private void AddNewNode(TcpRecon recon)
{
int startAt = (int)recon.LastSavedOffset;
int endAt = (int)recon.PreviousPacketEndOffset;
if (recon.isComplete) endAt =(int)recon.CurrentOffset;
DataBlock db = new DataBlock(recon.dumpFile, startAt, endAt - startAt, recon);
db.EpochTimeStamp = curPacketTime.Seconds.ToString() + "." + curPacketTime.MicroSeconds.ToString();
/*string fu = firstTimeStamp_s.ToString() + "." + firstTimeStamp_ms.ToString();
string fu2 = firstpacketTimeStamp_s.ToString() + "." + firstpacketTimeStamp_ms.ToString();
decimal tmp = decimal.Parse(fu);
decimal temp2 = decimal.Parse(fu2);
decimal x = temp2 - tmp;
db.relativeTimeStamp = x.ToString();
firstpacketTimeStamp_s = 0;*/
/*long hi = (long)curPacket.PcapHeader.Seconds - firstTimeStamp_s;
long low = (long)curPacket.PcapHeader.MicroSeconds - firstTimeStamp_ms;
db.relativeTimeStamp = hi.ToString() + "." + low.ToString();
*/
owner.Invoke(NewNode, db);
recon.LastSavedOffset = recon.PreviousPacketEndOffset;
}
private void Complete(List <string> ips)
{
ListViewItem li = null;
List <TreeNode> rem = new List <TreeNode>();
int ii = 0;
if (rm.ErrorMessage.Length > 0)
{
this.Text = rm.ErrorMessage;
this.Refresh();
return;
}
this.Text = "Loading Complete now parsing...";
this.Refresh();
foreach (string s in ips)
{
lvIPs.Items.Add(s);
}
if (ConglomerateToolStripMenuItem.Checked)
{
this.Text = "Conglomerating streams option checked...";
this.Refresh();
Application.DoEvents();
startOver:
ii = 0;
foreach (TreeNode n in tv.Nodes)
{
ii++;
if (ii % 2 == 0)
{
setpb(ii, tv.Nodes.Count);
}
foreach (TreeNode n2 in tv.Nodes)
{
if (n2 != n)
{
if (n2.Text == n.Text)
{
foreach (TreeNode n3 in n2.Nodes)
{
TreeNode n4 = n.Nodes.Add(n3.Text);
n4.Tag = n3.Tag;
}
tv.Nodes.Remove(n2);
goto startOver; //or you get invalid object reference..removing from treeviews is tricky..
}
}
}
}
}
this.Text = "Scanning for http content..";
this.Refresh();
ii = 0;
foreach (TreeNode n in tv.Nodes)//parent node shows stream info..
{
ii++;
if (ii % 2 == 0)
{
setpb(ii, tv.Nodes.Count);
}
int st = Environment.TickCount;
if (n.Nodes.Count == 0)
{
rem.Add(n);
}
else
{
n.Text += " (" + n.Nodes.Count + ")";
/*tv.Refresh();
* this.Refresh();
* Application.DoEvents();*/
setpb(0, 0, 2);
int ni = 0;
foreach (TreeNode nn in n.Nodes) //each subnode holds the actual data stream details..
{
//if (System.Diagnostics.Debugger.IsAttached && (Environment.TickCount - st) > 5000) System.Diagnostics.Debugger.Break();
ni++;
if (ni % 10 == 0)
{
setpb(ni, n.Nodes.Count, 2);
}
DataBlock db = (DataBlock)nn.Tag;
db.DetectType();
if (db.DataType != DataBlock.DataTypes.dtBinary)
{
nn.Text = db.HttpFirstLine;
if (db.DataType == DataBlock.DataTypes.dtHttpReq)
{
li = lv.Items.Add(db.HttpFirstLine);
li.Tag = nn;
}
else
{//we have some extra display room with just short HTTP response code, so lets use it..
nn.Text = " " + nn.Text + string.Format(" - 0x{0:x} bytes", db.length);
if (db.isChunked)
{
nn.Text += " chunked ";
}
if (db.isGZip)
{
nn.Text += " w/gzip";
}
}
}
}
}
}
this.Text = "Pruning tree...";
this.Refresh();
foreach (TreeNode n in rem)
{
tv.Nodes.Remove(n);
}
lvDNS.Columns[0].Text = "DNS Requests: " + lvDNS.Items.Count;
lv.Columns[0].Text = "Web Requests: " + lv.Items.Count;
TimeSpan totalTime = (DateTime.Now - startTime);
this.Text = " Pcap size: " + FileSizeToHumanReadable(txtPcap.Text) + string.Format(" Processing time: {0} seconds", totalTime.TotalSeconds);
pb.Value = 0;
pb2.Value = 0;
}
private void extractStreamsToolStripMenuItem_Click(object sender, EventArgs e)
{
//note we have simplified the output file name...does not include ip..
//user dont extract multi ip streams..fix latter
//should the name be client 1, server 1 or client 1 , server 2 client 3 ?
fDlg.SelectedPath = outDir;
if (fDlg.ShowDialog() != DialogResult.OK)
{
return;
}
string pDir = fDlg.SelectedPath + "\\";
int c = 0, s = 0, saved = 0, total = 0, failed = 0;
TcpRecon recon;
string name = "";
foreach (TreeNode n in tv.Nodes)
{
if (n.Checked) //parent stream node, extract all its children
{
recon = (TcpRecon)n.Tag;
foreach (TreeNode nn in n.Nodes)
{
DataBlock db = (DataBlock)nn.Tag;
if (db.LoadData())
{
if (db.SourceAddress == recon.ServerAddress)
{
name = "server_" + string.Format("{0:D4}", s++);
}
else
{
name = "client_" + string.Format("{0:D4}", c++);
}
if (!db.SaveToFile(pDir + name + ".bin"))
{
failed++;
}
db.FreeData();
saved++;
}
total++;
}
}
else //scan its subnodes to see if any of them are selected..
{
foreach (TreeNode nn in n.Nodes)
{
recon = (TcpRecon)n.Tag;
if (nn.Checked)
{
DataBlock db = (DataBlock)nn.Tag;
if (db.LoadData())
{
if (db.SourceAddress == recon.ServerAddress)
{
name = "server_" + string.Format("{0:D4}", s++);
}
else
{
name = "client_" + string.Format("{0:D4}", c++);
}
if (!db.SaveToFile(pDir + name + ".bin"))
{
failed++;
}
db.FreeData();
saved++;
}
total++;
}
}
}
}
MessageBox.Show(string.Format("Extraction Complete Saved:{0} Total:{1} Fails:{2} blocks extracted.", saved, total - 1, failed));
}