public void Parse(string pcapFileName) { using (PcapFileReader pcapReader = new PcapFileReader(pcapFileName)) { ThreadStart threadStart = new ThreadStart(pcapReader.ThreadStart); Thread pcapReaderThread = new Thread(threadStart); //string exePath = System.IO.Path.GetFullPath(System.Windows.Forms.Application.ExecutablePath); //string executablePath = System.IO.Path.GetFullPath(System.Diagnostics.Process.GetCurrentProcess().MainModule.FileName); string executablePath = System.IO.Path.GetFullPath(System.Reflection.Assembly.GetEntryAssembly().Location); PacketParser.PacketHandler packetHandler = new PacketHandler(executablePath, System.Environment.CurrentDirectory, null, true, new Func <DateTime, string>((DateTime dateTime) => { return(dateTime.ToUniversalTime().ToString("u")); }), false); packetHandler.StartBackgroundThreads(); int readFrames = 0; foreach (PcapFrame packet in pcapReader.PacketEnumerator()) { /* * while (readFrames % (100) == 0 && packetHandler.FramesInQueue > 1000) { * System.Threading.Thread.Sleep(100); * } */ PacketParser.Frame frame = packetHandler.GetFrame(packet.Timestamp, packet.Data, packet.DataLinkType); packetHandler.AddFrameToFrameParsingQueue(frame); readFrames++; } } }
public void Parse(string pcapFileName) { using (PcapFileHandler.PcapFileReader pcapReader = new PcapFileHandler.PcapFileReader(pcapFileName)) { ThreadStart threadStart = new ThreadStart(pcapReader.ThreadStart); Thread pcapReaderThread = new Thread(threadStart); //string exePath = System.IO.Path.GetFullPath(System.Windows.Forms.Application.ExecutablePath); string executablePath = System.IO.Path.GetFullPath(System.Diagnostics.Process.GetCurrentProcess().MainModule.FileName); PacketParser.PacketHandler packetHandler = new PacketHandler(executablePath, System.Environment.CurrentDirectory); packetHandler.StartBackgroundThreads(); int readFrames = 0; foreach (PcapFileHandler.PcapFrame packet in pcapReader.PacketEnumerator()) { while (readFrames % (100) == 0 && packetHandler.FramesInQueue > 1000) { System.Threading.Thread.Sleep(100); } PacketParser.Frame frame = packetHandler.GetFrame(packet.Timestamp, packet.Data, packet.DataLinkType); packetHandler.AddFrameToFrameParsingQueue(frame); readFrames++; } } }
void pcapOverIpReceiver_DoWork(object sender, DoWorkEventArgs e) { this.receivedFrames = 0; DateTime lastGuiUpdateTime = DateTime.Now; TimeSpan updateRate = new TimeSpan(2000000); DateTime firstFrameTimestamp = DateTime.MinValue; DateTime lastFrameTimestamp = DateTime.MinValue; string filename = Tools.GenerateCaptureFileName(DateTime.Now); string fileFullPath = this.packetHandler.OutputDirectory + "Captures" + System.IO.Path.DirectorySeparatorChar + filename; //string fileFullPath = System.IO.Path.GetDirectoryName(System.IO.Path.GetFullPath(System.Windows.Forms.Application.ExecutablePath)) + System.IO.Path.DirectorySeparatorChar + "Captures" + System.IO.Path.DirectorySeparatorChar + filename; PcapFileWriter pcapFileWriter = new PcapFileWriter(fileFullPath, this.pcapStreamReader.FileDataLinkType[0]); //this.caseFileLoadedCallback( this.addCaseFileCallback(fileFullPath, filename); using (pcapFileWriter) { //foreach (PcapFileHandler.PcapPacket pcapPacket in this.pcapStreamReader.PacketEnumerator(delegate() { Application.DoEvents(); }, null)) { foreach (PcapFrame pcapPacket in this.pcapStreamReader.PacketEnumerator()) { this.receivedFrames++; if (this.pcapTcpStream.SocketState == PcapTcpStream.TcpSocketState.Connected) { this.pcapTcpStream.SocketState = PcapTcpStream.TcpSocketState.Receiving; } pcapFileWriter.WriteFrame(pcapPacket); if (firstFrameTimestamp == DateTime.MinValue) { firstFrameTimestamp = pcapPacket.Timestamp; } lastFrameTimestamp = pcapPacket.Timestamp; int millisecondsToSleep = 1; while (this.packetHandler.FramesInQueue > 100) //This can become a for-ever loop if packetHandler chokes and hangs might might be a good idea to do a this.pcapStreamReader.AbortFileRead() and throw an exception? { System.Threading.Thread.Sleep(millisecondsToSleep); if (millisecondsToSleep < 200) { millisecondsToSleep *= 2; } //Application.DoEvents();//REMOVED 2014-06-24 } PacketParser.Frame frame = packetHandler.GetFrame(pcapPacket.Timestamp, pcapPacket.Data, pcapPacket.DataLinkType); packetHandler.AddFrameToFrameParsingQueue(frame); if (DateTime.Now > lastGuiUpdateTime.Add(updateRate)) { //we need to update the GUI this.UpdateGui(); lastGuiUpdateTime = DateTime.Now; } if (this.pcapOverIpReceiver.CancellationPending) { break; } } } this.UpdateGui(); this.caseFileLoadedCallback(fileFullPath, this.receivedFrames, firstFrameTimestamp, lastFrameTimestamp); }
//Server Certificate: http://tools.ietf.org/html/rfc2246 7.4.2 private void ParseExtensions(PacketParser.Frame parentFrame, int extensionsStartIndex, ushort extensionsLength) { int extensionIndex = extensionsStartIndex; while (extensionIndex < this.PacketEndIndex && extensionIndex < extensionsStartIndex + extensionsLength) { ushort extensionType = Utils.ByteConverter.ToUInt16(parentFrame.Data, extensionIndex); this.ExtensionTypes.Add(extensionType); ushort extensionLength = Utils.ByteConverter.ToUInt16(parentFrame.Data, extensionIndex + 2); if (extensionLength > 0) { if (extensionType == 0) //Server Name Indication rfc6066 { ushort serverNameListLength = Utils.ByteConverter.ToUInt16(parentFrame.Data, extensionIndex + 4); int offset = 6; while (offset < serverNameListLength) { byte serverNameType = parentFrame.Data[extensionIndex + offset]; ushort serverNameLength = Utils.ByteConverter.ToUInt16(parentFrame.Data, extensionIndex + offset + 1); if (serverNameLength == 0) { break; } else { if (serverNameType == 0) //host_name(0) { this.ServerHostName = Utils.ByteConverter.ReadString(parentFrame.Data, extensionIndex + offset + 3, serverNameLength); } offset += serverNameLength; } } } else if (extensionType == 10) //Eliptic Curve Groups (for JA3) { ushort length = Utils.ByteConverter.ToUInt16(parentFrame.Data, extensionIndex + 4); int offset = 6; for (int i = 0; i < length; i += 2) { this.SupportedEllipticCurveGroups.Add(Utils.ByteConverter.ToUInt16(parentFrame.Data, extensionIndex + offset + i)); } } else if (extensionType == 11) //Eliptic Curve Point Formats (for JA3) { byte length = parentFrame.Data[extensionIndex + 4]; int offset = 5; for (int i = 0; i < length; i += 2) { this.SupportedEllipticCurvePointFormats.Add(parentFrame.Data[extensionIndex + offset + i]); } } else if (extensionType == 16) //ALPN { int index = extensionIndex + 6; while (index < extensionIndex + extensionLength + 4) { this.ApplicationLayerProtocolNegotiationStrings.Add(Utils.ByteConverter.ReadLengthValueString(parentFrame.Data, ref index, 1)); } } else if (extensionType == 43) //Supported versions { for (int offset = 5; offset < extensionLength + 4; offset += 2) { this.supportedSslVersions.Add(new Tuple <byte, byte>(parentFrame.Data[extensionIndex + offset], parentFrame.Data[extensionIndex + offset + 1])); } } } extensionIndex += 4 + extensionLength; } }