internal IEnumerable <AbstractPacket> GetSubPackets(bool includeSelfReference, ISessionProtocolFinder protocolFinder, bool clientToServer)
{
if (includeSelfReference)
{
yield return(this);
}
if (PacketStartIndex + dataOffsetByteCount < PacketEndIndex)
{
AbstractPacket packet = null;
foreach (ApplicationLayerProtocol protocol in protocolFinder.GetProbableApplicationLayerProtocols())
{
try{
if (protocol == ApplicationLayerProtocol.Dns)
{
packet = new DnsPacket(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex);
protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Dns;
break;
}
else if (protocol == ApplicationLayerProtocol.FtpControl)
{
if (FtpPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, clientToServer, out packet))
{
protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.FtpControl;
break;
}
}
else if (protocol == ApplicationLayerProtocol.Http)
{
if (HttpPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet))
{
protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Http;
break;
}
}
else if (protocol == ApplicationLayerProtocol.Irc)
{
if (IrcPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet))
{
protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Irc;
break;
}
}
else if (protocol == ApplicationLayerProtocol.IEC_104)
{
if (IEC_60870_5_104Packet.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet))
{
protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.IEC_104;
break;
}
}
else if (protocol == ApplicationLayerProtocol.NetBiosNameService)
{
packet = new NetBiosNameServicePacket(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex);
protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.NetBiosNameService;
break;
}
else if (protocol == ApplicationLayerProtocol.NetBiosSessionService)
{
if (NetBiosSessionService.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet))
{
//packet = new NetBiosSessionService(ParentFrame, PacketStartIndex+dataOffsetByteCount, PacketEndIndex, false);
protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.NetBiosSessionService;
break;
}
}
else if (protocol == ApplicationLayerProtocol.Oscar)
{
if (OscarPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet))
{
protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Oscar;
break;
}
}
else if (protocol == ApplicationLayerProtocol.OscarFileTransfer)
{
if (OscarFileTransferPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet))
{
protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.OscarFileTransfer;
break;
}
}
else if (protocol == ApplicationLayerProtocol.Smtp)
{
packet = new SmtpPacket(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, clientToServer);
protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Smtp;
break;
}
else if (protocol == ApplicationLayerProtocol.SpotifyServerProtocol)
{
if (SpotifyKeyExchangePacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, clientToServer, out packet))
{
protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.SpotifyServerProtocol;
break;
}
}
else if (protocol == ApplicationLayerProtocol.Ssh)
{
if (SshPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet))
{
protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Ssh;
break;
}
}
else if (protocol == ApplicationLayerProtocol.Ssl)
{
if (SslPacket.TryParse(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex, out packet))
{
protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.Ssl;
break;
}
}
else if (protocol == ApplicationLayerProtocol.TabularDataStream)
{
packet = new TabularDataStreamPacket(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex);
protocolFinder.ConfirmedApplicationLayerProtocol = ApplicationLayerProtocol.TabularDataStream;
break;
}
}
catch (Exception) {
packet = null;
}
}
if (packet == null)
{
packet = new RawPacket(ParentFrame, PacketStartIndex + dataOffsetByteCount, PacketEndIndex);
}
yield return(packet);
foreach (AbstractPacket subPacket in packet.GetSubPackets(false))
{
yield return(subPacket);
}
}
}
private AbstractPacket GetProtocolPacket(ApplicationLayerProtocol protocol, bool clientToServer)
{
AbstractPacket packet = null;
if (protocol == ApplicationLayerProtocol.Dns)
{
if (DnsPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, true, out DnsPacket dnsPacket))
{
return(dnsPacket);
}
}
else if (protocol == ApplicationLayerProtocol.FtpControl)
{
if (FtpPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, clientToServer, out packet))
{
return(packet);
}
}
else if (protocol == ApplicationLayerProtocol.Http)
{
if (HttpPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, out packet))
{
return(packet);
}
}
else if (protocol == ApplicationLayerProtocol.Http2)
{
if (Http2Packet.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, out packet))
{
return(packet);
}
}
else if (protocol == ApplicationLayerProtocol.Irc)
{
if (IrcPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, out packet))
{
return(packet);
}
}
else if (protocol == ApplicationLayerProtocol.IEC_104)
{
if (IEC_60870_5_104Packet.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, out packet))
{
return(packet);
}
}
else if (protocol == ApplicationLayerProtocol.Imap)
{
return(new ImapPacket(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, clientToServer));
}
else if (protocol == ApplicationLayerProtocol.Kerberos)
{
return(new KerberosPacket(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, true));
}
else if (protocol == ApplicationLayerProtocol.Lpd)
{
if (LpdPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, clientToServer, out packet))
{
return(packet);
}
}
else if (protocol == ApplicationLayerProtocol.ModbusTCP)
{
if (ModbusTcpPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, this.sourcePort, this.destinationPort, out packet))
{
return(packet);
}
}
else if (protocol == ApplicationLayerProtocol.NetBiosNameService)
{
return(new NetBiosNameServicePacket(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex));
}
else if (protocol == ApplicationLayerProtocol.NetBiosSessionService)
{
if (NetBiosSessionService.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, this.sourcePort, this.destinationPort, out packet, this.IsVirtualPacketFromTrailingDataInTcpSegment))
{
return(packet);
}
}
else if (protocol == ApplicationLayerProtocol.OpenFlow)
{
if (OpenFlowPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, out packet))
{
return(packet);
}
}
else if (protocol == ApplicationLayerProtocol.Oscar)
{
if (OscarPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, out packet))
{
return(packet);
}
}
else if (protocol == ApplicationLayerProtocol.OscarFileTransfer)
{
if (OscarFileTransferPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, out packet))
{
return(packet);
}
}
else if (protocol == ApplicationLayerProtocol.Pop3)
{
return(new Pop3Packet(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, clientToServer));
}
else if (protocol == ApplicationLayerProtocol.Sip)
{
return(new SipPacket(this.ParentFrame, this.PacketStartIndex + this.DataOffsetByteCount, this.PacketEndIndex));
}
else if (protocol == ApplicationLayerProtocol.Smtp)
{
return(new SmtpPacket(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, clientToServer));
}
else if (protocol == ApplicationLayerProtocol.Socks)
{
if (SocksPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, clientToServer, out packet))
{
return(packet);
}
}
else if (protocol == ApplicationLayerProtocol.SpotifyServerProtocol)
{
if (SpotifyKeyExchangePacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, clientToServer, out packet))
{
return(packet);
}
}
else if (protocol == ApplicationLayerProtocol.Ssh)
{
if (SshPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, out packet))
{
return(packet);
}
}
else if (protocol == ApplicationLayerProtocol.Ssl)
{
if (SslPacket.TryParse(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, out packet))
{
return(packet);
}
}
else if (protocol == ApplicationLayerProtocol.TabularDataStream)
{
return(new TabularDataStreamPacket(this.ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex));
}
else if (protocol == ApplicationLayerProtocol.Tpkt)
{
if (TpktPacket.TryParse(ParentFrame, this.PacketStartIndex + this.dataOffsetByteCount, this.PacketEndIndex, this, out packet))
{
return(packet);
}
}
return(packet);
}
public static new bool TryParse(Frame parentFrame, int packetStartIndex, int packetEndIndex, out AbstractPacket result)
{
result = null;
//do some checks to see if it is an IRC packet...
//the first character should be ':', a number or a letter
char firstChar = (char)parentFrame.Data[packetStartIndex];
if (!Char.IsDigit(firstChar) && !Char.IsLetter(firstChar) && firstChar != ':')
{
return(false);
}
//the RFC says that there should be CR-LF, but some implementations only use LF
if (Array.IndexOf <byte>(parentFrame.Data, (byte)ircChars.LF, packetStartIndex) == -1)
{
if (packetEndIndex - packetStartIndex > MAX_MESSAGE_LENGTH) //some implementations ignore line breaks for short messages
{
return(false); //no LF
}
}
//there should usually be one CR and it should be followed by a LF
int crIndex = Array.IndexOf <byte>(parentFrame.Data, (byte)ircChars.CR, packetStartIndex);
if (crIndex >= packetEndIndex || (crIndex != -1 && parentFrame.Data[crIndex + 1] != (byte)ircChars.LF))
{
if (packetEndIndex - packetStartIndex > MAX_MESSAGE_LENGTH) //some implementations ignore line breaks for short messages
{
return(false);
}
}
/*
* for(int i=packetStartIndex; i<=packetEndIndex; i++) {
* if(parentFrame.Data[i]==(byte)ircChars.CR) {
* if(i<packetEndIndex && parentFrame.Data[i+1]==(byte)ircChars.LF)
* containsLf=true;
* break;
* }
* else if(parentFrame.Data[i]==(byte)ircChars.LF) {
* containsLf=true;
* break;
* }
* }
* if(!containsLf)
* return false;
*/
try {
result = new IrcPacket(parentFrame, packetStartIndex, packetEndIndex);
}
catch {
result = null;
}
if (result == null)
{
return(false);
}
else
{
return(true);
}
}