Пример #1
0
 public pyDissector(string fileName)
 {
     engine = Python.CreateEngine();
     scope = engine.CreateScope();
     var runtime = engine.Runtime;
     runtime.LoadAssembly(typeof(PacketDotNet.Packet).Assembly);
     runtime.LoadAssembly(typeof(pyDissector).Assembly);
     src = engine.CreateScriptSourceFromFile(fileName);
     program = src.Compile();
     var result = program.Execute(scope);
     var filterString = scope.GetVariable<string>("nativeFilterString");
     myFilter = filterGen.genFilter(filterString);
     parseFunc = scope.GetVariable<Func<Packet, HLPacket>>("parsePacket");
 }
Пример #2
0
 public notFilter(packetFilter aa)
 {
     a = aa;
 }
Пример #3
0
 public orFilter(packetFilter aa, packetFilter bb)
 {
     a = aa; b = bb;
 }
Пример #4
0
 public filterViewer(packetFilter filter)
 {
     this.filter = filter;
 }
Пример #5
0
        public void applyOnlineFilter(packetFilter f)
        {
            var needResume = (this.status == listenerStatus.online);

            onlineFilter = f;
            foreach (var i in packList)
                if (f == null || f.pass(ref (i.packet)))
                {
                    var p = i;
                    onParseComplete(ref p);
                }
        }
Пример #6
0
        public tcpStream(ref sPacket targetPacket)
        {
            //Setup filter
            var tcp = targetPacket.packet.Extract(typeof(PacketDotNet.TcpPacket)) as PacketDotNet.TcpPacket;
            var ip = targetPacket.packet.Extract(typeof(PacketDotNet.IpPacket)) as IpPacket;
            if (tcp == null || ip == null)
                throw new InvalidOperationException("Packet is not a TCP packet");
            streamFilter = (new tcpPortFilter(true, tcp.SourcePort) & new tcpPortFilter(false, tcp.DestinationPort) &
                new ipIpFilter(true, ip.SourceAddress) & new ipIpFilter(false, ip.DestinationAddress)) |
                ((new tcpPortFilter(false, tcp.SourcePort) & new tcpPortFilter(true, tcp.DestinationPort) &
                new ipIpFilter(false, ip.SourceAddress) & new ipIpFilter(true, ip.DestinationAddress)));
            viewer = new filterViewer(streamFilter);
            
            //Search for target packet
            int pindex = 0;
            foreach (var i in packetListener.Instance.packList)
            {
                if (i.Equals(targetPacket))
                    break;
                pindex++;
            }
            viewer.reset(pindex);

            //Search for handshake
            Queue<Packet> handshakeWindow = new Queue<Packet>(3);
            var p = viewer.getCurrent();
            for (; p != null; p = viewer.getForward())
            {
                handshakeWindow.Enqueue(p.packet);
                if (handshakeWindow.Count > 3)
                    handshakeWindow.Dequeue();
                if (isHandshake(ref handshakeWindow,out client,out  host))
                {
                    break;
                }
            }

            if (p == null)
            {
                throw new InvalidOperationException("TCP session is not complete");
            }

            //Skip handshake
            viewer.getNext();viewer.getNext();viewer.getNext();
        }