private void ipNext(IpPacket ip)
{
switch (ip.NextHeader)
{
case IPProtocolType.TCP:
TcpPacket tcp = (TcpPacket)ip.Extract(typeof(TcpPacket));
TCP(tcp);
break;
case IPProtocolType.UDP:
UdpPacket udp = (UdpPacket)ip.Extract(typeof(UdpPacket));
UDP(udp);
break;
case IPProtocolType.ICMP:
ICMPv4Packet icmp = (ICMPv4Packet)ip.Extract(typeof(ICMPv4Packet));
ICMP(icmp);
break;
case IPProtocolType.ICMPV6:
ICMPv6Packet icmpv6 = (ICMPv6Packet)ip.Extract(typeof(ICMPv6Packet));
ICMPv6(icmpv6);
break;
case IPProtocolType.IGMP:
break;
default:
break;
}
}
public void IgmpPacketCapture(object sender, CaptureEventArgs e) //Packet capture and return to string (async)
{
RawCapture capturePacket = e.Packet;
try
{
if (this.NowCaptureNum <= this.CaptureNum)
{
var packet = PacketDotNet.Packet.ParsePacket(capturePacket.LinkLayerType, capturePacket.Data);
IpPacket ipPacket = (IpPacket)packet.Extract(typeof(PacketDotNet.IpPacket));
if (ipPacket.Version != IpVersion.IPv4 || ipPacket.Protocol != IPProtocolType.IGMP)
{
return;
}
IGMPv2Packet igmpPacket = (IGMPv2Packet)ipPacket.Extract(typeof(PacketDotNet.IGMPv2Packet));
this.NowCaptureNum++;
ResultData += "Header:" + igmpPacket.Header + "\n";
int i = 1;
if (igmpPacket.PayloadData != null)
{
foreach (byte data in igmpPacket.PayloadData)
{
ResultData += Convert.ToString(data, 16) + " ";
if (i % 8 == 0)
{
ResultData += "\n";
}
i++;
}
}
ResultData += "\n--------------------------------------------\n";
if (this.NowCaptureNum == this.CaptureNum)
{
StopPacketCapture();
}
SendPacketData();
}
else
{
StopPacketCapture();
//PacketCaptureDevice.Close();
CaptureEndEvent();
}
}
catch (NullReferenceException nullException)
{
Console.WriteLine(nullException.StackTrace);
MessageBox.Show("Can't packet extracted. \n Are you set others protocol in filter?"
, "Warining", System.Windows.MessageBoxButton.OK);
StopPacketCapture();
//PacketCaptureDevice.Close();
}
}
private static UdpPacket ExtractUdpPacket(IpPacket ip_packet)
{
UdpPacket udp_packet = (UdpPacket)ip_packet.Extract(typeof(UdpPacket));
Debug.WriteLineIf(udp_packet != null, "UDP packet: " + udp_packet.ToString());
return(udp_packet);
}
/// <summary>
/// Get the packet Information from <see cref="RawCapture"/>
/// </summary>
/// <param name="rawCapture">The raw captured packet</param>
/// <param name="len">Get the length of bytes of the packet</param>
/// <param name="protocol">Get the tansport protocol of the packet</param>
/// <returns>The Addresses of the packet. Null if the packet has error, or it's not IP packet, or It's IPV6.</returns>
public static PacketAddress GetPacketAddressFromRowPacket(RawCapture rawCapture, ref int len, ref TCPUDP protocol)
{
try
{
Packet p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data);
IpPacket ipPacket = (IpPacket)p.Extract(typeof(IpPacket));
if (ipPacket != null)
{
len = ipPacket.PayloadLength;
IPAddress sourceAddress, destinationAddress;
sourceAddress = ipPacket.SourceAddress;
destinationAddress = ipPacket.DestinationAddress;
if (sourceAddress.AddressFamily == System.Net.Sockets.AddressFamily.InterNetwork &&
destinationAddress.AddressFamily == System.Net.Sockets.AddressFamily.InterNetwork)
{
IPProtocolType type = ipPacket.NextHeader;
if (type == IPProtocolType.TCP)
{
TcpPacket tcpPacket = (TcpPacket)ipPacket.Extract(typeof(TcpPacket));
if (tcpPacket != null)
{
protocol = TCPUDP.TCP;
return(new PacketAddress(sourceAddress, tcpPacket.SourcePort, destinationAddress, tcpPacket.DestinationPort));
}
}
else if (type == IPProtocolType.UDP)
{
UdpPacket udpPacket = (UdpPacket)ipPacket.Extract(typeof(UdpPacket));
if (udpPacket != null)
{
protocol = TCPUDP.UDP;
return(new PacketAddress(sourceAddress, udpPacket.SourcePort, destinationAddress, udpPacket.DestinationPort));
}
}
}
}
return(null);
}
catch (Exception)
{
Console.WriteLine("Packet Error");
//Console.WriteLine(e.Message + "\n" + e.StackTrace);
return(null);
}
}
/// <summary>
/// 抓包事件函数,在抓到符合条件的数据包的时候该函数将被调用
/// 功能:
/// 1. 获得当前数据包的时间间隔、长度、协议类型、地址等参数
/// 2. 将信息输出到RichTextBox控件显示出来
/// </summary>
private void device_OnPacketArrival(object sender, CaptureEventArgs packet)
{
// 时间和长度的获取
DateTime time = packet.Packet.Timeval.Date;
int len = packet.Packet.Data.Length;
// 解析数据包成:IP包
Packet p = Packet.ParsePacket(packet.Packet.LinkLayerType, packet.Packet.Data);
IpPacket ip = (IpPacket)p.Extract(typeof(IpPacket));
string src_port = "", dst_port = "";
if (ip.Protocol == IPProtocolType.TCP)
{
TcpPacket tcp = (TcpPacket)ip.Extract(typeof(TcpPacket));
src_port = tcp.SourcePort.ToString();
dst_port = tcp.DestinationPort.ToString();
}
else if (ip.Protocol == IPProtocolType.UDP)
{
UdpPacket tcp = (UdpPacket)ip.Extract(typeof(UdpPacket));
src_port = tcp.SourcePort.ToString();
dst_port = tcp.DestinationPort.ToString();
}
// 数据包信息
string info = string.Format("\nsrc_addr={0}, des_addr={1}, type={2}, src_port={3}, dst_port={4}\n",
ip.SourceAddress, ip.DestinationAddress, ip.Protocol, src_port, dst_port);
info += string.Format("{0}:{1}:{2},{3} Len={4}\n",
time.Hour, time.Minute, time.Second, time.Millisecond, len);
info += string.Format(byteToHexStr(packet.Packet.Data));
// 使用委托显示结果
richTextBox1.Invoke(disp_info, info);
}
public TCPPackage(IpPacket ipPacket) : base(ipPacket)
{
if (ipPacket.Protocol != IPProtocolType.TCP)
{
throw new ArgumentException("Cannot create a instance of TCPPackage from a ipPacket with protocol different than TCP");
}
var tcpPacket = (TcpPacket)ipPacket.Extract(typeof(TcpPacket));
_syn = tcpPacket.Syn;
_fin = tcpPacket.Fin;
_rst = tcpPacket.Rst;
_ack = tcpPacket.Ack;
_bytesCount = tcpPacket.Bytes.Count();
_sequenceNumber = tcpPacket.SequenceNumber;
_windowSize = tcpPacket.WindowSize;
_acknowledgementNumber = tcpPacket.AcknowledgmentNumber;
_sourcePort = tcpPacket.SourcePort;
_destinationPort = tcpPacket.DestinationPort;
}
//在树形控件中加入igmp节点
private void igmpTreeView(IpPacket p)
{
var IPv4 = (IPv4Packet)p.Extract(typeof(IPv4Packet));
if (IPv4 != null)
{
addIpv4Node(IPv4);
}
var IGMP = (IGMPv2Packet)p.Extract(typeof(IGMPv2Packet));
TreeNode igmpNode = new TreeNode();
igmpNode.Text = "Internet Group Management Protocal";
treeView.Nodes.Add(igmpNode);
igmpNode.Nodes.Add(new TreeNode("Type: " + IGMP.Type + " (0x" + IGMP.Header[0].ToString("X2") + ")"));
igmpNode.Nodes.Add(new TreeNode("Max Resp Time: " + (Convert.ToDouble(IGMP.MaxResponseTime) / 10.0).ToString("0.0") + " sec" + " (0x" + IGMP.Header[1].ToString("X2") + ")"));
igmpNode.Nodes.Add(new TreeNode("Header checksum: 0x" + IGMP.Checksum.ToString("X4")));
igmpNode.Nodes.Add(new TreeNode("Multicast Asddress: " + IGMP.GroupAddress));
this.treeView.ExpandAll();
}
//在树形控件中加入icmp节点
private void icmpTreeView(IpPacket p)
{
var IPv4 = (IPv4Packet)p.Extract(typeof(IPv4Packet));
if (IPv4 != null)
{
addIpv4Node(IPv4);
}
string MF = Convert.ToString(IPv4.FragmentFlags, 2).PadLeft(3, '0').Substring(2, 1);
int OFF = IPv4.FragmentOffset;
var ICMP = (ICMPv4Packet)p.Extract(typeof(ICMPv4Packet));
TreeNode icmpNode = new TreeNode();
icmpNode.Text = "Internet Control Meaasge Protocal";
treeView.Nodes.Add(icmpNode);
string type = ICMP.Header[0].ToString("D");
string code = ICMP.Header[1].ToString("D");
string description = "";
//如果是分片包且不是第一个,输出See it's first fragment
if (isFragment(MF, OFF) && OFF != 0)
{
type = "See it's first fragment";
code = "See it's first fragment";
}
else
{
if (type == "0")
description = " (Echo (ping) reply)";
else if (type == "8")
description = " (Echo (ping) requst)";
else
description = "";
}
icmpNode.Nodes.Add(new TreeNode("Type: " + type + description));
icmpNode.Nodes.Add(new TreeNode("Code: " + code));
icmpNode.Nodes.Add(new TreeNode("Checksum: 0x" + ICMP.Checksum.ToString("X4")));
this.treeView.ExpandAll();
}
//在树形控件中加入udp节点
private void udpTreeView(IpPacket p)
{
var IPv4 = (IPv4Packet)p.Extract(typeof(IPv4Packet));
if (IPv4 != null)
{
addIpv4Node(IPv4);
}
else
{
var IPv6 = (IPv6Packet)p.Extract(typeof(IPv6Packet));
addIpv6Node(IPv6);
}
var UDP = (UdpPacket)p.Extract(typeof(UdpPacket));
TreeNode udpNode = new TreeNode();
udpNode.Text = "User Datagram Protocal, Src Port: " + UDP.SourcePort + ", Dst Port: " + UDP.DestinationPort;
treeView.Nodes.Add(udpNode);
udpNode.Nodes.Add(new TreeNode("Source Port: " + UDP.SourcePort));
udpNode.Nodes.Add(new TreeNode("Destination Port: " + UDP.DestinationPort));
udpNode.Nodes.Add(new TreeNode("Length: " + UDP.Length));
udpNode.Nodes.Add(new TreeNode("Checksum: 0x" + UDP.Checksum.ToString("X4")));
this.treeView.ExpandAll();
}
//在树形控件中加入tcp节点
private void tcpTreeView(IpPacket p)
{
var IPv4 = (IPv4Packet)p.Extract(typeof(IPv4Packet));
if (IPv4 != null)
{
addIpv4Node(IPv4);
}
else
{
var IPv6 = (IPv6Packet)p.Extract(typeof(IPv6Packet));
addIpv6Node(IPv6);
}
var TCP = (TcpPacket)p.Extract(typeof(TcpPacket));
TreeNode tcpNode = new TreeNode();
tcpNode.Text = "Transmission Control Protocal, Src Port: " + TCP.SourcePort + ", Dst Port: " + TCP.DestinationPort + ", Seq: " + TCP.SequenceNumber.ToString() + ", Ack: " + TCP.Ack.CompareTo(false);
treeView.Nodes.Add(tcpNode);
tcpNode.Nodes.Add(new TreeNode("Source Port: " + TCP.SourcePort));
tcpNode.Nodes.Add(new TreeNode("Destination Port: " + TCP.DestinationPort));
tcpNode.Nodes.Add(new TreeNode("Sequence number: " + TCP.SequenceNumber));
tcpNode.Nodes.Add(new TreeNode("Acknowledgement: " + TCP.AcknowledgmentNumber));
tcpNode.Nodes.Add(new TreeNode("Header Length: " + (TCP.DataOffset * 4).ToString() + " bytes"));
TreeNode allFlags = new TreeNode();
allFlags.Text = System.Convert.ToString(TCP.AllFlags, 2).PadLeft(12, '0') + " = Flags: 0x" + TCP.Header[12].ToString("X").Substring(1, 1).PadLeft(1, '0') + TCP.Header[13].ToString("X").PadLeft(2, '0');
tcpNode.Nodes.Add(allFlags);
allFlags.Nodes.Add(new TreeNode("0000 00.. .... = Reserved: Not set"));
allFlags.Nodes.Add(new TreeNode(".... .." + TCP.Urg.CompareTo(false) + ". .... = Urgent: " + ((TCP.Urg) ? "Set" : "Not set")));
allFlags.Nodes.Add(new TreeNode(".... ..." + TCP.Ack.CompareTo(false) + " .... = Acknowledgement: " + ((TCP.Ack) ? "Set" : "Not set")));
allFlags.Nodes.Add(new TreeNode(".... .... " + TCP.Psh.CompareTo(false) + "... = Push: " + ((TCP.Psh) ? "Set" : "Not set")));
allFlags.Nodes.Add(new TreeNode(".... .... ." + TCP.Rst.CompareTo(false) + ".. = Reset: " + ((TCP.Rst) ? "Set" : "Not set")));
allFlags.Nodes.Add(new TreeNode(".... .... .." + TCP.Syn.CompareTo(false) + ". = Syn: " + ((TCP.Syn) ? "Set" : "Not set")));
allFlags.Nodes.Add(new TreeNode(".... .... ..." + TCP.Fin.CompareTo(false) + " = Fin: " + ((TCP.Fin) ? "Set" : "Not set")));
tcpNode.Nodes.Add(new TreeNode("Window size value: " + TCP.WindowSize));
tcpNode.Nodes.Add(new TreeNode("Checksum: 0x" + TCP.Checksum.ToString("X4")));
tcpNode.Nodes.Add(new TreeNode("Urgent Pointer: " + TCP.UrgentPointer));
this.treeView.ExpandAll();
}
public void Ipv6PacketCapture(object sender, CaptureEventArgs e) //Packet capture and return to string (async)
{
RawCapture capturePacket = e.Packet;
try
{
if (this.NowCaptureNum <= this.CaptureNum)
{
var packet = PacketDotNet.Packet.ParsePacket(capturePacket.LinkLayerType, capturePacket.Data);
IpPacket ipPacket = (IpPacket)packet.Extract(typeof(PacketDotNet.IpPacket));
if (ipPacket.Version != IpVersion.IPv6)
{
return;
}
IPv6Packet ipv6Packet = (IPv6Packet)ipPacket.Extract(typeof(PacketDotNet.IPv6Packet));
this.NowCaptureNum++;
ResultData += "Version:" + ipv6Packet.Version + " ";
ResultData += "Traffic Class:" + ipv6Packet.TrafficClass + " ";
ResultData += "Flow Label:" + ipv6Packet.FlowLabel + "\n";
ResultData += "Payload Length:" + ipv6Packet.PayloadLength + " ";
ResultData += "Next Header:" + ipv6Packet.NextHeader + " ";
ResultData += "Hop Limit:" + ipv6Packet.HopLimit + "\n";
ResultData += "Source Address:" + ipv6Packet.SourceAddress + "\n";
ResultData += "Destination Address:" + ipv6Packet.DestinationAddress + "\n";
int i = 1;
if (ipv6Packet.PayloadData != null)
{
foreach (byte data in ipv6Packet.PayloadData)
{
ResultData += Convert.ToString(data, 16) + " ";
if (i % 8 == 0)
{
ResultData += "\n";
}
i++;
}
}
ResultData += "\n--------------------------------------------\n";
if (this.NowCaptureNum == this.CaptureNum)
{
StopPacketCapture();
}
SendPacketData();
}
else
{
StopPacketCapture();
//PacketCaptureDevice.Close();
CaptureEndEvent();
}
}
catch (NullReferenceException nullException)
{
Console.WriteLine(nullException.StackTrace);
MessageBox.Show("Can't packet extracted. \n Are you set others protocol in filter?"
, "Warining", System.Windows.MessageBoxButton.OK);
StopPacketCapture();
//PacketCaptureDevice.Close();
}
}
