public ICMPH(FileStream fs, PcapFile pfh, Packet pkt, uint i)
{
if ((pkt.Len - i) < 0x08) return;
Type = (uint)pkt.PData[i++];
Code = (uint)pkt.PData[i++];
Checksum = (uint)pkt.PData[i++] * 0x100 + (uint)pkt.PData[i++];
switch (Type)
{
case 3: // destination unreachable
case 11: // time exceeded
case 4: // source quench
Unused = (uint)pkt.PData[i++] * 0x1000000 + (uint)pkt.PData[i++] * 0x10000 + (uint)pkt.PData[i++] * 0x100 + (uint)pkt.PData[i++];
break;
case 12: // parameter problem
Pointer = (uint)pkt.PData[i++];
Unused = (uint)pkt.PData[i++] * 0x10000 + (uint)pkt.PData[i++] * 0x100 + (uint)pkt.PData[i++];
break;
case 5: // redirect
GatewayAddress = (uint)pkt.PData[i++] * 0x1000000 + (uint)pkt.PData[i++] * 0x10000 + (uint)pkt.PData[i++] * 0x100 + (uint)pkt.PData[i++];
break;
case 8: // echo
case 0: // echo reply
case 15: // information request
case 16: // information reply
Identifier = (uint)pkt.PData[i++] * 0x100 + (uint)pkt.PData[i++];
SequenceNumber = (uint)pkt.PData[i++] * 0x100 + (uint)pkt.PData[i++];
break;
case 13: // timestamp
case 14: // timestamp reply
if ((pkt.Len - i) < 0x0c) return;
OriginateTimestamp = (uint)pkt.PData[i++] * 0x1000000 + (uint)pkt.PData[i++] * 0x10000 + (uint)pkt.PData[i++] * 0x100 + (uint)pkt.PData[i++];
ReceiveTimestamp = (uint)pkt.PData[i++] * 0x1000000 + (uint)pkt.PData[i++] * 0x10000 + (uint)pkt.PData[i++] * 0x100 + (uint)pkt.PData[i++];
TransmitTimestamp = (uint)pkt.PData[i++] * 0x1000000 + (uint)pkt.PData[i++] * 0x10000 + (uint)pkt.PData[i++] * 0x100 + (uint)pkt.PData[i++];
break;
default:
break;
}
// set generic header utility properties
headerprot = Protocols.ICMP;
payloadindex = i;
payloadlen = (int)(pkt.Len - i);
// set packet-level convenience properties
pkt.Prots |= Protocols.ICMP;
pkt.phlist.Add(this);
}
public EthernetH(FileStream fs, PcapFile pfh, Packet pkt, uint i)
{
if ((pkt.Len - i) < 0xe) return;
DestMAC = (ulong)pkt.PData[i++] * 0x0010000000000 + (ulong)pkt.PData[i++] * 0x000100000000 + (ulong)pkt.PData[i++] * 0x000001000000 + (ulong)pkt.PData[i++] * 0x000000010000 + (ulong)pkt.PData[i++] * 0x000000000100 + (ulong)pkt.PData[i++] ;
SrcMAC = (ulong)pkt.PData[i++] * 0x0010000000000 + (ulong)pkt.PData[i++] * 0x000100000000 + (ulong)pkt.PData[i++] * 0x000001000000 + (ulong)pkt.PData[i++] * 0x000000010000 + (ulong)pkt.PData[i++] * 0x000000000100 + (ulong)pkt.PData[i++] ;
TypeLen = (uint)pkt.PData[i++] * 0x100 + (uint)pkt.PData[i++] ;
// NEED TO HANDLE Q-TAGGED FRAMES
// set generic header properties
headerprot = Protocols.Ethernet;
payloadindex = i;
payloadlen = (int)(pkt.Len - i);
// set packet-level convenience properties
pkt.Prots |= Protocols.Ethernet;
pkt.SrcMAC = SrcMAC;
pkt.DestMAC = DestMAC;
pkt.phlist.Add(this);
if (QuickFilterTools.QFMAC.Exclude(DestMAC) || QuickFilterTools.QFMAC.Exclude(SrcMAC))
{
pkt.qfexcluded = true;
return;
}
switch (TypeLen)
{
case 0x800: //L3Protocol = Protocols.IP4;
new IP4H(fs, pfh, pkt, payloadindex);
break;
case 0x806:
new ARPH(fs, pfh, pkt, payloadindex);
break;
case 0x8dd: // L3Protocol = Protocols.IPv6;
break;
default:
break;
}
}
public DNSH(FileStream fs, PcapFile pfh, Packet pkt, uint i)
{
Len = (uint)(pkt.phlist[pkt.phlist.Count() - 1]).payloadlen;
// if not enough data remaining, return without reading anything
// note that we have not added the header to the packet's header list yet, so we are not leaving an invalid header in the packet
if ((pkt.Len - i) < Len) return;
ID = (uint)pkt.PData[i++] * 0x100 + (uint)pkt.PData[i++];
QR = ((uint)pkt.PData[i] & 0x80) / 0x80;
OpCode = ((uint)pkt.PData[i] & 0x78) / 0x08;
AA = ((uint)pkt.PData[i] & 0x04) / 0x04;
TC = ((uint)pkt.PData[i] & 0x02) / 0x02;
RD = ((uint)pkt.PData[i++] & 0x01);
RA = ((uint)pkt.PData[i] & 0x80) / 0x80;
Z = ((uint)pkt.PData[i] & 0x70) / 0x10;
RCode = ((uint)pkt.PData[i++] & 0x000f);
QDCOUNT = (uint)pkt.PData[i++] * 0x100 + (uint)pkt.PData[i++];
ANCOUNT = (uint)pkt.PData[i++] * 0x100 + (uint)pkt.PData[i++];
NSCOUNT = (uint)pkt.PData[i++] * 0x100 + (uint)pkt.PData[i++];
ARCOUNT = (uint)pkt.PData[i++] * 0x100 + (uint)pkt.PData[i++];
RRs = new List<DNSRRList>();
RRs.Add(new DNSRRList()); // add empty list to containt the questions
for (int ii = 0; ii < QDCOUNT; ii++) RRs[0].Items.Add(new DNSRR(pkt, ref i, true));
//ffadfdadfadd
// finish debugging reading individual packets
// add sub tree display for dns packets
// make question and answer rrs a single list
// add variables to index the list for firstAN, firstNS, firstAR
// add datatemplate for dnsitem
// create dns grouping logic - simply match ID fields
RRs.Add(new DNSRRList());
for (int ii = 0; ii < ANCOUNT; ii++) RRs[1].Items.Add(new DNSRR(pkt, ref i, false));
RRs.Add(new DNSRRList());
for (int ii = 0; ii < NSCOUNT; ii++) RRs[2].Items.Add(new DNSRR(pkt, ref i, false));
RRs.Add(new DNSRRList());
for (int ii = 0; ii < ARCOUNT; ii++) RRs[3].Items.Add(new DNSRR(pkt, ref i, false));
if (i != pkt.Len) MessageBox.Show("Did Not Read DNS record properly? i != pkt.Len");
// set generic header properties
headerprot = Protocols.DNS;
payloadindex = i;
payloadlen = (int)(pkt.Len - i);
// set packet-level convenience properties
pkt.Prots |= Protocols.DNS;
// add header to packet's header list
pkt.phlist.Add(this);
}
public ARPH(FileStream fs, PcapFile pfh, Packet pkt, uint i)
{
if ((pkt.Len - i) < 0x8) return;
HWType = (uint)pkt.PData[i++] * 0x100 + (uint)pkt.PData[i++] ;
Prot = (uint)pkt.PData[i++] * 0x100 + (uint)pkt.PData[i++] ;
HWAddrLen = (uint)pkt.PData[i++] ;
ProtAddrLen = (uint)pkt.PData[i++] ;
Opn = (uint)pkt.PData[i++] * 0x100 + (uint)pkt.PData[i++] ;
if ((pkt.Len - i) < (2 * HWAddrLen + 2 * ProtAddrLen)) return;
// HANDLE OTHER ADDR LEN VARIATIONS
if ((HWAddrLen != 6) || (ProtAddrLen != 4)) return;
SenderHW = (ulong)pkt.PData[i++] * 0x0010000000000 + (ulong)pkt.PData[i++] * 0x000100000000 + (ulong)pkt.PData[i++] * 0x000001000000 + (ulong)pkt.PData[i++] * 0x000000010000 + (ulong)pkt.PData[i++] * 0x000000000100 + (ulong)pkt.PData[i++] ;
SenderProt = (uint)pkt.PData[i++] * 0x000001000000 + (uint)pkt.PData[i++] * 0x000000010000 + (uint)pkt.PData[i++] * 0x000000000100 + (uint)pkt.PData[i++] ;
TargetHW = (ulong)pkt.PData[i++] * 0x0010000000000 + (ulong)pkt.PData[i++] * 0x000100000000 + (ulong)pkt.PData[i++] * 0x000001000000 + (ulong)pkt.PData[i++] * 0x000000010000 + (ulong)pkt.PData[i++] * 0x000000000100 + (ulong)pkt.PData[i++] ;
TargetProt = (uint)pkt.PData[i++] * 0x000001000000 + (uint)pkt.PData[i++] * 0x000000010000 + (uint)pkt.PData[i++] * 0x000000000100 + (uint)pkt.PData[i++] ;
// set generic header properties
headerprot = Protocols.ARP;
payloadindex = i;
payloadlen = (int)(pkt.Len - i);
// set packet-level convenience properties
pkt.Prots |= Protocols.ARP;
// add to packet header list
pkt.phlist.Add(this);
}
public TCPH(FileStream fs, PcapFile pfh, Packet pkt, uint i)
{
uint temp;
uint optionbytes;
H containingheader = pkt.phlist[pkt.phlist.Count()-1];
TCPOption thisoption;
List<TCPOption> options = new List<TCPOption>();
// if containing protocol does not know it's payload length, return with no result - need to add code to handle this case
// TCP needs to be told the length of its payload by the outer protocol
// it may not be all of the remaining bytes in the packet, at least due to cases where the ethernet frame includes padding bytes that are captured by wireshark/pcap
if (containingheader.payloadlen == -1) { MessageBox.Show("Trying to parse TCP header where containing protocol did not set payloadlen - need to add code to handle this"); return; }
// if not enough data remaining, return without reading anything
// note that we have not added the header to the packet's header list yet, so we are not leaving an invalid header in the packet
if ((pkt.Len - i) < 0x14) return;
// read in the fixed header data
SrcPort = (uint)pkt.PData[i++] * 0x100 + (uint)pkt.PData[i++] ;
DestPort = (uint)pkt.PData[i++] * 0x100 + (uint)pkt.PData[i++] ;
SeqNo = (uint)pkt.PData[i++] * 0x1000000 + (uint)pkt.PData[i++] * 0x10000 + (uint)pkt.PData[i++] * 0x100 + (uint)pkt.PData[i++] ;
AckNo = (uint)pkt.PData[i++] * 0x1000000 + (uint)pkt.PData[i++] * 0x10000 + (uint)pkt.PData[i++] * 0x100 + (uint)pkt.PData[i++] ;
temp = (uint)pkt.PData[i++] * 0x100 + (uint)pkt.PData[i++] ;
DataOffset = temp / 0x1000;
Flags = temp & 0xfff;
WindowSize = (uint)pkt.PData[i++] * 0x100 + (uint)pkt.PData[i++] ;
Checksum = (uint)pkt.PData[i++] * 0x100 + (uint)pkt.PData[i++] ;
UrgentPtr = (uint)pkt.PData[i++] * 0x100 + (uint)pkt.PData[i++] ;
optionbytes = (DataOffset * 4) - 0x14; // number of bytes of options plus any padding to get TCP header to 32 bit boundary
if ((pkt.Len - i) < (optionbytes + 0x14)) return; // if not enough bytes to fill options fields, return without adding header to packet
for (uint ob = 0; ob < optionbytes; )
{
thisoption = new TCPOption();
thisoption.Kind = (uint)pkt.PData[i++] ; i++;
switch (thisoption.Kind)
{
case 0: // end of options list
thisoption.Length = 1;
i += optionbytes - i; // skip any remaining padding bytes
ob = optionbytes;
break;
case 1: // NOP, just eat the byte
thisoption.Length = 1;
break;
case 2: // maximum segment size, len is 4, segment size is 32 bits
thisoption.Length = (uint)pkt.PData[i++] ;
thisoption.Data = new uint[1]; thisoption.Data[0] = (uint)pkt.PData[i++] * 0x100 + (uint)pkt.PData[i++] ;
ob += 3;
break;
case 3: // window scale
thisoption.Length = (uint)pkt.PData[i++] ;
thisoption.Data = new uint[1]; thisoption.Data[0] = (uint)pkt.PData[i++] ;
ob += 2;
break;
case 4: // selective acknowledgement permitted
thisoption.Length = (uint)pkt.PData[i++] ;
ob++;
thisoption.Data = null;
break;
case 5: // selective acknowledgement
thisoption.Length = (uint)pkt.PData[i++] ;
if (thisoption.Length > 0x22) MessageBox.Show("TCP packet with bad Selective Acknowlegement option");
thisoption.Data = new uint[(thisoption.Length - 2) / 4];
for (int ii = 0; ii < (thisoption.Length - 2) / 4; ii++) thisoption.Data[ii] = (uint)pkt.PData[i++] * 0x1000000 + (uint)pkt.PData[i++] * 0x10000 + (uint)pkt.PData[i++] * 0x100 + (uint)pkt.PData[i++] ;
ob += thisoption.Length - 1;
break;
case 8: // timestamp and echo of previous timestamp
thisoption.Length = (uint)pkt.PData[i++] ;
thisoption.Data = new uint[2];
thisoption.Data[0] = (uint)pkt.PData[i++] * 0x1000000 + (uint)pkt.PData[i++] * 0x10000 + (uint)pkt.PData[i++] * 0x100 + (uint)pkt.PData[i++] ;
thisoption.Data[1] = (uint)pkt.PData[i++] * 0x1000000 + (uint)pkt.PData[i++] * 0x10000 + (uint)pkt.PData[i++] * 0x100 + (uint)pkt.PData[i++] ;
ob += 9;
break;
case 0x0e: // TCP alternate checksum request
thisoption.Length = (uint)pkt.PData[i++] ;
thisoption.Data = new uint[1];
thisoption.Data[0] = (uint)pkt.PData[i++] ;
ob += 2;
break;
case 0x0f: // TCP alternate checksum data
thisoption.Length = (uint)pkt.PData[i++] ;
thisoption.Data = new uint[thisoption.Length];
for (int ii = 0; ii < thisoption.Length; ii++) thisoption.Data[ii] = (uint)pkt.PData[i++] ; // just naively read each byte into a uint - this option is considered "historic" and probably will never be encountered
ob += thisoption.Length - 1;
break;
default:
MessageBox.Show("Unknown TCP header option type");
break;
}
options.Add(thisoption);
}
Options = new TCPOption[options.Count];
// copy options into TCPH.Options
for (int ii = 0; ii < options.Count; ii++) Options[ii] = options[ii];
// set generic header properties
headerprot = Protocols.TCP;
payloadindex = i;
payloadlen = containingheader.payloadlen - 0x14 - (int)optionbytes;
// set packet-level convenience properties
pkt.tcphdr = this;
pkt.Prots |= Protocols.TCP;
pkt.SrcPort = SrcPort;
pkt.DestPort = DestPort;
// add header to packet's header list
pkt.phlist.Add(this);
// determine which header constructor to call next, if any, and call it
switch (1)
{
case 0x01:
break;
default:
break;
}
}
private void ChooseFile(object sender, RoutedEventArgs e)
{
PcapFile pfh;
OpenFileDialog dlg = new OpenFileDialog();
Nullable<bool> result;
FileStream fs;
Packet pkt;
byte[] b = new byte[1000];
dlg.Multiselect = false;
dlg.InitialDirectory = Properties.Settings.Default.LastDirectory;
dlg.FileName = Properties.Settings.Default.LastFile;
result = dlg.ShowDialog();
if (result == true)
{
pkts.Clear();
// deprecated: exclpkts.Clear();
foreach (GList gl in grouplistlist) gl.groups.Clear();
QuickFilterTools.QFMAC.ResetCounters();
QuickFilterTools.QFIP4.ResetCounters();
//foreach (PktSet set in setlist.sets) set.pkts.Clear();
//qfexcluded.pkts.Clear();
Properties.Settings.Default.LastDirectory = dlg.InitialDirectory;
Properties.Settings.Default.LastFile = dlg.FileName;
filename.Content = dlg.FileName;
fs = new FileStream(dlg.FileName, FileMode.Open);
pfh = new PcapFile(fs);
while (fs.Position < fs.Length)
{
pkt = new Packet(fs, pfh);
if (filters.Include(pkt)) pkts.Add(pkt);
// lines below are from older "Quickfilter" implementation - this may be permanently obsolete
// // NEXT LINE IS TEMPORARY - ONCE QUICKFILTER IS TRUSTED, PACKETS THAT ARE EXCLUDED SHOULD SIMPLY BE DESTROYED
// if (pkt.qfexcluded) exclpkts.Add(pkt);
// else pkts.Add(pkt);
}
foreach (Packet p in pkts)
foreach (GList gl in grouplistlist)
if (gl.GroupPacket(p)) break;
foreach (TCPG tg in ((TCPGList)(grouplistlist[2])).groups)
{
tg.OPL1.CopyBytes(1000, b);
tg.OPL2.CopyBytes(1000, b);
}
CollectionViewSource.GetDefaultView(grouptree.ItemsSource).Refresh();
fs.Close();
}
}
public UDPH(FileStream fs, PcapFile pfh, Packet pkt, uint i)
{
if ((pkt.Len - i) < 0x8) return;
SrcPort = (uint)pkt.PData[i++] * 0x100 + (uint)pkt.PData[i++];
DestPort = (uint)pkt.PData[i++] * 0x100 + (uint)pkt.PData[i++];
Len = (uint)pkt.PData[i++] * 0x100 + (uint)pkt.PData[i++];
Checksum = (uint)pkt.PData[i++] * 0x100 + (uint)pkt.PData[i++];
// set generic header properties
headerprot = Protocols.UDP;
payloadindex = i;
payloadlen = (int)Len - 8;
// set packet-level convenience properties
pkt.Prots |= Protocols.UDP;
pkt.udphdr = this;
pkt.SrcPort = SrcPort;
pkt.DestPort = DestPort;
// add to packet header list
pkt.phlist.Add(this);
if ((SrcPort == 0x43) || (SrcPort == 0x44) || (DestPort == 0x43) || (DestPort == 0x44)) // DHCP v4
new DHCP4H(fs, pfh, pkt, i);
else if ((SrcPort == 0x35) || (DestPort == 0x35)) // DNS
new DNSH(fs, pfh, pkt, i);
}
public uint NGBlockLen; // total block length, if this is a PcapNG packet (needed by Packet function so it can know how many bytes to read over after packet data section)
#endregion Fields
#region Constructors
public PcapH(FileStream fs, PcapFile pcf, Packet pkt, uint i)
{
uint timesecs, timeusecs;
uint timehigh, timelow;
ulong time;
PcapFile.InterfaceDescription thisif;
uint pcaphdrlen;
byte[] d = new byte[0x1c];
if (pcf.Type == PcapFile.PcapFileTypes.PcapOld) // if this is a plain pcap packet (not pcap ng)
{
headerprot = Protocols.PcapOld;
DataLink = pcf.FileHdrOld.DataLink;
fs.Read(d, 0, 0x10);
// timestamp is stored in file as 2 32 bit integers (per inspection of file and per http://wiki.wireshark.org/Development/LibpcapFileFormat)
// first is time in seconds since 1/1/1970 00:00:00, GMT time zone
// second is microseconds (or nanoseconds if fileheader nanores == 1)
timesecs = (pcf.FileHdrOld.Bigendian ? PcapFile.flip32(d, 0) : BitConverter.ToUInt32(d, 0));
timeusecs = (pcf.FileHdrOld.Bigendian ? PcapFile.flip32(d, 4) : BitConverter.ToUInt32(d, 4));
Time = new DateTime(timesecs * TimeSpan.TicksPerSecond + timeusecs * TimeSpan.TicksPerSecond / 1000000 / ((pcf.FileHdrOld.Nanores == 1) ? 1000 : 1));
CapLen = (pcf.FileHdrOld.Bigendian ? PcapFile.flip32(d, 8) : BitConverter.ToUInt32(d, 8));
Len = (pcf.FileHdrOld.Bigendian ? PcapFile.flip32(d, 12) : BitConverter.ToUInt32(d, 12));
pcaphdrlen = 0x10;
payloadindex = 0x10;
payloadlen = (int)CapLen - 0x10;
fs.Seek(-0x10, SeekOrigin.Current); // rewind so code below can read whole packet into pkt.PData
}
else
{
// this is a pcapng packet
// currently only handling "enhanced packet block" type packets
headerprot = Protocols.PcapNG;
pcf.FileHdrNG.ReadBlocksUntilPacket(fs); // read any non-packet blocks
fs.Read(d, 0, 0x1c);
NGBlockLen = (pcf.FileHdrNG.CurrentSection.bigendian ? PcapFile.flip32(d, 4) : BitConverter.ToUInt32(d, 4));
thisif = pcf.FileHdrNG.IntDescDict[(pcf.FileHdrNG.CurrentSection.bigendian ? PcapFile.flip32(d, 8) : BitConverter.ToUInt32(d, 8))];
DataLink = thisif.LinkType;
timehigh = (pcf.FileHdrNG.CurrentSection.bigendian ? PcapFile.flip32(d, 0x0c) : BitConverter.ToUInt32(d, 0x0c));
timelow = (pcf.FileHdrNG.CurrentSection.bigendian ? PcapFile.flip32(d, 0x10) : BitConverter.ToUInt32(d, 0x10));
time = (ulong)timehigh * 0x100000000 + (ulong)timelow;
Time = pcf.FileHdrNG.TSBasis;
long factor = TimeSpan.TicksPerSecond / (long)thisif.TSUnitsPerSecond;
time = (ulong)((long)time * factor);
TimeSpan ts = new TimeSpan((long)time);
Time = Time.Add(ts);
CapLen = (pcf.FileHdrNG.CurrentSection.bigendian ? PcapFile.flip32(d, 0x14) : BitConverter.ToUInt32(d, 0x14));
Len = (pcf.FileHdrNG.CurrentSection.bigendian ? PcapFile.flip32(d, 0x18) : BitConverter.ToUInt32(d, 0x18));
pcaphdrlen = 0x1c;
payloadindex = 0x1c;
payloadlen = (int)CapLen - 0x1c;
fs.Seek(-0x1c, SeekOrigin.Current); // rewind so code below can read whole packet into pkt.PData
}
pkt.PData = new byte[pcaphdrlen + CapLen];
pkt.Len = pcaphdrlen + CapLen;
fs.Read(pkt.PData, 0, (int)(pcaphdrlen + CapLen));
pkt.phlist.Add(this);
pkt.Prots |= headerprot;
switch (DataLink)
{
case 1: // ethernet
new EthernetH(fs, pcf, pkt, payloadindex);
break;
default:
break;
}
}
public IP4H(FileStream fs, PcapFile pfh, Packet pkt, uint i)
{
if ((pkt.Len - i) < 0x1) return;
HdrLen = (uint)pkt.PData[i++] ;
Ver = (HdrLen & 0xf0) / 16; // note we keep this value in number of 32 bit words
HdrLen &= 0x0f; // mask out the high 4 bits that contain the version
if ((pkt.Len - i) < (4 * HdrLen)) return; // if not enough bytes, this is not a valid header
TOS = (uint)pkt.PData[i++] ;
Len = (uint)pkt.PData[i++] * 0x0100 + (uint)pkt.PData[i++] ;
Ident = (uint)pkt.PData[i++] * 0x0100 + (uint)pkt.PData[i++] ;
FragOffset = (uint)pkt.PData[i++] * 0x0100 + (uint)pkt.PData[i++] ;
DontFrag = (FragOffset & 0x4000) / 0x4000;
MoreFrags = (FragOffset & 0x2000) / 0x2000;
FragOffset &= 0x1fff;
TTL = (uint)pkt.PData[i++] ;
Prot = (uint)pkt.PData[i++] ;
Checksum = (uint)pkt.PData[i++] * 0x0100 + (uint)pkt.PData[i++] ;
SrcIP4 = (uint)pkt.PData[i++] * 0x01000000 + (uint)pkt.PData[i++] * 0x00010000 + (uint)pkt.PData[i++] * 0x0100 + (uint)pkt.PData[i++] ;
DestIP4 = (uint)pkt.PData[i++] * 0x01000000 + (uint)pkt.PData[i++] * 0x00010000 + (uint)pkt.PData[i++] * 0x0100 + (uint)pkt.PData[i++] ;
OptionLen = (HdrLen * 4) - 0x14;
i += OptionLen;
// HANDLE OPTIONS
// set generic header properties
payloadlen = (int)(Len - HdrLen * 4);
payloadindex = i;
headerprot = Protocols.IP4;
// set packet level convenience properties
pkt.Prots |= Protocols.IP4;
pkt.SrcIP4 = SrcIP4;
pkt.DestIP4 = DestIP4;
pkt.ip4hdr = this;
// add to header list
pkt.phlist.Add(this);
if (QuickFilterTools.QFIP4.Exclude(DestIP4) || QuickFilterTools.QFIP4.Exclude(SrcIP4))
{
pkt.qfexcluded = true;
return;
}
switch (Prot)
{
case 0x01: //L4Protocol = Protocols.ICMP;
new ICMPH(fs, pfh, pkt, i);
break;
case 0x02: // L4Protocol = Protocols.IGMP;
break;
case 0x03: // L4Protocol = Protocols.GGP;
break;
case 0x06: //L4Protocol = Protocols.TCP;
new TCPH(fs, pfh, pkt, i);
break;
case 0x11: // L4Protocol = Protocols.UDP;
new UDPH(fs, pfh, pkt, i);
break;
default:
break;
}
}
public DHCP4H(FileStream fs, PcapFile pfh, Packet pkt, uint i)
{
// if not enough data remaining, return without reading anything
// note that we have not added the header to the packet's header list yet, so we are not leaving an invalid header in the packet
if ((pkt.Len - i) < 0xf0) return;
// read in the header data
DHCP4OpCode = (uint)pkt.PData[i++] ;
DHCP4HWType = (uint)pkt.PData[i++] ;
DHCP4HWAddrLen = (uint)pkt.PData[i++] ;
DHCP4Hops = (uint)pkt.PData[i++] ;
DHCP4XID = (uint)pkt.PData[i++] * 0x000001000000 + (uint)pkt.PData[i++] * 0x000000010000 + (uint)pkt.PData[i++] * 0x000000000100 + (uint)pkt.PData[i++] ;
DHCP4Secs = (uint)pkt.PData[i++] * 0x100 + (uint)pkt.PData[i++] ;
DHCP4Flags = (uint)pkt.PData[i++] * 0x100 + (uint)pkt.PData[i++] ;
DHCP4ClientIP4 = (uint)pkt.PData[i++] * 0x000001000000 + (uint)pkt.PData[i++] * 0x000000010000 + (uint)pkt.PData[i++] * 0x000000000100 + (uint)pkt.PData[i++] ;
DHCP4YourIP4 = (uint)pkt.PData[i++] * 0x000001000000 + (uint)pkt.PData[i++] * 0x000000010000 + (uint)pkt.PData[i++] * 0x000000000100 + (uint)pkt.PData[i++] ;
DHCP4ServerIP4 = (uint)pkt.PData[i++] * 0x000001000000 + (uint)pkt.PData[i++] * 0x000000010000 + (uint)pkt.PData[i++] * 0x000000000100 + (uint)pkt.PData[i++] ;
DHCP4GatewayIP4 = (uint)pkt.PData[i++] * 0x000001000000 + (uint)pkt.PData[i++] * 0x000000010000 + (uint)pkt.PData[i++] * 0x000000000100 + (uint)pkt.PData[i++] ;
// read bytes of client hardware addrsess, handle variable length, handle fact that bytes are "left justified" within the 16 byte field
int ii = 0; DHCP4ClientHWAddrHigh = 0;
while (ii < ((int)DHCP4HWAddrLen - 8)) { DHCP4ClientHWAddrHigh = DHCP4ClientHWAddrHigh * 0x100 + (ulong)pkt.PData[i++] ; ii++; }
ii = 0; DHCP4ClientHWAddr = 0;
while (ii < (int)DHCP4HWAddrLen) { DHCP4ClientHWAddr = DHCP4ClientHWAddr * 0x100 + (uint)pkt.PData[i++] ; ii++; }
i += 16 - DHCP4HWAddrLen;
i += 0xc0; // skip over the 192, or 0xc0, legacy BOOTP area
DHCP4Cookie = (uint)pkt.PData[i++] * 0x000001000000 + (uint)pkt.PData[i++] * 0x000000010000 + (uint)pkt.PData[i++] * 0x000000000100 + (uint)pkt.PData[i++] ;
// set generic header properties
headerprot = Protocols.DHCP4;
payloadindex = i;
payloadlen = (int)(pkt.Len - i);
// set packet-level convenience properties
pkt.Prots |= Protocols.DHCP4;
// add header to packet's header list
pkt.phlist.Add(this);
}
// i is index into pkt.PData of start of this header
public H(FileStream fs, PcapFile pcf, Packet pkt, uint i)
{
// if header cannot be read properly,
// do not add header to packet's header list, and do not call downstream header constructors, just return
// first read protocol-specific properties
// if header is parsed correctly,
// set the generic header properties
// set the packet-level convenience properties (e.g., pkt.ip4hdr)
// add it to pkt's header list
// determine next layer hheader (if any) and call its constructor
}
public ExampleH(FileStream fs, PcapFile pfh, Packet pkt, uint i)
{
// CONSTRUCTOR SHOULD ALSO INCLUDE PARAMETERS FOR ANY FIELDS THAT ARE NEEDED FROM ENCAPSULATING HEADERS
// SO THAT THIS PROTOCOL'S FUNCTIONS NEVER HAVE TO SEARCH THE PHLIST FOR OTHER PROTOCOL'S HEADERS
// if header cannot be read properly,
// do not add header to packet's header list, and do not call downstream header constructors, just return
// first read protocol-specific properties
// if header is parsed correctly,
// set the generic header properties
headerprot = Protocols.Generic;
payloadindex = i;
payloadlen = (int)(pkt.Len - i);
// set the packet-level convenience properties (e.g., pkt.ip4hdr)
pkt.Prots |= Protocols.Generic;
// add it to pkt's header list
pkt.phlist.Add(this);
// determine which header constructor to call next, if any, and call it
switch (Prot)
{
case 0x01: // ICMP
new ICMPH(fs, pfh, pkt, i);
break;
default:
break;
}
}