public ResourceRecord(DnsPacket parentPacket, int startIndex)
{
this.parentPacket = parentPacket;
int typeStartOffset;
List <NameLabel> nameLabelList = GetNameLabelList(parentPacket.ParentFrame.Data, parentPacket.PacketStartIndex, startIndex - parentPacket.PacketStartIndex, out typeStartOffset);
this.answerRequestedNameDecoded = new string[nameLabelList.Count];
for (int i = 0; i < nameLabelList.Count; i++)
{
this.answerRequestedNameDecoded[i] = nameLabelList[i].ToString();
}
/*
* this.answerType=ByteConverter.ToUInt16(parentPacket.ParentFrame.Data, startIndex+2);
* this.answerClass=ByteConverter.ToUInt16(parentPacket.ParentFrame.Data, startIndex+4);
* this.answerTimeToLive=ByteConverter.ToUInt32(parentPacket.ParentFrame.Data, startIndex+6);
* this.answerDataLength=ByteConverter.ToUInt16(parentPacket.ParentFrame.Data, startIndex+10);
*/
this.answerType = Utils.ByteConverter.ToUInt16(parentPacket.ParentFrame.Data, parentPacket.PacketStartIndex + typeStartOffset);
this.answerClass = Utils.ByteConverter.ToUInt16(parentPacket.ParentFrame.Data, parentPacket.PacketStartIndex + typeStartOffset + 2);
this.answerTimeToLive = Utils.ByteConverter.ToUInt32(parentPacket.ParentFrame.Data, parentPacket.PacketStartIndex + typeStartOffset + 4);
this.answerDataLength = Utils.ByteConverter.ToUInt16(parentPacket.ParentFrame.Data, parentPacket.PacketStartIndex + typeStartOffset + 8);
//this.recordByteCount=12+answerDataLength;
this.recordByteCount = typeStartOffset - startIndex + parentPacket.PacketStartIndex + 10 + answerDataLength;
//kolla....
if (parentPacket.Flags.OperationCode == (byte)HeaderFlags.OperationCodes.Query && this.answerType != (ushort)RRTypes.CNAME)
{
this.answerRepliedNameDecoded = new string[answerDataLength];
for (int i = 0; i < answerDataLength; i++)
{
this.answerRepliedNameDecoded[i] = parentPacket.ParentFrame.Data[startIndex + 12 + i].ToString();
}
}
else if (parentPacket.Flags.OperationCode == (byte)HeaderFlags.OperationCodes.Query && this.answerType == (ushort)RRTypes.CNAME)
{
List <NameLabel> answerRepliedName = GetNameLabelList(parentPacket.ParentFrame.Data, parentPacket.PacketStartIndex, startIndex + 12 - parentPacket.PacketStartIndex, out typeStartOffset);
this.answerRepliedNameDecoded = new string[answerRepliedName.Count];
for (int i = 0; i < answerRepliedName.Count; i++)
{
this.answerRepliedNameDecoded[i] = answerRepliedName[i].ToString();
}
}
else if (parentPacket.Flags.OperationCode == (byte)HeaderFlags.OperationCodes.InverseQuery)
{
//nameLabelList=GetNameLabelList(parentPacket.ParentFrame.Data, startIndex+12);
nameLabelList = GetNameLabelList(parentPacket.ParentFrame.Data, parentPacket.PacketStartIndex, startIndex + 12 - parentPacket.PacketStartIndex, out typeStartOffset);
this.answerRepliedNameDecoded = new string[nameLabelList.Count];
for (int i = 0; i < nameLabelList.Count; i++)
{
this.answerRepliedNameDecoded[i] = nameLabelList[i].ToString();
}
}
}
//answer
//authority
//additional
public static bool TryParse(Frame parentFrame, int packetStartIndex, int packetEndIndex, bool lengthPrefix, out DnsPacket dnsPacket)
{
//const int MAX_LENGTH = ushort.MaxValue;//64 kB
dnsPacket = null;
if (lengthPrefix)
{
ushort packetLength = Utils.ByteConverter.ToUInt16(parentFrame.Data, packetStartIndex);
if (packetLength < 4)
{
return(false);
}
else if (packetStartIndex + packetLength + 1 > packetEndIndex)
{
return(false);
}
}
try {
dnsPacket = new DnsPacket(parentFrame, packetStartIndex, packetEndIndex, lengthPrefix);
return(true);
}
catch {
return(false);
}
}
public ResponseWithErrorCode(DnsPacket parentPacket)
{
this.parentPacket = parentPacket;
}
private AbstractPacket GetProtocolPacket(ApplicationLayerProtocol protocol, bool clientToServer)
{
AbstractPacket packet = null;
if (protocol == ApplicationLayerProtocol.Dns)
{
if (DnsPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, true, out DnsPacket dnsPacket))
{
return(dnsPacket);
}
}
else if (protocol == ApplicationLayerProtocol.FtpControl)
{
if (FtpPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, clientToServer, out packet))
{
return(packet);
}
}
else if (protocol == ApplicationLayerProtocol.Http)
{
if (HttpPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, out packet))
{
return(packet);
}
}
else if (protocol == ApplicationLayerProtocol.Http2)
{
if (Http2Packet.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, out packet))
{
return(packet);
}
}
else if (protocol == ApplicationLayerProtocol.Irc)
{
if (IrcPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, out packet))
{
return(packet);
}
}
else if (protocol == ApplicationLayerProtocol.IEC_104)
{
if (IEC_60870_5_104Packet.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, out packet))
{
return(packet);
}
}
else if (protocol == ApplicationLayerProtocol.Imap)
{
return(new ImapPacket(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, clientToServer));
}
else if (protocol == ApplicationLayerProtocol.Kerberos)
{
return(new KerberosPacket(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, true));
}
else if (protocol == ApplicationLayerProtocol.Lpd)
{
if (LpdPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, clientToServer, out packet))
{
return(packet);
}
}
else if (protocol == ApplicationLayerProtocol.ModbusTCP)
{
if (ModbusTcpPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, this.sourcePort, this.destinationPort, out packet))
{
return(packet);
}
}
else if (protocol == ApplicationLayerProtocol.NetBiosNameService)
{
return(new NetBiosNameServicePacket(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex));
}
else if (protocol == ApplicationLayerProtocol.NetBiosSessionService)
{
if (NetBiosSessionService.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, this.sourcePort, this.destinationPort, out packet, this.IsVirtualPacketFromTrailingDataInTcpSegment))
{
return(packet);
}
}
else if (protocol == ApplicationLayerProtocol.OpenFlow)
{
if (OpenFlowPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, out packet))
{
return(packet);
}
}
else if (protocol == ApplicationLayerProtocol.Oscar)
{
if (OscarPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, out packet))
{
return(packet);
}
}
else if (protocol == ApplicationLayerProtocol.OscarFileTransfer)
{
if (OscarFileTransferPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, out packet))
{
return(packet);
}
}
else if (protocol == ApplicationLayerProtocol.Pop3)
{
return(new Pop3Packet(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, clientToServer));
}
else if (protocol == ApplicationLayerProtocol.Sip)
{
return(new SipPacket(this.ParentFrame, this.PacketStartIndex + this.DataOffsetByteCount, this.PacketEndIndex));
}
else if (protocol == ApplicationLayerProtocol.Smtp)
{
return(new SmtpPacket(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, clientToServer));
}
else if (protocol == ApplicationLayerProtocol.Socks)
{
if (SocksPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, clientToServer, out packet))
{
return(packet);
}
}
else if (protocol == ApplicationLayerProtocol.SpotifyServerProtocol)
{
if (SpotifyKeyExchangePacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, clientToServer, out packet))
{
return(packet);
}
}
else if (protocol == ApplicationLayerProtocol.Ssh)
{
if (SshPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, out packet))
{
return(packet);
}
}
else if (protocol == ApplicationLayerProtocol.Ssl)
{
if (SslPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, out packet))
{
return(packet);
}
}
else if (protocol == ApplicationLayerProtocol.TabularDataStream)
{
return(new TabularDataStreamPacket(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex));
}
else if (protocol == ApplicationLayerProtocol.Tpkt)
{
if (TpktPacket.TryParse(ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, this, out packet))
{
return(packet);
}
}
return(packet);
}
public override IEnumerable <AbstractPacket> GetSubPackets(bool includeSelfReference)
{
if (includeSelfReference)
{
yield return(this);
}
//List<Packet> subPackets=new List<Packet>();
if (PacketStartIndex + 8 < PacketEndIndex)
{
AbstractPacket packet;
ApplicationLayerProtocol l7Protocol = UdpPortProtocolFinder.Instance.GetApplicationLayerProtocol(FiveTuple.TransportProtocol.UDP, sourcePort, destinationPort);
if (l7Protocol == ApplicationLayerProtocol.Unknown && UdpPortProtocolFinder.PipiInstance != null)
{
l7Protocol = UdpPortProtocolFinder.PipiInstance.GetApplicationLayerProtocol(this);//do a second attempt using PIPI (NM Pro only)
}
if (l7Protocol == ApplicationLayerProtocol.Dns) //DNS or Multicast DNS http://www.multicastdns.org/
{
try {
packet = new DnsPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
catch (Exception e) {
if (!this.ParentFrame.QuickParse)
{
ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse DNS packet (" + e.Message + ")"));
}
packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
}
else if (l7Protocol == ApplicationLayerProtocol.Dhcp)
{
try {
packet = new DhcpPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
catch (Exception e) {
if (!this.ParentFrame.QuickParse)
{
ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse DHCP (or BOOTP) protocol: " + e.Message));
}
packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
}
else if (l7Protocol == ApplicationLayerProtocol.Tftp)
{
try {
packet = new TftpPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
catch (Exception e) {
if (!this.ParentFrame.QuickParse)
{
ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse NetBiosNameServicePacket packet (" + e.Message + ")"));
}
packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
}
else if (l7Protocol == ApplicationLayerProtocol.NetBiosNameService)
{
try {
packet = new NetBiosNameServicePacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
catch (Exception e) {
if (!this.ParentFrame.QuickParse)
{
ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse NetBiosNameServicePacket packet (" + e.Message + ")"));
}
packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
}
else if (l7Protocol == ApplicationLayerProtocol.NetBiosDatagramService)
{
try {
packet = new NetBiosDatagramServicePacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
catch (Exception e) {
if (!this.ParentFrame.QuickParse)
{
ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse NetBiosDatagramServicePacket packet (" + e.Message + ")"));
}
packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
}
else if (l7Protocol == ApplicationLayerProtocol.Snmp)
{
try {
packet = new SnmpPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
catch (Exception e) {
if (!this.ParentFrame.QuickParse)
{
ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse SNMP packet (" + e.Message + ")"));
}
packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
}
else if (l7Protocol == ApplicationLayerProtocol.Syslog)
{
try {
packet = new SyslogPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
catch (Exception e) {
if (!this.ParentFrame.QuickParse)
{
ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse Syslog packet (" + e.Message + ")"));
}
packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
}
else if (l7Protocol == ApplicationLayerProtocol.Upnp)
{
try {
packet = new UpnpPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
catch (Exception e) {
if (!this.ParentFrame.QuickParse)
{
ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse UPnP packet (" + e.Message + ")"));
}
packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
}
else if (l7Protocol == ApplicationLayerProtocol.Sip)
{
try {
packet = new SipPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
catch (Exception e) {
if (!this.ParentFrame.QuickParse)
{
ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse SIP packet (" + e.Message + ")"));
}
packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
}
else if (l7Protocol == ApplicationLayerProtocol.Rtp)
{
try {
packet = new RtpPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
catch (Exception e) {
if (!this.ParentFrame.QuickParse)
{
ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse RTP packet (" + e.Message + ")"));
}
packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
}
else if (l7Protocol == ApplicationLayerProtocol.VXLAN)
{
try {
packet = new VxlanPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
catch (Exception e) {
if (!this.ParentFrame.QuickParse)
{
ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse VXLAN packet (" + e.Message + ")"));
}
packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
}
else
{
packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
yield return(packet);
foreach (AbstractPacket subPacket in packet.GetSubPackets(false))
{
yield return(subPacket);
}
}
}
//answer
//authority
//additional
public static bool TryParse(Frame parentFrame, int packetStartIndex, int packetEndIndex, bool lengthPrefix, out DnsPacket dnsPacket)
{
const ushort INSANE_MAX_LENGTH = 0x8000;//32 kB
dnsPacket = null;
if (lengthPrefix)
{
ushort packetLength = Utils.ByteConverter.ToUInt16(parentFrame.Data, packetStartIndex);
if (packetLength < 4)
{
return(false);
}
else if (packetLength > INSANE_MAX_LENGTH)
{
return(false);
}
}
try {
dnsPacket = new DnsPacket(parentFrame, packetStartIndex, packetEndIndex, lengthPrefix);
return(true);
}
catch {
return(false);
}
}
public override IEnumerable <AbstractPacket> GetSubPackets(bool includeSelfReference)
{
if (includeSelfReference)
{
yield return(this);
}
//List<Packet> subPackets=new List<Packet>();
if (PacketStartIndex + 8 < PacketEndIndex)
{
AbstractPacket packet;
/*
* if(destinationPort==53 || sourcePort==53 || destinationPort==5353 || sourcePort==5353) {//DNS or Multicast DNS http://www.multicastdns.org/
* try {
* packet=new DnsPacket(ParentFrame, PacketStartIndex+8, PacketEndIndex);
* }
* catch(Exception e) {
* if (!this.ParentFrame.QuickParse)
* ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex+8, PacketEndIndex, "Cannot parse DNS packet ("+e.Message+")"));
* packet=new RawPacket(ParentFrame, PacketStartIndex+8, PacketEndIndex);
* }
* }
* else if(destinationPort==67 || destinationPort==68 || sourcePort==67 || sourcePort==68) {
* try {
* packet=new DhcpPacket(ParentFrame, PacketStartIndex+8, PacketEndIndex);
* }
* catch(Exception e) {
* if (!this.ParentFrame.QuickParse)
* ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex+8, PacketEndIndex, "Cannot parse DHCP (or BOOTP) protocol: "+e.Message));
* packet=new RawPacket(ParentFrame, PacketStartIndex+8, PacketEndIndex);
* }
*
* }
* else if(destinationPort==69 || sourcePort==69) {
* try {
* packet=new TftpPacket(ParentFrame, PacketStartIndex+8, PacketEndIndex);
* }
* catch(Exception e) {
* if (!this.ParentFrame.QuickParse)
* ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex+8, PacketEndIndex, "Cannot parse NetBiosNameServicePacket packet ("+e.Message+")"));
* packet=new RawPacket(ParentFrame, PacketStartIndex+8, PacketEndIndex);
* }
* }
* else if(destinationPort==137 || sourcePort==137) {
* try {
* packet=new NetBiosNameServicePacket(ParentFrame, PacketStartIndex+8, PacketEndIndex);
* }
* catch(Exception e) {
* if (!this.ParentFrame.QuickParse)
* ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex+8, PacketEndIndex, "Cannot parse NetBiosNameServicePacket packet ("+e.Message+")"));
* packet=new RawPacket(ParentFrame, PacketStartIndex+8, PacketEndIndex);
* }
* }
* else if(destinationPort==138 || sourcePort==138) {
* try {
* packet=new NetBiosDatagramServicePacket(ParentFrame, PacketStartIndex+8, PacketEndIndex);
* }
* catch(Exception e) {
* if (!this.ParentFrame.QuickParse)
* ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex+8, PacketEndIndex, "Cannot parse NetBiosDatagramServicePacket packet ("+e.Message+")"));
* packet=new RawPacket(ParentFrame, PacketStartIndex+8, PacketEndIndex);
* }
* }
* else if (destinationPort == 514 || sourcePort == 514) {
* try {
* packet = new SyslogPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
* }
* catch (Exception e) {
* if (!this.ParentFrame.QuickParse)
* ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse Syslog packet (" + e.Message + ")"));
* packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
* }
* }
* else if(destinationPort==1900 || sourcePort==1900) {
* try {
* packet=new UpnpPacket(ParentFrame, PacketStartIndex+8, PacketEndIndex);
* }
* catch(Exception e) {
* if (!this.ParentFrame.QuickParse)
* ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex+8, PacketEndIndex, "Cannot parse UPnP packet ("+e.Message+")"));
* packet=new RawPacket(ParentFrame, PacketStartIndex+8, PacketEndIndex);
* }
* }
* else if(destinationPort==5060 || sourcePort==5060) {
* try {
* packet=new SipPacket(ParentFrame, PacketStartIndex+8, PacketEndIndex);
* }
* catch(Exception e) {
* if (!this.ParentFrame.QuickParse)
* ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex+8, PacketEndIndex, "Cannot parse SIP packet ("+e.Message+")"));
* packet=new RawPacket(ParentFrame, PacketStartIndex+8, PacketEndIndex);
* }
* }
* else {
* packet=new RawPacket(ParentFrame, PacketStartIndex+8, PacketEndIndex);
* }
* */
ApplicationLayerProtocol l7Protocol = UdpPortProtocolFinder.Instance.GetApplicationLayerProtocol(FiveTuple.TransportProtocol.UDP, sourcePort, destinationPort);
if (l7Protocol == ApplicationLayerProtocol.Dns) //DNS or Multicast DNS http://www.multicastdns.org/
{
try {
packet = new DnsPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
catch (Exception e) {
if (!this.ParentFrame.QuickParse)
{
ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse DNS packet (" + e.Message + ")"));
}
packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
}
else if (l7Protocol == ApplicationLayerProtocol.Dhcp)
{
try {
packet = new DhcpPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
catch (Exception e) {
if (!this.ParentFrame.QuickParse)
{
ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse DHCP (or BOOTP) protocol: " + e.Message));
}
packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
}
else if (l7Protocol == ApplicationLayerProtocol.Tftp)
{
try {
packet = new TftpPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
catch (Exception e) {
if (!this.ParentFrame.QuickParse)
{
ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse NetBiosNameServicePacket packet (" + e.Message + ")"));
}
packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
}
else if (l7Protocol == ApplicationLayerProtocol.NetBiosNameService)
{
try {
packet = new NetBiosNameServicePacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
catch (Exception e) {
if (!this.ParentFrame.QuickParse)
{
ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse NetBiosNameServicePacket packet (" + e.Message + ")"));
}
packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
}
else if (l7Protocol == ApplicationLayerProtocol.NetBiosDatagramService)
{
try {
packet = new NetBiosDatagramServicePacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
catch (Exception e) {
if (!this.ParentFrame.QuickParse)
{
ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse NetBiosDatagramServicePacket packet (" + e.Message + ")"));
}
packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
}
else if (l7Protocol == ApplicationLayerProtocol.Syslog)
{
try {
packet = new SyslogPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
catch (Exception e) {
if (!this.ParentFrame.QuickParse)
{
ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse Syslog packet (" + e.Message + ")"));
}
packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
}
else if (l7Protocol == ApplicationLayerProtocol.Upnp)
{
try {
packet = new UpnpPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
catch (Exception e) {
if (!this.ParentFrame.QuickParse)
{
ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse UPnP packet (" + e.Message + ")"));
}
packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
}
else if (l7Protocol == ApplicationLayerProtocol.Sip)
{
try {
packet = new SipPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
catch (Exception e) {
if (!this.ParentFrame.QuickParse)
{
ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse SIP packet (" + e.Message + ")"));
}
packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
}
else if (l7Protocol == ApplicationLayerProtocol.VXLAN)
{
try {
packet = new VxlanPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
catch (Exception e) {
if (!this.ParentFrame.QuickParse)
{
ParentFrame.Errors.Add(new Frame.Error(ParentFrame, PacketStartIndex + 8, PacketEndIndex, "Cannot parse VXLAN packet (" + e.Message + ")"));
}
packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
}
else
{
packet = new RawPacket(ParentFrame, PacketStartIndex + 8, PacketEndIndex);
}
yield return(packet);
foreach (AbstractPacket subPacket in packet.GetSubPackets(false))
{
yield return(subPacket);
}
}
}
internal IEnumerable <AbstractPacket> GetSubPackets(bool includeSelfReference, ISessionProtocolFinder protocolFinder, bool clientToServer)
{
if (includeSelfReference)
{
yield return(this);
}
if (PacketStartIndex + dataOffsetByteCount < PacketEndIndex)
{
AbstractPacket packet = null;
foreach (ApplicationLayerProtocol protocol in protocolFinder.GetProbableApplicationLayerProtocols())
{
try{
if (protocol == ApplicationLayerProtocol.Dns)
{
packet = new DnsPacket(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex);
protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Dns;
break;
}
else if (protocol == ApplicationLayerProtocol.FtpControl)
{
if (FtpPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, clientToServer, out packet))
{
protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.FtpControl;
break;
}
}
else if (protocol == ApplicationLayerProtocol.Http)
{
if (HttpPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet))
{
protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Http;
break;
}
}
else if (protocol == ApplicationLayerProtocol.Irc)
{
if (IrcPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet))
{
protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Irc;
break;
}
}
else if (protocol == ApplicationLayerProtocol.IEC_104)
{
if (IEC_60870_5_104Packet.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet))
{
protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.IEC_104;
break;
}
}
else if (protocol == ApplicationLayerProtocol.NetBiosNameService)
{
packet = new NetBiosNameServicePacket(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex);
protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.NetBiosNameService;
break;
}
else if (protocol == ApplicationLayerProtocol.NetBiosSessionService)
{
if (NetBiosSessionService.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet))
{
//packet = new NetBiosSessionService(ParentFrame, PacketStartIndex+dataOffsetByteCount, PacketEndIndex, false);
protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.NetBiosSessionService;
break;
}
}
else if (protocol == ApplicationLayerProtocol.Oscar)
{
if (OscarPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet))
{
protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Oscar;
break;
}
}
else if (protocol == ApplicationLayerProtocol.OscarFileTransfer)
{
if (OscarFileTransferPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet))
{
protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.OscarFileTransfer;
break;
}
}
else if (protocol == ApplicationLayerProtocol.Smtp)
{
packet = new SmtpPacket(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, clientToServer);
protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Smtp;
break;
}
else if (protocol == ApplicationLayerProtocol.SpotifyServerProtocol)
{
if (SpotifyKeyExchangePacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, clientToServer, out packet))
{
protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.SpotifyServerProtocol;
break;
}
}
else if (protocol == ApplicationLayerProtocol.Ssh)
{
if (SshPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet))
{
protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Ssh;
break;
}
}
else if (protocol == ApplicationLayerProtocol.Ssl)
{
if (SslPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet))
{
protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Ssl;
break;
}
}
else if (protocol == ApplicationLayerProtocol.TabularDataStream)
{
packet = new TabularDataStreamPacket(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex);
protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.TabularDataStream;
break;
}
}
catch (Exception) {
packet = null;
}
}
if (packet == null)
{
packet = new RawPacket(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex);
}
yield return(packet);
foreach (AbstractPacket subPacket in packet.GetSubPackets(false))
{
yield return(subPacket);
}
}
}
public ResourceRecord(DnsPacket parentPacket, int startIndex)
{
this.ParentPacket = parentPacket;
int typeStartOffset;
List <NameLabel> nameLabelList = GetNameLabelList(parentPacket.ParentFrame.Data, parentPacket.PacketStartIndex, startIndex - parentPacket.PacketStartIndex, out typeStartOffset);
this.answerRequestedNameDecoded = new string[nameLabelList.Count];
for (int i = 0; i < nameLabelList.Count; i++)
{
this.answerRequestedNameDecoded[i] = nameLabelList[i].ToString();
}
this.Type = Utils.ByteConverter.ToUInt16(parentPacket.ParentFrame.Data, parentPacket.PacketStartIndex + typeStartOffset);
this.answerClass = Utils.ByteConverter.ToUInt16(parentPacket.ParentFrame.Data, parentPacket.PacketStartIndex + typeStartOffset + 2);
this.answerTimeToLive = Utils.ByteConverter.ToUInt32(parentPacket.ParentFrame.Data, parentPacket.PacketStartIndex + typeStartOffset + 4);
this.answerDataLength = Utils.ByteConverter.ToUInt16(parentPacket.ParentFrame.Data, parentPacket.PacketStartIndex + typeStartOffset + 8);
this.ByteCount = typeStartOffset - startIndex + parentPacket.PacketStartIndex + 10 + this.answerDataLength;
if (parentPacket.Flags.OperationCode == (byte)HeaderFlags.OperationCodes.Query)
{
if (this.Type == (ushort)RRTypes.CNAME)
{
List <NameLabel> answerRepliedName = GetNameLabelList(parentPacket.ParentFrame.Data, parentPacket.PacketStartIndex, startIndex + this.ByteCount - this.answerDataLength - parentPacket.PacketStartIndex, out typeStartOffset);
this.answerRepliedNameDecoded = new string[answerRepliedName.Count];
for (int i = 0; i < answerRepliedName.Count; i++)
{
this.answerRepliedNameDecoded[i] = answerRepliedName[i].ToString();
}
}
else if (this.Type == (ushort)RRTypes.TXT)
{
List <string> txtStrings = new List <string>();
for (int i = 0; i < this.answerDataLength; i++)
{
//byte txtLength = parentPacket.ParentFrame.Data[parentPacket.PacketStartIndex + typeStartOffset + 10 + i];
byte txtLength = parentPacket.ParentFrame.Data[startIndex + this.ByteCount - this.answerDataLength + i];
string txtData = ASCIIEncoding.ASCII.GetString(parentPacket.ParentFrame.Data, parentPacket.PacketStartIndex + typeStartOffset + 10 + i + 1, txtLength);
txtStrings.Add(txtData);
i += txtLength;
}
this.answerRepliedNameDecoded = txtStrings.ToArray();
//TODO a series(?) of 1 byte length, then data TXT records
//List<NameLabel> txtData = GetNameLabelList(parentPacket.ParentFrame.Data, parentPacket.PacketStartIndex, startIndex + this.ByteCount - this.answerDataLength - parentPacket.PacketStartIndex, out typeStartOffset);
/*
* for (int i = 0; i < this.answerDataLength; i++) {
* byte length = parentPacket.ParentFrame.Data[startIndex + this.ByteCount - this.answerDataLength - parentPacket.PacketStartIndex];
* string txtData =
* }
*/
}
else if (this.Type == (ushort)RRTypes.SRV)
{
//https://datatracker.ietf.org/doc/html/rfc2782
ushort priority = Utils.ByteConverter.ToUInt16(parentPacket.ParentFrame.Data, startIndex + this.ByteCount - this.answerDataLength);
ushort weight = Utils.ByteConverter.ToUInt16(parentPacket.ParentFrame.Data, startIndex + this.ByteCount - this.answerDataLength + 2);
ushort port = Utils.ByteConverter.ToUInt16(parentPacket.ParentFrame.Data, startIndex + this.ByteCount - this.answerDataLength + 4);
var target = GetNameLabelList(parentPacket.ParentFrame.Data, parentPacket.PacketStartIndex, startIndex + this.ByteCount - this.answerDataLength + 6 - parentPacket.PacketStartIndex, out _);
this.answerRepliedNameDecoded = new string[target.Count];
for (int i = 0; i < target.Count; i++)
{
this.answerRepliedNameDecoded[i] = target[i].ToString();
}
}
else
{
this.answerRepliedNameDecoded = new string[this.answerDataLength];
for (int i = 0; i < this.answerDataLength; i++)
{
this.answerRepliedNameDecoded[i] = parentPacket.ParentFrame.Data[startIndex + this.ByteCount - this.answerDataLength + i].ToString();//the answer is at the end
}
}
}
else if (parentPacket.Flags.OperationCode == (byte)HeaderFlags.OperationCodes.InverseQuery)
{
nameLabelList = GetNameLabelList(parentPacket.ParentFrame.Data, parentPacket.PacketStartIndex, startIndex + 12 - parentPacket.PacketStartIndex, out typeStartOffset);
this.answerRepliedNameDecoded = new string[nameLabelList.Count];
for (int i = 0; i < nameLabelList.Count; i++)
{
this.answerRepliedNameDecoded[i] = nameLabelList[i].ToString();
}
}
}