { ICMPv4Packet icmp4 = ICMPv4Packet.GetEncapsulated(packet); if (icmp4 != null) { Alert.Attack("Intrusion Detected : Unwanted ICMPv4 Packet", "an intrusion was detected using ICMPv4 from " + ip.SourceAddress.ToString(), ToolTipIcon.Warning, true); } } } } catch { } finally { } }
public void BinarySerialization() { var dev = new CaptureFileReaderDevice("../../CaptureFiles/IGMP dataset.pcap"); dev.Open(); RawCapture rawCapture; bool foundigmp = false; while ((rawCapture = dev.GetNextPacket()) != null) { Packet p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data); var igmp = (IGMPv2Packet)p.Extract(typeof(IGMPv2Packet)); if (igmp == null) { continue; } foundigmp = true; var memoryStream = new MemoryStream(); BinaryFormatter serializer = new BinaryFormatter(); serializer.Serialize(memoryStream, igmp); memoryStream.Seek(0, SeekOrigin.Begin); BinaryFormatter deserializer = new BinaryFormatter(); IGMPv2Packet fromFile = (IGMPv2Packet)deserializer.Deserialize(memoryStream); Assert.AreEqual(igmp.Bytes, fromFile.Bytes); Assert.AreEqual(igmp.BytesHighPerformance.Bytes, fromFile.BytesHighPerformance.Bytes); Assert.AreEqual(igmp.BytesHighPerformance.BytesLength, fromFile.BytesHighPerformance.BytesLength); Assert.AreEqual(igmp.BytesHighPerformance.Length, fromFile.BytesHighPerformance.Length); Assert.AreEqual(igmp.BytesHighPerformance.NeedsCopyForActualBytes, fromFile.BytesHighPerformance.NeedsCopyForActualBytes); Assert.AreEqual(igmp.BytesHighPerformance.Offset, fromFile.BytesHighPerformance.Offset); Assert.AreEqual(igmp.Checksum, fromFile.Checksum); Assert.AreEqual(igmp.Color, fromFile.Color); Assert.AreEqual(igmp.Header, fromFile.Header); Assert.AreEqual(igmp.PayloadData, fromFile.PayloadData); Assert.AreEqual(igmp.Type, fromFile.Type); Assert.AreEqual(igmp.GroupAddress.GetAddressBytes(), fromFile.GroupAddress.GetAddressBytes()); Assert.AreEqual(igmp.GroupAddress.AddressFamily, fromFile.GroupAddress.AddressFamily); Assert.AreEqual(igmp.GroupAddress.IsIPv6LinkLocal, fromFile.GroupAddress.IsIPv6LinkLocal); Assert.AreEqual(igmp.GroupAddress.IsIPv6Multicast, fromFile.GroupAddress.IsIPv6Multicast); Assert.AreEqual(igmp.GroupAddress.IsIPv6SiteLocal, fromFile.GroupAddress.IsIPv6SiteLocal); Assert.AreEqual(igmp.GroupAddress.IsIPv6Teredo, fromFile.GroupAddress.IsIPv6Teredo); Assert.AreEqual(igmp.MaxResponseTime, fromFile.MaxResponseTime); //Method Invocations to make sure that a deserialized packet does not cause //additional errors. igmp.PrintHex(); igmp.UpdateCalculatedValues(); } dev.Close(); Assert.IsTrue(foundigmp, "Capture file contained no igmp packets"); }
public PacketDetials(Packet packet) { this.packet = packet; ethernetPacket = EthernetPacket.GetEncapsulated(packet); if (ethernetPacket != null) { typeName = "Ethernet"; } ipPacket = IpPacket.GetEncapsulated(packet); if (ipPacket != null) { typeName = "Ip"; } arpPacket = ARPPacket.GetEncapsulated(packet); if (arpPacket != null) { typeName = "ARP"; } icmpv4Packet = ICMPv4Packet.GetEncapsulated(packet); if (icmpv4Packet != null) { typeName = "ICMPv4"; } icmpv6Packet = ICMPv6Packet.GetEncapsulated(packet); if (icmpv6Packet != null) { typeName = "ICMPv6"; } igmpv2Packet = IGMPv2Packet.GetEncapsulated(packet); if (igmpv2Packet != null) { typeName = "IGMPv2"; } pppoePacket = PPPoEPacket.GetEncapsulated(packet); if (pppoePacket != null) { typeName = "PPPoE"; } pppPacket = PPPPacket.GetEncapsulated(packet); if (pppPacket != null) { typeName = "PPP"; } tcpPacket = TcpPacket.GetEncapsulated(packet); if (tcpPacket != null) { typeName = "TCP"; } udpPacket = UdpPacket.GetEncapsulated(packet); if (udpPacket != null) { typeName = "UDP"; } }
private void ipNext(IpPacket ip) { PayLoadData = ip.PayloadData; switch (ip.NextHeader) { case IPProtocolType.TCP: //最终协议为TCP TcpPacket tcp = TcpPacket.GetEncapsulated(packet); TCP(tcp); break; case IPProtocolType.UDP: UdpPacket udp = UdpPacket.GetEncapsulated(packet); UDP(udp); break; case IPProtocolType.ICMP: ICMPv4Packet icmp = ICMPv4Packet.GetEncapsulated(packet); ICMPv4(icmp); break; case IPProtocolType.ICMPV6: ICMPv6Packet icmpv6 = ICMPv6Packet.GetEncapsulated(packet); ICMPv6(icmpv6); break; case IPProtocolType.IGMP: IGMPv2Packet igmp = IGMPv2Packet.GetEncapsulated(packet); IGMP(igmp); break; case IPProtocolType.IPV6: List <byte> packetData = new List <byte>(); byte[] tmp = new byte[] { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; packetData.AddRange(tmp); packetData.AddRange(new byte[] { 0x86, 0xdd }); packetData.AddRange(ip.PayloadData); Packet p = Packet.ParsePacket(LinkLayers.Ethernet, packetData.ToArray()); IPv6Packet ip6 = (IPv6Packet)IPv6Packet.GetEncapsulated(p); IPv6(ip6); packet = p; ipNext(ip6 as IpPacket); break; case IPProtocolType.GRE: GREPacket gre = new GREPacket(ip.PayloadData); GRE(gre); break; } }
private void IGMP(IGMPv2Packet v2) { if (IGMPNode == null) { IGMPNode = new TreeNode("IGMP [只适用于IGMPv2]"); IGMPNode.ImageIndex = 4; IGMPNode.SelectedImageIndex = 4; IGMPNode.Name = "IGMP"; } IGMPNode.Nodes.Clear(); IGMPNode.Nodes.Add("Type: " + v2.Type.ToString() + " [0x" + v2.Type.ToString("X") + "]"); IGMPNode.Nodes.Add("Max Response Time: " + string.Format("{0:0:0}", v2.MaxResponseTime / 10) + "sec [0x" + v2.MaxResponseTime.ToString("X") + "]"); IGMPNode.Nodes.Add("Header Checksum: 0x" + v2.Checksum.ToString("X")); IGMPNode.Nodes.Add("Group Address: " + v2.GroupAddress.ToString()); Tree.Nodes.Add(IGMPNode); }
//标记当前数据是否有效 #region 构建数据行 /// <summary> /// DataGridRow /// </summary> /// <returns>返回字符串数据</returns> public string[] Row(RawCapture rawPacket, uint packetID) { string[] rows = new string[7]; rows[0] = string.Format("{0:D7}", packetID); //编号 rows[1] = "Unknown"; rows[2] = rawPacket.Data.Length.ToString(); //数据长度bytes rows[3] = "--"; rows[4] = "--"; rows[5] = "--"; //rows[6] = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss:fff"); rows[6] = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss"); Packet packet = Packet.ParsePacket(rawPacket.LinkLayerType, rawPacket.Data); EthernetPacket ep = EthernetPacket.GetEncapsulated(packet); if (ep != null) { rows[1] = "Ethernet(v2)"; rows[3] = Format.MacFormat(ep.SourceHwAddress.ToString()); rows[4] = Format.MacFormat(ep.DestinationHwAddress.ToString()); rows[5] = "[" + ep.Type.ToString() + "]"; #region IP IpPacket ip = IpPacket.GetEncapsulated(packet); if (ip != null) { if (ip.Version == IpVersion.IPv4) { rows[1] = "IPv4"; } else { rows[1] = "IPv6"; } rows[3] = ip.SourceAddress.ToString(); rows[4] = ip.DestinationAddress.ToString(); rows[5] = "[下层协议:" + ip.NextHeader.ToString() + "] [版本:" + ip.Version.ToString() + "]"; TcpPacket tcp = TcpPacket.GetEncapsulated(packet); if (tcp != null) { rows[1] = "TCP"; rows[3] += " [" + tcp.SourcePort.ToString() + "]"; rows[4] += " [" + tcp.DestinationPort.ToString() + "]"; #region 25:smtp协议;80, 8080, 3128: Http; 21: FTP; if (tcp.DestinationPort.ToString() == "25" || tcp.SourcePort.ToString() == "25") { rows[1] = "SMTP"; } else if (tcp.DestinationPort.ToString() == "80" || tcp.DestinationPort.ToString() == "8080" || tcp.DestinationPort.ToString() == "3128") { rows[1] = "HTTP"; } else if (tcp.DestinationPort.ToString() == "21") { rows[1] = "FTP"; } else if (tcp.DestinationPort.ToString() == "143") { rows[1] = "POP3"; } #endregion return(rows); } UdpPacket udp = UdpPacket.GetEncapsulated(packet); if (udp != null) { if (rawPacket.Data[42] == ((byte)02)) { rows[1] = "OICQ"; } else { rows[1] = "UDP"; } rows[3] += " [" + udp.SourcePort.ToString() + "]"; rows[4] += " [" + udp.DestinationPort.ToString() + "]"; return(rows); } ICMPv4Packet icmpv4 = ICMPv4Packet.GetEncapsulated(packet); if (icmpv4 != null) { rows[1] = "ICMPv4"; rows[5] = "[校验:" + icmpv4.Checksum.ToString() + "] [类型:" + icmpv4.TypeCode.ToString() + "] [序列号:" + icmpv4.Sequence.ToString() + "]"; return(rows); } ICMPv6Packet icmpv6 = ICMPv6Packet.GetEncapsulated(packet); if (icmpv6 != null) { rows[1] = "ICMPv6"; rows[5] = "[Code:" + icmpv6.Code.ToString() + "] [Type" + icmpv6.Type.ToString() + "]"; return(rows); } IGMPv2Packet igmp = IGMPv2Packet.GetEncapsulated(packet); if (igmp != null) { rows[1] = "IGMP"; rows[5] = "[只适用于IGMPv2] [组地址:" + igmp.GroupAddress.ToString() + "] [类型:" + igmp.Type.ToString() + "]"; return(rows); } return(rows); } #endregion ARPPacket arp = ARPPacket.GetEncapsulated(packet); if (arp != null) { rows[1] = "ARP"; rows[3] = Format.MacFormat(arp.SenderHardwareAddress.ToString()); rows[4] = Format.MacFormat(arp.TargetHardwareAddress.ToString()); rows[5] = "[Arp操作方式:" + arp.Operation.ToString() + "] [发送者:" + arp.SenderProtocolAddress.ToString() + "] [目标:" + arp.TargetProtocolAddress.ToString() + "]"; return(rows); } WakeOnLanPacket wp = WakeOnLanPacket.GetEncapsulated(packet); if (wp != null) { rows[1] = "Wake On Lan"; rows[3] = Format.MacFormat(ep.SourceHwAddress.ToString()); rows[4] = Format.MacFormat(wp.DestinationMAC.ToString()); rows[5] = "[唤醒网络地址:" + wp.DestinationMAC.ToString() + "] [有效性:" + wp.IsValid().ToString() + "]"; return(rows); } PPPoEPacket poe = PPPoEPacket.GetEncapsulated(packet); if (poe != null) { rows[1] = "PPPoE"; rows[5] = poe.Type.ToString() + " " + poe.Version.ToString(); return(rows); } LLDPPacket llp = LLDPPacket.GetEncapsulated(packet); if (llp != null) { rows[1] = "LLDP"; rows[5] = llp.ToString(); return(rows); } return(rows); } //链路层 PPPPacket ppp = PPPPacket.GetEncapsulated(packet); if (ppp != null) { rows[1] = "PPP"; rows[3] = "--"; rows[4] = "--"; rows[5] = "协议类型:" + ppp.Protocol.ToString(); return(rows); } //PPPSerial PppSerialPacket ppps = PppSerialPacket.GetEncapsulated(packet); if (ppps != null) { rows[1] = "PPP"; rows[3] = "--"; rows[4] = "0x" + ppps.Address.ToString("X2"); rows[5] = "地址:" + ppps.Address.ToString("X2") + " 控制:" + ppps.Control.ToString() + " 协议类型:" + ppps.Protocol.ToString(); return(rows); } //Cisco HDLC CiscoHDLCPacket hdlc = CiscoHDLCPacket.GetEncapsulated(packet); if (hdlc != null) { rows[1] = "Cisco HDLC"; rows[3] = "--"; rows[4] = "0x" + hdlc.Address.ToString("X2"); rows[5] = "地址:" + hdlc.Address.ToString("X2") + " 控制:" + hdlc.Control.ToString() + " 协议类型:" + hdlc.Protocol.ToString(); return(rows); } #region //SmtpPacket smtp = SmtpPacket. #endregion PacketDotNet.Ieee80211.MacFrame ieee = Packet.ParsePacket(rawPacket.LinkLayerType, rawPacket.Data) as PacketDotNet.Ieee80211.MacFrame; if (ieee != null) { rows[1] = "IEEE802.11 MacFrame"; rows[3] = "--"; rows[4] = "--"; rows[5] = "帧校验序列:" + ieee.FrameCheckSequence.ToString() + " 封装帧:" + ieee.FrameControl.ToString(); return(rows); } PacketDotNet.Ieee80211.RadioPacket ieeePacket = Packet.ParsePacket(rawPacket.LinkLayerType, rawPacket.Data) as PacketDotNet.Ieee80211.RadioPacket; if (ieeePacket != null) { rows[1] = "IEEE Radio"; rows[5] = "Version=" + ieeePacket.Version.ToString(); } LinuxSLLPacket linux = Packet.ParsePacket(rawPacket.LinkLayerType, rawPacket.Data) as LinuxSLLPacket; if (linux != null) { rows[1] = "LinuxSLL"; rows[5] = "Tyep=" + linux.Type.ToString() + " Protocol=" + linux.EthernetProtocolType.ToString(); } return(rows); }
private void listView1_ItemSelectionChanged(object sender, ListViewItemSelectionChangedEventArgs e) { string protocol = e.Item.SubItems[4].Text; int key = int.Parse(e.Item.SubItems[0].Text); bool getPacket = capturedPackets_list.TryGetValue(key, out Packet packet); switch (protocol) { case "TCP": if (getPacket) { TcpPacket tcpPacket = (TcpPacket)packet.Extract(typeof(TcpPacket)); if (tcpPacket != null) { string Data = PrintBytes(tcpPacket.Bytes).Replace(PrintBytes(tcpPacket.Header) + ",", ""); if (!string.IsNullOrEmpty(TargetIP) && Data.Length > 1) { textBox2.Text = ""; textBox2.Text = PacketDecrypt(Data); } else { int srcPort = tcpPacket.SourcePort; int dstPort = tcpPacket.DestinationPort; ushort checksum = tcpPacket.Checksum; textBox2.Text = ""; textBox2.Text = "Packet number: " + key + " Type: TCP" + "\r\nSource port: " + srcPort + "\r\nDestination port: " + dstPort + "\r\nTCP header size: " + tcpPacket.DataOffset + "\r\nWindow size: " + tcpPacket.WindowSize + // bytes that the receiver is willing to receive //"\r\nChecksum:" + checksum.ToString() + (tcpPacket.ValidChecksum ? ",valid" : ",invalid") + //"\r\nTCP checksum: " + (tcpPacket.ValidTCPChecksum ? ",valid" : ",invalid") + //"\r\nSequence number: " + tcpPacket.SequenceNumber.ToString() + //"\r\nAcknowledgment number: " + tcpPacket.AcknowledgmentNumber + (tcpPacket.Ack ? ",valid" : ",invalid") + //// flags //"\r\nUrgent pointer: " + (tcpPacket.Urg ? "valid" : "invalid") + //"\r\nACK flag: " + (tcpPacket.Ack ? "1" : "0") + // indicates if the AcknowledgmentNumber is valid //"\r\nPSH flag: " + (tcpPacket.Psh ? "1" : "0") + // push 1 = the receiver should pass the data to the app immidiatly, don't buffer it //"\r\nRST flag: " + (tcpPacket.Rst ? "1" : "0") + // reset 1 is to abort existing connection // // SYN indicates the sequence numbers should be synchronized between the sender and receiver to initiate a connection //"\r\nSYN flag: " + (tcpPacket.Syn ? "1" : "0") + //// closing the connection with a deal, host_A sends FIN to host_B, B responds with ACK //// FIN flag indicates the sender is finished sending //"\r\nFIN flag: " + (tcpPacket.Fin ? "1" : "0") + //"\r\nECN flag: " + (tcpPacket.ECN ? "1" : "0") + //"\r\nCWR flag: " + (tcpPacket.CWR ? "1" : "0") + //"\r\nNS flag: " + (tcpPacket.NS ? "1" : "0") + "\r\nRawBytes: " + Data; } } } break; case "UDP": if (getPacket) { UdpPacket udpPacket = (UdpPacket)packet.Extract(typeof(UdpPacket)); if (udpPacket != null) { int srcPort = udpPacket.SourcePort; int dstPort = udpPacket.DestinationPort; ushort checksum = udpPacket.Checksum; textBox2.Text = ""; textBox2.Text = "Packet number: " + key + " Type: UDP" + "\r\nSource port:" + srcPort + "\r\nDestination port: " + dstPort + "\r\nChecksum:" + checksum.ToString() + " valid: " + udpPacket.ValidChecksum + "\r\nValid UDP checksum: " + udpPacket.ValidUDPChecksum + "\r\nData: " + PrintBytes(udpPacket.Bytes) + "\r\nTryGetString: " + Encoding.Default.GetString(udpPacket.Bytes); } } break; case "ARP": if (getPacket) { ARPPacket arpPacket = (ARPPacket)packet.Extract(typeof(ARPPacket)); if (arpPacket != null) { System.Net.IPAddress senderAddress = arpPacket.SenderProtocolAddress; System.Net.IPAddress targerAddress = arpPacket.TargetProtocolAddress; System.Net.NetworkInformation.PhysicalAddress senderHardwareAddress = arpPacket.SenderHardwareAddress; System.Net.NetworkInformation.PhysicalAddress targerHardwareAddress = arpPacket.TargetHardwareAddress; textBox2.Text = ""; textBox2.Text = "Packet number: " + key + " Type: ARP" + "\r\nHardware address length:" + arpPacket.HardwareAddressLength + "\r\nProtocol address length: " + arpPacket.ProtocolAddressLength + "\r\nOperation: " + arpPacket.Operation.ToString() + // ARP request or ARP reply ARP_OP_REQ_CODE, ARP_OP_REP_CODE "\r\nSender protocol address: " + senderAddress + "\r\nTarget protocol address: " + targerAddress + "\r\nSender hardware address: " + senderHardwareAddress + "\r\nTarget hardware address: " + targerHardwareAddress; } } break; case "ICMP": if (getPacket) { ICMPv4Packet icmpPacket = (ICMPv4Packet)packet.Extract(typeof(ICMPv4Packet)); if (icmpPacket != null) { textBox2.Text = ""; textBox2.Text = "Packet number: " + key + " Type: ICMP v4" + "\r\nType Code: 0x" + icmpPacket.TypeCode.ToString("x") + "\r\nChecksum: " + icmpPacket.Checksum.ToString("x") + "\r\nID: 0x" + icmpPacket.ID.ToString("x") + "\r\nSequence number: " + icmpPacket.Sequence.ToString("x"); } } break; case "IGMP": if (getPacket) { IGMPv2Packet igmpPacket = (IGMPv2Packet)packet.Extract(typeof(IGMPv2Packet)); if (igmpPacket != null) { textBox2.Text = ""; textBox2.Text = "Packet number: " + key + " Type: IGMP v2" + "\r\nType: " + igmpPacket.Type + "\r\nGroup address: " + igmpPacket.GroupAddress + "\r\nMax response time" + igmpPacket.MaxResponseTime; } } break; default: textBox2.Text = ""; break; } }