/// <summary> /// Build the default Wireshark filter for data analysis /// </summary> private void BuildDefaultWiresharkFilter() { string text = Constants.DefaultWiresharkFilterEtherNetIPClass1Multicast; IPv4Addr ip_addr = new IPv4Addr(textBoxIpAddress.Text); if (ip_addr.IsValid == true) { text += " && " + Constants.DefaultWiresharkFilterIpSourcePart1 + ip_addr.ToString() + Constants.DefaultWiresharkFilterIpSourcePart2; } if (checkBoxWiresharkFilterOverride.IsChecked == false) { textBoxWiresharkFilter.Text = text; } }
/// <summary> /// Process the Wireshark packets and determine the number of datasets /// </summary> /// <returns>An <c>AnalysisStatus</c> enumeration indicating whether the analysis process completed successfuly.</returns> private Enums.AnalysisStatus ProcessWiresharkOutput() { Enums.AnalysisStatus status = Enums.AnalysisStatus.Success; DateTime start_step = new DateTime(); DateTime end_step = new DateTime(); TimeSpan time_step = new TimeSpan(); WiresharkPSMLStructure psml_structure = new WiresharkPSMLStructure(); WiresharkPSMLPacket psml_packet = new WiresharkPSMLPacket(); string[] delimiters = {" ",",",":"}; int num; double time; EthernetMACAddr mac_src = new EthernetMACAddr(); EthernetMACAddr mac_dst = new EthernetMACAddr(); IPv4Addr ip_src = new IPv4Addr(); IPv4Addr ip_dst = new IPv4Addr(); int enip_cid = 0; int enip_seq = 0; string index_name; List<string> indices_names = new List<string>(); int index; NetworkPair pair = new NetworkPair(); JitterDatum datum = new JitterDatum(); _process_log.Add(DateTime.Now.ToString() + ": Process Wireshark Output: Started."); start_step = DateTime.Now; _progress.Current = _progress.Minimum; _background_worker.ReportProgress(_progress.Current); _tshark.Progress = _progress; XmlReader reader = XmlReader.Create(_tshark.TemporaryFile.FullName); XmlDocument doc = new XmlDocument(); doc.Load(reader); XmlNodeList structure; XmlNode root = doc.DocumentElement; structure = root.SelectNodes("//structure"); if (structure.Count == 1) { XmlNode structure_node = structure.Item(0); List<string> sections = new List<string>(); for (int i = 0; i < structure_node.ChildNodes.Count; i++) { sections.Add(structure_node.ChildNodes[i].InnerText); } int temp = sections.FindIndex(delegate(string title) { return title == psml_structure.NumberTitle; }); if (temp == -1) status = Enums.AnalysisStatus.Error; else psml_structure.NumberIndex = temp; temp = sections.FindIndex(delegate(string title) { return title == psml_structure.TimeTitle; }); if (temp == -1) status = Enums.AnalysisStatus.Error; else psml_structure.TimeIndex = temp; temp = sections.FindIndex(delegate(string title) { return title == psml_structure.SourceTitle; }); if (temp == -1) status = Enums.AnalysisStatus.Error; else psml_structure.SourceIndex = temp; temp = sections.FindIndex(delegate(string title) { return title == psml_structure.DestinationTitle; }); if (temp == -1) status = Enums.AnalysisStatus.Error; else psml_structure.DestinationIndex = temp; temp = sections.FindIndex(delegate(string title) { return title == psml_structure.ProtocolTitle; }); if (temp == -1) status = Enums.AnalysisStatus.Error; else psml_structure.ProtocolIndex = temp; temp = sections.FindIndex(delegate(string title) { return title == psml_structure.EnipCidTitle; }); if (temp == -1) status = Enums.AnalysisStatus.Error; else psml_structure.EnipCidIndex = temp; temp = sections.FindIndex(delegate(string title) { return title == psml_structure.EnipSeqTitle; }); if (temp == -1) status = Enums.AnalysisStatus.Error; else psml_structure.EnipSeqIndex = temp; temp = sections.FindIndex(delegate(string title) { return title == psml_structure.InfoTitle; }); if (temp == -1) status = Enums.AnalysisStatus.Error; else psml_structure.InfoIndex = temp; } else { status = Enums.AnalysisStatus.Error; } if (status == Enums.AnalysisStatus.Error) { _process_log.Add(DateTime.Now.ToString() + ": Process Wireshark Output: Error reading structure of Wireshark PSML output."); } else { XmlNodeList packets = root.SelectNodes("//packet"); XmlNode packet; if (packets.Count > 0) { _process_log.Add(DateTime.Now.ToString() + ": Process Wireshark Output: " + packets.Count + " filtered packets"); for (int i = 0; i < packets.Count; i++) { packet = packets[i]; psml_packet = new WiresharkPSMLPacket(); psml_packet.Number = packet.ChildNodes[psml_structure.NumberIndex].InnerText; psml_packet.Time = packet.ChildNodes[psml_structure.TimeIndex].InnerText; psml_packet.Source = packet.ChildNodes[psml_structure.SourceIndex].InnerText; psml_packet.Destination = packet.ChildNodes[psml_structure.DestinationIndex].InnerText; psml_packet.Protocol = packet.ChildNodes[psml_structure.ProtocolIndex].InnerText; psml_packet.EnipCid = packet.ChildNodes[psml_structure.EnipCidIndex].InnerText; psml_packet.EnipSeq = packet.ChildNodes[psml_structure.EnipSeqIndex].InnerText; psml_packet.Info = packet.ChildNodes[psml_structure.InfoIndex].InnerText; pair = new NetworkPair(); int.TryParse(psml_packet.Number, out num); double.TryParse(psml_packet.Time, out time); mac_src = new EthernetMACAddr(psml_packet.Source); pair.MacSource = mac_src; ip_src = new IPv4Addr(psml_packet.Source); pair.IpSource = ip_src; mac_dst = new EthernetMACAddr(psml_packet.Destination); pair.MacDestination = mac_dst; ip_dst = new IPv4Addr(psml_packet.Destination); pair.IpDestination = ip_dst; if (psml_packet.Protocol == "ENIP") { if (!string.IsNullOrEmpty(psml_packet.EnipCid)) { // remove the extra "0x" that appears on the EtherNet/IP Connection ID int.TryParse(psml_packet.EnipCid.Remove(0, 2), NumberStyles.HexNumber, null, out enip_cid); pair.UseEtherNetIP = true; pair.EtherNetIPConnID = enip_cid; } if (!string.IsNullOrEmpty(psml_packet.EnipSeq)) { int.TryParse(psml_packet.EnipSeq, out enip_seq); } } // Determine index for this packet index_name = pair.ToString(); if (indices_names.Contains(index_name)) { index = indices_names.IndexOf(index_name); } else { index = indices_names.Count; indices_names.Add(index_name); string comment = "IP Source == " + ip_src.ToString() + "\nIP Destination == " + ip_dst.ToString(); if (pair.UseEtherNetIP) comment += "\nEtherNet/IP Connection ID == 0x" + enip_cid.ToString("X"); Identification new_index = new Identification(indices_names.Count, index_name, "Network Address Pair", comment); _indices.Add(new_index); } datum = new JitterDatum(index, time); _full_data.Add(datum); _progress.Current = (int)(i / packets.Count * 100); _background_worker.ReportProgress(_progress.Current); } if (_indices.Count == 1) _process_log.Add(DateTime.Now.ToString() + ": Process Wireshark Output: " + _indices.Count + " dataset"); else _process_log.Add(DateTime.Now.ToString() + ": Process Wireshark Output: " + _indices.Count + " datasets"); } else { status = Enums.AnalysisStatus.NoPacketsCaptured; _process_log.Add(DateTime.Now.ToString() + ": Process Wireshark Output: No packets captured that match the desired filter."); } } _progress.Current = _progress.Maximum; _background_worker.ReportProgress(_progress.Current); end_step = DateTime.Now; time_step = TimeSpan.FromTicks(end_step.Ticks - start_step.Ticks); _process_log.Add(DateTime.Now.ToString() + ": Process Wireshark Output: Completed in " + time_step.TotalSeconds.ToString() + " s"); return status; }
/// <summary> /// /// </summary> /// <param name="sender"></param> /// <param name="e"></param> private void textBoxIpAddress_TextChanged(object sender, TextChangedEventArgs e) { if (string.IsNullOrWhiteSpace(textBoxIpAddress.Text)) { textBoxIpAddress.Background = Constants.TextBoxBackgroundBrushBlank; } else { IPv4Addr addr = new IPv4Addr(textBoxIpAddress.Text.Trim()); if (addr.IsValid == true) textBoxIpAddress.Background = Constants.TextBoxBackgroundBrushValid; else textBoxIpAddress.Background = Constants.TextBoxBackgroundBrushInvalid; _activate_save = true; } BuildDefaultWiresharkFilter(); }