private static void SendResponse(System.Net.NetworkInformation.PhysicalAddress pysSrc,
System.Net.NetworkInformation.PhysicalAddress pysdest,
IPAddress destAddrIp,
IPAddress myAddrIp) //builds arp packed and sends it to poison
{
CaptureDeviceList devices = CaptureDeviceList.Instance;
foreach (ICaptureDevice dev in devices)
{
dev.Open();
//System.Net.NetworkInformation.PhysicalAddress pysSrc = null;
//System.Net.NetworkInformation.PhysicalAddress pysdest = null;
//IPAddress destAddrIp = new IPAddress(null);
//IPAddress myAddrIp = new IPAddress(null);
try
{
var ethernetPacket = new PacketDotNet.EthernetPacket(pysSrc, pysdest, PacketDotNet.EthernetPacketType.Arp);
var arpPacket = new PacketDotNet.ARPPacket(PacketDotNet.ARPOperation.Response, pysdest, destAddrIp, pysSrc, myAddrIp);
ethernetPacket.PayloadPacket = arpPacket;
dev.SendPacket(ethernetPacket);
}
catch (Exception e)
{
}
}
}
private void m_adapter_OnPacketArrival(object sender, CaptureEventArgs e)
{
if (e.Packet.LinkLayerType != PacketDotNet.LinkLayers.Ethernet)
{
return;
}
PacketDotNet.Utils.ByteArraySegment bas = new PacketDotNet.Utils.ByteArraySegment(e.Packet.Data);
PacketDotNet.EthernetPacket ethP = new PacketDotNet.EthernetPacket(bas);
if (ethP.Type != (PacketDotNet.EthernetPacketType) 0x8892 && ethP.Type != PacketDotNet.EthernetPacketType.VLanTaggedFrame)
{
return;
}
if (ethP.PayloadPacket != null && ethP.PayloadPacket is PacketDotNet.Ieee8021QPacket)
{
if (((PacketDotNet.Ieee8021QPacket)ethP.PayloadPacket).Type != (PacketDotNet.EthernetPacketType) 0x8892)
{
return;
}
if (((PacketDotNet.Ieee8021QPacket)ethP.PayloadPacket).PayloadData == null)
{
Trace.TraceWarning("Empty vlan package");
return;
}
m_adapter_OnProfinetArrival(new ConnectionInfoEthernet(this, ethP.DestinationHwAddress, ethP.SourceHwAddress), new MemoryStream(((PacketDotNet.Ieee8021QPacket)ethP.PayloadPacket).PayloadData, false));
}
else
{
if (ethP.PayloadData == null)
{
Trace.TraceWarning("Empty ethernet package");
return;
}
m_adapter_OnProfinetArrival(new ConnectionInfoEthernet(this, ethP.DestinationHwAddress, ethP.SourceHwAddress), new MemoryStream(ethP.PayloadData, false));
}
}
private PacketDotNet.Packet BuildRequest(System.Net.IPAddress destinationIP,
PhysicalAddress localMac,
System.Net.IPAddress localIP)
{
// an arp packet is inside of an ethernet packet
var ethernetPacket = new PacketDotNet.EthernetPacket(localMac,
PhysicalAddress.Parse("FF-FF-FF-FF-FF-FF"),
PacketDotNet.EthernetType.Arp);
var arpPacket = new PacketDotNet.ArpPacket(PacketDotNet.ArpOperation.Request,
PhysicalAddress.Parse("00-00-00-00-00-00"),
destinationIP,
localMac,
localIP);
// the arp packet is the payload of the ethernet packet
ethernetPacket.PayloadPacket = arpPacket;
return(ethernetPacket);
}
private void ProcessLoop()
{
var FakeMACAddr = System.Net.NetworkInformation.PhysicalAddress.Parse("90-90-90-90-90-90");
var Fakeethernetv4Packet = new PacketDotNet.EthernetPacket(FakeMACAddr, FakeMACAddr, PacketDotNet.EthernetPacketType.IPv4);
var Fakeethernetv6Packet = new PacketDotNet.EthernetPacket(FakeMACAddr, FakeMACAddr, PacketDotNet.EthernetPacketType.IPv6);
while (true)
{
var packet = rxBuffer.Take();
int IPversion = (packet.Data[0]) >> 4;
PacketDotNet.Packet ParsedPacket;
PacketDotNet.IPProtocolType IPNextProtocol;
switch (IPversion)
{
case 4:
var FullBytev4 = Fakeethernetv4Packet.Bytes.ToList();
FullBytev4.AddRange(packet.Data);
ParsedPacket = PacketDotNet.Packet.ParsePacket(PacketDotNet.LinkLayers.Ethernet, FullBytev4.ToArray()).PayloadPacket;
var IPv4Header = (PacketDotNet.IPv4Packet)ParsedPacket;
IPNextProtocol = IPv4Header.NextHeader;
ParsedPacket = IPv4Header.PayloadPacket;
break;
case 6:
var FullBytev6 = Fakeethernetv6Packet.Bytes.ToList();
FullBytev6.AddRange(packet.Data);
ParsedPacket = PacketDotNet.Packet.ParsePacket(PacketDotNet.LinkLayers.Ethernet, FullBytev6.ToArray()).PayloadPacket;
var IPv6Header = (PacketDotNet.IPv6Packet)ParsedPacket;
IPNextProtocol = IPv6Header.NextHeader;
ParsedPacket = IPv6Header.PayloadPacket;
break;
default:
txBuffer.Add(packet);
continue;
}
switch (IPNextProtocol)
{
case PacketDotNet.IPProtocolType.UDP:
break;
default:
txBuffer.Add(packet);
continue;
}
try
{
long nonceTime = (DateTimeOffset.Now.ToUnixTimeSeconds() / 300) * 300;
byte[] nonce = sha256Ctx.ComputeHash(Encoding.Default.GetBytes(nonceTime.ToString())).Take(8).ToArray();
byte[] decryptedData;
var NSecKey = Key.Import(AeadAlgorithm.ChaCha20Poly1305, key, KeyBlobFormat.RawSymmetricKey);
var NSecNonce = new Nonce(nonce, 4);
AeadAlgorithm.ChaCha20Poly1305.Decrypt(NSecKey, NSecNonce, null, ParsedPacket.PayloadData, out decryptedData);
if (decryptedData == null)
{
// Data will be null when decrypt failed, this may mean the packet is not sended by this software.
txBuffer.Add(packet);
continue;
}
ProtocolPacket RXProtocolPacket = JsonConvert.DeserializeObject <ProtocolPacket>(System.Text.Encoding.Default.GetString(decryptedData));
if (RXProtocolPacket.PacketMD5Sum == "")
{
continue;
}
ProcessProtocolPacket(RXProtocolPacket);
}
catch (Exception ex)
{
// This will not catch decrypt fail, but may catch other erros likes key format error.
Console.WriteLine(ex);
txBuffer.Add(packet);
}
}
}
private void device_OnPacketArrival(object sender, CaptureEventArgs e)
{
var time = e.Packet.Timeval.Date;
var len = e.Packet.Data.Length;
var pack = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
if (pack is PacketDotNet.EthernetPacket)
{
PacketDotNet.EthernetPacket ethPack = pack as PacketDotNet.EthernetPacket;
if (ethPack.PayloadPacket is PacketDotNet.IPv4Packet)
{
PacketDotNet.IPv4Packet ipPack = ethPack.PayloadPacket as PacketDotNet.IPv4Packet;
//TCP
if (ipPack.PayloadPacket is PacketDotNet.TcpPacket)
{
PacketDotNet.TcpPacket tcpPack = ipPack.PayloadPacket as PacketDotNet.TcpPacket;
if ((ipPack.DestinationAddress.ToString().Equals("172.25.25.50") && tcpPack.DestinationPort == 8001) ||
(ipPack.SourceAddress.ToString().Equals("172.25.25.50") && tcpPack.SourcePort == 8001))
{
//Console.WriteLine("TCP:{0}:{1}-{2}:{3}",ipPack.SourceAddress, tcpPack.SourcePort,ipPack.DestinationAddress,tcpPack.DestinationPort);
if (tcpPack.PayloadData != null && tcpPack.PayloadData.Length > 0)
{
Console.WriteLine("读取数据:{0}", System.Text.Encoding.UTF8.GetString(tcpPack.PayloadData));
}
}
}
//UDP
else if (ipPack.PayloadPacket is PacketDotNet.UdpPacket)
{
PacketDotNet.UdpPacket udp = ipPack.PayloadPacket as PacketDotNet.UdpPacket;
if (ipPack.DestinationAddress.ToString().Equals("172.25.25.69") && udp.DestinationPort == 5060)
{
if (udp.PayloadData != null && udp.PayloadData.Length > 0)
{
Console.WriteLine("读取数据:{0}", System.Text.Encoding.UTF8.GetString(udp.PayloadData));
}
}
//if (ipPack.DestinationAddress.ToString().Equals("172.25.25.69") && udp.DestinationPort == 18038)
if (ipPack.DestinationAddress.ToString().Equals("172.25.25.66") && udp.DestinationPort == 18132)
{
if (udp.PayloadData != null && udp.PayloadData.Length > 100)
{
RtpPacket rtpPacket = new RtpPacket(udp.PayloadData);
RtpHeader rtpHeader = new RtpHeader(udp.PayloadData);
int packetRate = RTPPayloadTypes.GetSamplingFrequency((RTPPayloadTypesEnum)Enum.ToObject(typeof(RTPPayloadTypesEnum), rtpHeader.PayloadType)); //8000
int minSec = ((int)rtpHeader.Timestamp - _preTimestamp - _prePacketLength) / (packetRate / 1000);
_preTimestamp = (int)rtpHeader.Timestamp;
_prePacketLength = rtpPacket.Payload.Length;
//写文件
string fileName = "F:\\" + "testRtp9" + ".wav";
PCMU m_PCMU = new PCMU();
//语音包
using (System.IO.FileStream fs = new System.IO.FileStream(fileName,
System.IO.FileMode.OpenOrCreate, System.IO.FileAccess.Write, System.IO.FileShare.None))
{
byte[] temp = null; //空白语音
byte[] dec = null; //payload荷载数据
byte[] data = null; //完整数据
//空白
if (minSec > 0)
{
//temp = new byte[16 * minSec];
//dec = m_PCMU.Decode_pcm8(rtpPacket.Payload, 0, rtpPacket.Payload.Length);
//data = new byte[temp.Length + dec.Length];
//Array.Copy(temp, 0, data, 0, temp.Length);
//Array.Copy(dec, 0, data, temp.Length, dec.Length);
temp = new byte[8 * minSec];
for (int i = 0; i < temp.Length; i++)
{
temp[i] = 0xFE;
}
dec = rtpPacket.Payload;
data = new byte[temp.Length + dec.Length];
Array.Copy(temp, 0, data, 0, temp.Length);
Array.Copy(dec, 0, data, temp.Length, dec.Length);
data = m_PCMU.Decode_ulaw_pcm8(data, 0, data.Length);
}
else
{
data = m_PCMU.Decode_ulaw_pcm8(rtpPacket.Payload, 0, rtpPacket.Payload.Length);
}
fs.Position = fs.Length;
fs.Write(data, 0, data.Length);
}
}
}
}
}
}
}
//builds arp packed and sends it to poison
private static void SendResponse(System.Net.NetworkInformation.PhysicalAddress pysSrc,
System.Net.NetworkInformation.PhysicalAddress pysdest,
IPAddress destAddrIp,
IPAddress myAddrIp)
{
CaptureDeviceList devices = CaptureDeviceList.Instance;
foreach (ICaptureDevice dev in devices)
{
dev.Open();
//System.Net.NetworkInformation.PhysicalAddress pysSrc = null;
//System.Net.NetworkInformation.PhysicalAddress pysdest = null;
//IPAddress destAddrIp = new IPAddress(null);
//IPAddress myAddrIp = new IPAddress(null);
try
{
var ethernetPacket = new PacketDotNet.EthernetPacket(pysSrc, pysdest, PacketDotNet.EthernetPacketType.Arp);
var arpPacket = new PacketDotNet.ARPPacket(PacketDotNet.ARPOperation.Response, pysdest, destAddrIp, pysSrc, myAddrIp);
ethernetPacket.PayloadPacket = arpPacket;
dev.SendPacket(ethernetPacket);
}
catch (Exception e)
{
}
}
}
private static void AnalyzePacket_Ethernet(PacketDotNet.EthernetPacket packet, PacketAnalyzeParam param)
{
param.Protocol = "Ethernet";
param.SourceHwAddress = packet.SourceHardwareAddress;
param.DestinationHwAddress = packet.DestinationHardwareAddress;
}
private PacketDotNet.Packet BuildRequest(System.Net.IPAddress destinationIP,
PhysicalAddress localMac,
System.Net.IPAddress localIP)
{
// an arp packet is inside of an ethernet packet
var ethernetPacket = new PacketDotNet.EthernetPacket(localMac,
PhysicalAddress.Parse("FF-FF-FF-FF-FF-FF"),
PacketDotNet.EthernetPacketType.Arp);
var arpPacket = new PacketDotNet.ARPPacket(PacketDotNet.ARPOperation.Request,
PhysicalAddress.Parse("00-00-00-00-00-00"),
destinationIP,
localMac,
localIP);
// the arp packet is the payload of the ethernet packet
ethernetPacket.PayloadPacket = arpPacket;
return ethernetPacket;
}
public static void GenerateDataGridViewRow(SharpPcap.CaptureEventArgs e)
{
PacketDotNet.Packet p;
PacketDotNet.InternetLinkLayerPacket iLinkLayerPacket = null;
String row_SourceAddress = "";
String row_DestinationAddress = "";
String row_Protocol = "";
Int32 row_PacketLength = 0;
DataGridViewCellStyle row_cellStyle = new DataGridViewCellStyle();
String row_Time;
// Compute the time of packet arrival
TimeSpan timeInterval;
timeInterval = (e.Packet.Timeval.Date.ToLocalTime() - CaptureStatistic.StartOfCapture);
row_Time = timeInterval.Minutes.ToString() + ":" + timeInterval.Seconds.ToString() + "::" + timeInterval.Milliseconds.ToString();
row_cellStyle.BackColor = Color.White;
// Get PacketDotNet.Packet object
p = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
CaptureStatistic.NumberOfCapturedPackets++;
switch (e.Packet.LinkLayerType)
{
case PacketDotNet.LinkLayers.Ethernet:
#region Parse Ethernet Packets
PacketDotNet.EthernetPacket etherPacket = PacketDotNet.EthernetPacket.GetEncapsulated(p);
iLinkLayerPacket = etherPacket;
// Get Some Ethernet Packet's fields
row_PacketLength = etherPacket.Bytes.Length;
switch (etherPacket.Type)
{
case PacketDotNet.EthernetPacketType.IpV4:
CaptureStatistic.CapturedIpV4++;
PacketDotNet.IPv4Packet ipv4Packet = (PacketDotNet.IPv4Packet)PacketDotNet.IPv4Packet.GetEncapsulated(etherPacket);
row_SourceAddress = ipv4Packet.SourceAddress.ToString();
row_DestinationAddress = ipv4Packet.DestinationAddress.ToString();
row_Protocol = "IPv4/" + ipv4Packet.Protocol.ToString();
switch (ipv4Packet.Protocol)
{
case PacketDotNet.IPProtocolType.TCP:
CaptureStatistic.CapturedTcpV4++;
row_cellStyle = ProtocolColor.TCP;
break;
case PacketDotNet.IPProtocolType.UDP:
CaptureStatistic.CapturedUdpV4++;
row_cellStyle = ProtocolColor.UDP;
break;
case PacketDotNet.IPProtocolType.GRE:
CaptureStatistic.CapturedGre++;
row_cellStyle = ProtocolColor.GRE;
break;
case PacketDotNet.IPProtocolType.ICMP:
CaptureStatistic.CapturedIcmpV4++;
row_cellStyle = ProtocolColor.ICMP;
break;
case PacketDotNet.IPProtocolType.IGMP:
CaptureStatistic.CapturedIgmp++;
row_cellStyle = ProtocolColor.IGMP;
break;
}
break;
case PacketDotNet.EthernetPacketType.IpV6:
CaptureStatistic.CapturedIpV6++;
PacketDotNet.IPv6Packet ipv6Packet = (PacketDotNet.IPv6Packet)PacketDotNet.IPv6Packet.GetEncapsulated(etherPacket);
row_SourceAddress = ipv6Packet.SourceAddress.ToString();
row_DestinationAddress = ipv6Packet.DestinationAddress.ToString();
row_Protocol = "IPv6/" + ipv6Packet.NextHeader.ToString();
switch (ipv6Packet.NextHeader)
{
case PacketDotNet.IPProtocolType.GRE:
CaptureStatistic.CapturedGre++;
break;
case PacketDotNet.IPProtocolType.ICMP:
CaptureStatistic.CapturedIcmpV4++;
break;
case PacketDotNet.IPProtocolType.ICMPV6:
CaptureStatistic.CapturedIcmpV6++;
break;
case PacketDotNet.IPProtocolType.IGMP:
CaptureStatistic.CapturedIgmp++;
break;
case PacketDotNet.IPProtocolType.TCP:
CaptureStatistic.CapturedTcpV6++;
break;
case PacketDotNet.IPProtocolType.UDP:
CaptureStatistic.CapturedUdpV6++;
break;
default:
break;
}
break;
case PacketDotNet.EthernetPacketType.Arp:
CaptureStatistic.CapturedArp++;
row_Protocol = "ARP";
row_SourceAddress = etherPacket.SourceHwAddress.ToString();
row_DestinationAddress = "Broadcast";
row_cellStyle = ProtocolColor.ARP;
break;
default:
row_Protocol = etherPacket.Type.ToString();
break;
}
#endregion
break;
}
// Add packet to the DataGridVeiw
DataGridViewRow newRow = (DataGridViewRow)MainFormDataGridView.RowTemplate.Clone();
newRow.CreateCells(MainFormDataGridView);
newRow.Tag = iLinkLayerPacket;
newRow.SetValues(CaptureStatistic.NumberOfCapturedPackets, row_Time, row_SourceAddress,
row_DestinationAddress, row_Protocol, row_PacketLength);
foreach (DataGridViewCell cell in newRow.Cells)
cell.Style = row_cellStyle;
MainFormDataGridView.Rows.Add(newRow);
}