private static void ExtractEthernetPacket(EthernetPacket ether)
{
switch (ether.Type)
{
case EthernetPacketType.Goose:
ether.PayloadPacket = new GoosePacket(ether.PayloadData, ether);
packets.Add(ether.PayloadPacket);
break;
case EthernetPacketType.Sv:
// UNDONE: SV construct
ether.PayloadPacket = new SvPacket(ether.PayloadData, ether);
packets.Add(ether.PayloadPacket);
break;
case EthernetPacketType.Gse:
break;
default:
// Unknown packet
break;
}
}
public Packet Build(EthernetPacket packet, UserSession session)
{
var mSrc = packet.SourceHardwareAddress;
var addressBytes = mSrc.GetAddressBytes();
//Swap out packet MAC address
for (var i = 0; i < addressBytes.Length; i++)
{
_payload[i] = addressBytes[i];
}
for (var i = 0; i < addressBytes.Length; i++)
{
_payload[0x46 + i] = addressBytes[i];
}
for (var i = 0x2e; i <= 0x32; i++)
{
_payload[i] = packet.Bytes[i];
}
//Assign an IP address based on last 2 bytes of MAC address on 10.253.x.x domain
_payload[0x3c] = addressBytes[4];
_payload[0x3d] = addressBytes[5];
var p = Packet.ParsePacket(LinkLayers.Ethernet, _payload);
p.UpdateCalculatedValues();
//await clients.Client(session.ConnectionId).SendGamePacket(session, p);
return(p);
}
public void EthernetConstructorFromMacAddresses()
{
var srcHwAddressBytes = new Byte[EthernetFields.MacAddressLength];
for (int i = 0; i < srcHwAddressBytes.Length; i++)
{
srcHwAddressBytes[i] = (byte)i;
}
var dstHwAddressBytes = new Byte[EthernetFields.MacAddressLength];
for (int i = 0; i < dstHwAddressBytes.Length; i++)
{
dstHwAddressBytes[i] = (byte)(dstHwAddressBytes.Length - i);
}
var srcHwAddress = new PhysicalAddress(srcHwAddressBytes);
var dstHwAddress = new PhysicalAddress(dstHwAddressBytes);
var ethernetPacket = new EthernetPacket(srcHwAddress,
dstHwAddress,
EthernetPacketType.None);
int expectedLength = 14;
Assert.AreEqual(expectedLength, ethernetPacket.Bytes.Length);
//TODO: improve this here
Console.WriteLine("ethernetPacket.ToString() {0}",
ethernetPacket.ToString());
}
private static void sendDhcpRelease(PhysicalAddress pSourceHwAddress, IPAddress pSourceIpAddress, PhysicalAddress pDestinationHwAddress, IPAddress pDestinationIpAddress)
{
PhysicalAddress ethernetSourceHwAddress = pSourceHwAddress;
PhysicalAddress ethernetDestinationHwAddress = pDestinationHwAddress;
var ethernetPacket = new EthernetPacket(ethernetSourceHwAddress,
ethernetDestinationHwAddress,
EthernetType.None);
var ipPacket = new IPv4Packet(pSourceIpAddress, pDestinationIpAddress);
const ushort udpSourcePort = 68;
const ushort udpDestinationPort = 67;
var udpPacket = new UdpPacket(udpSourcePort, udpDestinationPort);
//-- Combine all bytes to single payload
byte[] payload = buildDhcpReleasePacket(pSourceIpAddress, pSourceHwAddress, pDestinationIpAddress);
udpPacket.PayloadData = payload;
ipPacket.PayloadPacket = udpPacket;
ethernetPacket.PayloadPacket = ipPacket;
device.SendPacket(ethernetPacket);
Console.WriteLine("DHCP Release successful send to: " + pDestinationIpAddress + " from: " + pDestinationIpAddress + " at: " + DateTime.Now.ToShortTimeString());
}
private static void PostDashEvent(EthernetPacket packet)
{
if (((ARPPacket)packet.PayloadPacket).SenderProtocolAddress.ToString() != "0.0.0.0")
{
return;
}
var macAddress = packet.SourceHwAddress.ToString();
var button = ConfigurationManager.AppSettings.AllKeys.SingleOrDefault(m => m.Contains(macAddress));
if (button == null)
{
return;
}
var client = new HttpClient();
var values = new Dictionary <string, string>
{
{ "Event", ConfigurationManager.AppSettings[button] },
{ "MacAddress", macAddress },
{ "CreatedOn", DateTime.Now.ToString() }
};
var data = new FormUrlEncodedContent(values);
client.PostAsync("http://localhost:56719/your/api/url/here", data).ContinueWith(task =>
{
client.Dispose();
});
}
/// <summary>
/// 设备扫描发包线程。
/// </summary>
/// <param name="obj">地址列表。</param>
private void ScanPacketSendThread(object obj)
{
try {
// 获取当前设备
var device = DeviceList[CurDevName];
// 获取地址列表
var ipAddresses = (List <IPAddress>)obj;
// 构建包信息
var ether = new EthernetPacket(device.MacAddress,
new PhysicalAddress(new byte[] { 255, 255, 255, 255, 255, 255 }),
EthernetPacketType.Arp);
var arp = new ARPPacket(ARPOperation.Request,
new PhysicalAddress(new byte[] { 0, 0, 0, 0, 0, 0 }),
new IPAddress(new byte[] { 0, 0, 0, 0 }),
device.MacAddress,
Ipv4Address)
{
HardwareAddressType = LinkLayers.Ethernet,
ProtocolAddressType = EthernetPacketType.IPv4
};
ether.PayloadPacket = arp;
arp.ParentPacket = ether;
// 根据目标地址信息发送ARP请求
foreach (var targetAddress in ipAddresses)
{
arp.TargetProtocolAddress = targetAddress;
arp.UpdateCalculatedValues();
device.SendPacket(ether);
}
}
catch (ThreadAbortException) { }
}
/// <summary>
/// 设备扫描分析线程。
/// </summary>
private void ScanPacketAnalyzeThread()
{
try {
while (true)
{
// 从队列中请求一个数据包
RawCapture packet;
if ((packet = NextRawCapture) != null)
{
// 分析数据包中的数据
var ether = new EthernetPacket(new ByteArraySegment(packet.Data));
var arp = (ARPPacket)ether.PayloadPacket;
lock (_hostList) {
if (_hostList.All(item => !item.PhysicalAddress.ToString().Equals(arp.SenderHardwareAddress.ToString())))
{
// 添加新的主机记录
_hostList.Add(new Host(arp.SenderProtocolAddress, arp.SenderHardwareAddress));
}
else
{
// 更新已有主机记录
_hostList.Find(item => item.PhysicalAddress.ToString().Equals(arp.SenderHardwareAddress.ToString())).IPAddress = arp.SenderProtocolAddress;
}
}
}
else
{
// 队列尚未获得数据,挂起等待
Thread.Sleep(100);
}
}
}
catch (ThreadAbortException) { }
}
// tcp
public void VerifyPacket1(Packet p, RawCapture rawCapture)
{
Console.WriteLine(p.ToString());
EthernetPacket e = (EthernetPacket)p;
Assert.AreEqual("0016CFC91E29", e.SourceHwAddress.ToString());
Assert.AreEqual("0014BFF2EF0A", e.DestinationHwAddress.ToString());
IpPacket ip = (IpPacket)p.PayloadPacket;
Assert.AreEqual(System.Net.IPAddress.Parse("192.168.1.104"), ip.SourceAddress);
Assert.AreEqual(System.Net.IPAddress.Parse("86.42.196.13"), ip.DestinationAddress);
Assert.AreEqual(64, ip.TimeToLive);
Assert.AreEqual(0x2ff4, ((IPv4Packet)ip).CalculateIPChecksum());
Assert.AreEqual(1171483600, rawCapture.Timeval.Seconds);
Assert.AreEqual(125234.000, rawCapture.Timeval.MicroSeconds);
TcpPacket tcp = (TcpPacket)ip.PayloadPacket;
Assert.AreEqual(56925, tcp.SourcePort);
Assert.AreEqual(50199, tcp.DestinationPort);
Assert.IsTrue(tcp.Ack);
Assert.IsTrue(tcp.Psh);
Assert.AreEqual(16666, tcp.WindowSize);
Assert.AreEqual(0x9b02, tcp.CalculateTCPChecksum());
Assert.AreEqual(0x9b02, tcp.Checksum);
Assert.IsTrue(tcp.ValidTCPChecksum);
}
static void createPacket()
{
Console.Write("Enter name of text file (for example t.txt): ");
string path = Console.ReadLine();
string txtFile = File.ReadAllText(path, Encoding.Default);
ushort tcpSourcePort = 123;
ushort tcpDestinationPort = 321;
var tcpPacket = new TcpPacket(tcpSourcePort, tcpDestinationPort);
tcpPacket.PayloadData = Encoding.UTF8.GetBytes(txtFile);
var ipSourceAddress = System.Net.IPAddress.Parse("127.0.0.1");
var ipDestinationAddress = System.Net.IPAddress.Parse("127.0.0.2");
var ipPacket = new IPv4Packet(ipSourceAddress, ipDestinationAddress);
var sourceHwAddress = PhysicalAddress.Parse("90-90-90-90-90-90");
var destinationHwAddress = PhysicalAddress.Parse("80-80-80-80-80-80");
var ethernetPacket = new EthernetPacket(sourceHwAddress, destinationHwAddress, EthernetPacketType.None);
ipPacket.PayloadPacket = tcpPacket;
ethernetPacket.PayloadPacket = ipPacket;
getPacket(ethernetPacket);
}
// udp
public void VerifyPacket2(Packet p, RawCapture rawCapture)
{
Console.WriteLine(p.ToString());
EthernetPacket e = (EthernetPacket)p;
Assert.AreEqual("0014BFF2EF0A", e.SourceHwAddress.ToString());
Assert.AreEqual("0016CFC91E29", e.DestinationHwAddress.ToString());
var ip = (IpPacket)p.Extract(typeof(IpPacket));
Assert.AreEqual(System.Net.IPAddress.Parse("172.210.164.56"), ip.SourceAddress);
Assert.AreEqual(System.Net.IPAddress.Parse("192.168.1.104"), ip.DestinationAddress);
Assert.AreEqual(IpVersion.IPv4, ip.Version);
Assert.AreEqual(IPProtocolType.UDP, ip.Protocol);
Assert.AreEqual(112, ip.TimeToLive);
Assert.AreEqual(0xe0a2, ((IPv4Packet)ip).CalculateIPChecksum());
Assert.AreEqual(1171483602, rawCapture.Timeval.Seconds);
Assert.AreEqual(578641.000, rawCapture.Timeval.MicroSeconds);
var udp = (UdpPacket)p.Extract(typeof(UdpPacket));
Assert.AreEqual(52886, udp.SourcePort);
Assert.AreEqual(56924, udp.DestinationPort);
Assert.AreEqual(71, udp.Length);
Assert.AreEqual(0xc8b8, udp.Checksum);
}
// tcp
public void VerifyPacket0(Packet p, RawCapture rawCapture)
{
Console.WriteLine(p.ToString());
EthernetPacket e = (EthernetPacket)p;
Assert.AreEqual(PhysicalAddress.Parse("00-13-10-03-71-47"), e.SourceHwAddress);
Assert.AreEqual(PhysicalAddress.Parse("00-E0-4C-E5-73-AD"), e.DestinationHwAddress);
IpPacket ip = (IpPacket)e.PayloadPacket;
Assert.AreEqual(System.Net.IPAddress.Parse("82.165.240.134"), ip.SourceAddress);
Assert.AreEqual(System.Net.IPAddress.Parse("192.168.1.221"), ip.DestinationAddress);
Assert.AreEqual(IpVersion.IPv4, ip.Version);
Assert.AreEqual(IPProtocolType.TCP, ip.Protocol);
Assert.AreEqual(254, ip.TimeToLive);
Assert.AreEqual(0x0df8, ((IPv4Packet)ip).CalculateIPChecksum());
Assert.AreEqual(1176685346, rawCapture.Timeval.Seconds);
Assert.AreEqual(885259.000, rawCapture.Timeval.MicroSeconds);
TcpPacket tcp = (TcpPacket)ip.PayloadPacket;
Assert.AreEqual(80, tcp.SourcePort);
Assert.AreEqual(4324, tcp.DestinationPort);
Assert.IsTrue(tcp.Ack);
Assert.AreEqual(3536, tcp.WindowSize);
Assert.AreEqual(0xc835, tcp.CalculateTCPChecksum());
Console.WriteLine("tcp.Checksum is {0}", tcp.Checksum);
Assert.AreEqual(0xc835, tcp.Checksum, "tcp.Checksum mismatch");
Assert.IsTrue(tcp.ValidTCPChecksum);
}
/// <summary>Writes an IPPacket as is to the TAP device.</summary>
/// <param name="packet">The IPPacket!</param>
protected virtual void WriteIP(ICopyable packet)
{
MemBlock mp = packet as MemBlock;
if (mp == null)
{
mp = MemBlock.Copy(packet);
}
IPPacket ipp = new IPPacket(mp);
MemBlock dest = null;
if (!_ip_to_ether.TryGetValue(ipp.DestinationIP, out dest))
{
if (ipp.DestinationIP[0] >= 224 && ipp.DestinationIP[0] <= 239)
{
dest = EthernetPacket.GetMulticastEthernetAddress(ipp.DestinationIP);
}
else if (ipp.DestinationIP[3] == 255)
{
dest = EthernetPacket.BroadcastAddress;
}
else
{
return;
}
}
EthernetPacket res_ep = new EthernetPacket(dest,
EthernetPacket.UnicastAddress, EthernetPacket.Types.IP, mp);
Ethernet.Send(res_ep.ICPacket);
}
/// <summary>
/// 使用函数构造UDP数据包
/// </summary>
/// <param name="device"></param>
/// <param name="dst_mac"></param>
/// <param name="dst_ip"></param>
/// <param name="src_port"></param>
/// <param name="dst_port"></param>
/// <param name="send_data"></param>
/// <returns></returns>
private byte[] GenUDPPacket(PcapDevice device, PhysicalAddress dst_mac, IPAddress dst_ip, int src_port,
int dst_port, string send_data)
{
// 构造UDP部分数据报
UdpPacket udp_pkg = new UdpPacket((ushort)src_port, (ushort)dst_port);
udp_pkg.PayloadData = strToToHexByte(send_data);
udp_pkg.UpdateCalculatedValues();
// 构造IP部分数据报
IPv4Packet ip_pkg = new IPv4Packet(device.Interface.Addresses[1].Addr.ipAddress, dst_ip);
ip_pkg.Protocol = IPProtocolType.UDP;
ip_pkg.Version = IpVersion.IPv4;
ip_pkg.PayloadData = udp_pkg.Bytes;
ip_pkg.TimeToLive = 10;
ip_pkg.UpdateCalculatedValues();
ip_pkg.UpdateIPChecksum();
// 构造以太网帧
EthernetPacket net_pkg = new EthernetPacket(device.MacAddress, dst_mac, EthernetPacketType.IpV4);
net_pkg.Type = EthernetPacketType.IpV4;
net_pkg.PayloadData = ip_pkg.Bytes;
net_pkg.UpdateCalculatedValues();
return(net_pkg.Bytes);
}
/// <summary>
/// 截获包基本信息
/// </summary>
/// <returns></returns>
public static DevicePacket ConvertPacketToDevice(this Packet packet)
{
DevicePacket devPacket = new DevicePacket();
devPacket.Protocol = "未知";
devPacket.DataLen = packet.Bytes.Length;
EthernetPacket ethernetPacket = packet.GetPacketType <EthernetPacket>() as EthernetPacket;
if (ethernetPacket != null)
{
devPacket = packet.GetEthernetPacket(ethernetPacket, devPacket);
return(devPacket);
}
#region "暂时不处理协议"
//PPPPacket ppp = packet.GetPacketType<PPPPacket>();
//if (ppp != null)
//{
// devPacket.Protocol = "PPP";
// devPacket.SourceAddress = "---";
// devPacket.DestinationAddress = "---";
// devPacket.Desc = $"协议类型:{ppp.Protocol.ToString()}";
// return devPacket;
//}
#endregion
return(devPacket);
}
public static void Main(string[] args)
{
ushort tcpSourcePort = 123;
ushort tcpDestinationPort = 321;
var tcpPacket = new TcpPacket(tcpSourcePort, tcpDestinationPort);
var ipSourceAddress = System.Net.IPAddress.Parse("192.168.1.1");
var ipDestinationAddress = System.Net.IPAddress.Parse("192.168.1.2");
var ipPacket = new IPv4Packet(ipSourceAddress, ipDestinationAddress);
var sourceHwAddress = "90-90-90-90-90-90";
var ethernetSourceHwAddress = System.Net.NetworkInformation.PhysicalAddress.Parse(sourceHwAddress);
var destinationHwAddress = "80-80-80-80-80-80";
var ethernetDestinationHwAddress = System.Net.NetworkInformation.PhysicalAddress.Parse(destinationHwAddress);
// NOTE: using EthernetPacketType.None to illustrate that the ethernet
// protocol type is updated based on the packet payload that is
// assigned to that particular ethernet packet
var ethernetPacket = new EthernetPacket(ethernetSourceHwAddress,
ethernetDestinationHwAddress,
EthernetPacketType.None);
// Now stitch all of the packets together
ipPacket.PayloadPacket = tcpPacket;
ethernetPacket.PayloadPacket = ipPacket;
// and print out the packet to see that it looks just like we wanted it to
Console.WriteLine(ethernetPacket.ToString());
}
private bool Route(ref IPv4Packet packet)
{
bool done = false;
EthernetPacket eth_packet = packet.ParentPacket as EthernetPacket;
foreach (Route route in Routes)
{
if (eth_packet.SourceHwAddress.Equals(route.Source.MacAddress) &&
(route.SourceIp == null || route.SourceIp.Equals(packet.SourceAddress)) &&
(route.DestIp == null || route.DestIp.Equals(packet.DestinationAddress)))
{
if (route.NewSourceIp != null)
{
packet.SourceAddress = route.NewSourceIp.IpAddress;
eth_packet.SourceHwAddress = route.NewSourceIp.MacAddress;
done = true;
}
if (route.NewDestIp != null)
{
packet.DestinationAddress = route.NewDestIp.IpAddress;
eth_packet.DestinationHwAddress = route.NewDestIp.MacAddress;
done = true;
}
}
}
return(done);
}
public bool Process(Interface sender, ArpPacket arp)
{
if (arp.Operation == ArpOperation.Request)
{
var arpResponse = new ArpPacket(
ArpOperation.Response,
arp.SenderHardwareAddress,
arp.SenderProtocolAddress,
sender.MacAddress,
arp.TargetProtocolAddress
);
var ethernetPacket = new EthernetPacket(sender.MacAddress, arp.SenderHardwareAddress, EthernetType.None)
{
PayloadPacket = arpResponse
};
sender.Send(ethernetPacket);
}
else if (arp.Operation == ArpOperation.Response)
{
var record = new ArpRecord(arp.SenderProtocolAddress, arp.SenderHardwareAddress);
CurrentApp.Logging.Info($"Creating ARP record: {record}");
return(TryAdd(arp.SenderProtocolAddress, record));
}
return(false);
}
public void ScanDhcp(CaptureEventArgs e, string Interface)
{
var mypacket = Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
var udp = (UdpPacket)mypacket.Extract(typeof(UdpPacket));
if (udp != null)
{
if (udp.DestinationPort == 68)
{
var DestinationHwAddress = EthernetPacket.GetEncapsulated(mypacket).DestinationHwAddress;
var SourceHwAddress = EthernetPacket.GetEncapsulated(mypacket).SourceHwAddress;
var DestinationipAddress = IpPacket.GetEncapsulated(mypacket).DestinationAddress;
var SourceipAddress = IpPacket.GetEncapsulated(mypacket).SourceAddress;
ado a = new ado();
DataTable dt = a.selectmac(SourceHwAddress.ToString(), Interface);
// if mac address of router excist that mean he is router
if (dt.Rows.Count > 0)
{
Attack = false;
}
else
{
Attack = true;
Attack_data[0] = "DHCP spofing";
Attack_data[1] = SourceipAddress.ToString();
Attack_data[2] = SourceHwAddress.ToString();
Attack_data[3] = DateTime.Now.ToShortTimeString();
}
}
}
}
/// <summary>
/// Fires off on a seperate thread when a packet is available
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
private void ProcessPacket(RawCapture incoming)
{
try
{
Packet packet = Packet.ParsePacket(LinkLayers.Ethernet, incoming.Data);
EthernetPacket ethSrc = (EthernetPacket)packet.Extract(typeof(EthernetPacket));
IPv4Packet ipSrc = (IPv4Packet)packet.Extract(typeof(IPv4Packet));
if (ipSrc.Protocol == IPProtocolType.UDP)
{
UdpPacket udpSrc = (UdpPacket)packet.Extract(typeof(UdpPacket));
// From RFC 1002 Section 4.2.1.1
// Need to grab the transaction id for the reply
UInt16 namedTrnId = BitConverter.ToUInt16(udpSrc.PayloadData, 0);
// Looking for Response = query(0), OpCode = Query(0)
// 11000000 00000000
UInt16 flags = Utility.ReverseUInt16(BitConverter.ToUInt16(udpSrc.PayloadData, 2));
if ((flags & 0xc000) == 0)
{
// Grab the name and make sure it's WPAD
string name = Encoding.Default.GetString(udpSrc.PayloadData, 12, 34);
if (Utility.DecodeName(name) == WpadHostName)
{
Logger.AddToInfoView("Received NBNS query for {0} from {1}", WpadHostName, ethSrc.SourceHwAddress);
UdpPacket udpDst = new UdpPacket(NetbiosPort, NetbiosPort);
udpDst.PayloadData = SetupResponse(namedTrnId, GetDeviceIp(this.Device));
IPv4Packet ipDst = new IPv4Packet(GetDeviceIp(this.Device), ipSrc.SourceAddress);
ipDst.PayloadPacket = udpDst;
udpDst.UpdateCalculatedValues();
udpDst.UpdateUDPChecksum();
ipDst.UpdateCalculatedValues();
ipDst.UpdateIPChecksum();
EthernetPacket ethDst = new EthernetPacket(this.Device.MacAddress, ethSrc.SourceHwAddress, EthernetPacketType.IpV4);
ethDst.PayloadPacket = ipDst;
ethDst.UpdateCalculatedValues();
Logger.AddToInfoView("Sending poisoned response for {0}", WpadHostName);
this.Device.SendPacket(ethDst.Bytes);
}
}
}
else if (ipSrc.Protocol == IPProtocolType.TCP)
{
TcpPacket tcpSrc = (TcpPacket)packet.Extract(typeof(TcpPacket));
if (tcpSrc.Syn)
{
Logger.AddToInfoView("SYN sent {0}:{1}", ipSrc.DestinationAddress, tcpSrc.SourcePort);
}
}
}
catch (Exception ex)
{
Logger.AddToErrorView("OnPacketArrival", ex);
}
}
// icmpv6
public void VerifyPacket0(Packet p, RawCapture rawCapture, LinkLayers linkLayer)
{
Assert.IsNotNull(p);
Console.WriteLine(p.ToString());
Assert.AreEqual(linkLayer, rawCapture.LinkLayerType);
if (linkLayer == LinkLayers.Ethernet)
{
EthernetPacket e = (EthernetPacket)p;
Assert.AreEqual(PhysicalAddress.Parse("00-A0-CC-D9-41-75"), e.SourceHwAddress);
Assert.AreEqual(PhysicalAddress.Parse("33-33-00-00-00-02"), e.DestinationHwAddress);
}
var ip = (IPPacket)p.Extract(typeof(IPPacket));
Console.WriteLine("ip {0}", ip.ToString());
Assert.AreEqual(System.Net.IPAddress.Parse("fe80::2a0:ccff:fed9:4175"), ip.SourceAddress);
Assert.AreEqual(System.Net.IPAddress.Parse("ff02::2"), ip.DestinationAddress);
Assert.AreEqual(IPVersion.IPv6, ip.Version);
Assert.AreEqual(IPProtocolType.ICMPV6, ip.Protocol);
Assert.AreEqual(16, ip.PayloadPacket.Bytes.Length, "ip.PayloadPacket.Bytes.Length mismatch");
Assert.AreEqual(255, ip.HopLimit);
Assert.AreEqual(255, ip.TimeToLive);
Assert.AreEqual(0x3a, (Byte)ip.NextHeader);
Console.WriteLine("Failed: ip.ComputeIPChecksum() not implemented.");
Assert.AreEqual(1221145299, rawCapture.Timeval.Seconds);
Assert.AreEqual(453568.000, rawCapture.Timeval.MicroSeconds);
}
public void Add(EthernetPacket packet)
{
if (packet.TCP == null)
{
return;
}
TCP_StreamAddress address = new TCP_StreamAddress(packet);
TCP_StreamPacket streamPacket = new TCP_StreamPacket();
streamPacket.Direction = TCP_Direction.SourceToDestination;
streamPacket.Address = address;
streamPacket.Packet = packet;
int i = Streams.IndexOfKey(address);
TCP_Stream stream;
if (i == -1)
{
address.StreamNumber = Streams.Count;
stream = new TCP_Stream(streamPacket);
Streams.Add(address, stream);
}
else
{
stream = Streams.Values[i];
address.StreamNumber = stream.Address.StreamNumber;
}
stream.Add(streamPacket);
Packets.Add(streamPacket);
packet.gGroupNumber = address.StreamNumber + 1;
}
/// <summary>
/// Dumps each received packet to a pcap file
/// </summary>
private static void device_PcapOnPacketArrival(object sender, SharpPcap.CaptureEventArgs e)
{
SyslogMessage msg = null;
try
{
Packet link = Packet.ParsePacket(LinkLayers.Ethernet, e.Packet.Data);
EthernetPacket ethernet = (EthernetPacket)link;
IpPacket ip = (IpPacket)ethernet.PayloadPacket;
UdpPacket udp = (UdpPacket)ip.PayloadPacket;
msg = new SyslogMessage(udp);
outputFile.WriteLine(System.Text.Encoding.ASCII.GetString(udp.PayloadData));
}
catch (Exception ex)
{
EventLog.WriteEntry("SwsyslogService", ex.ToString(), EventLogEntryType.Error);
}
// if the output file is ready to write, write the log file ...
if (msg != null && outputFile.BaseStream.CanWrite)
{
//outputFile.WriteLine(msg.ToString());
}
_logEntryCount++;
}
public static Packet BuildArpReply(PhysicalAddress srcMAC, PhysicalAddress dstMAC, IPAddress senderIP, IPAddress targetIP, PhysicalAddress senderMAC, PhysicalAddress targetMAC, int vlanID)
{
EthernetPacket ePacket = new EthernetPacket(srcMAC, dstMAC, EthernetPacketType.Arp);
ARPPacket aPacket = new ARPPacket(ARPOperation.Response, targetMAC, targetIP, senderMAC, senderIP);
return(PacketBuilder.BuildPacket(vlanID, ePacket, aPacket));
}
public void VerifyPacket1(Packet p, RawCapture rawCapture, LinkLayers linkLayer)
{
Assert.IsNotNull(p);
Console.WriteLine(p.ToString());
Assert.AreEqual(linkLayer, rawCapture.LinkLayerType);
if (linkLayer == LinkLayers.Ethernet)
{
EthernetPacket e = (EthernetPacket)p;
Assert.AreEqual(PhysicalAddress.Parse("F894C22EFAD1"), e.SourceHwAddress);
Assert.AreEqual(PhysicalAddress.Parse("333300000016"), e.DestinationHwAddress);
}
var ip = (IPv6Packet)p.Extract(typeof(IPv6Packet));
Console.WriteLine("ip {0}", ip.ToString());
Assert.AreEqual(System.Net.IPAddress.Parse("fe80::d802:3589:15cf:3128"), ip.SourceAddress);
Assert.AreEqual(System.Net.IPAddress.Parse("ff02::16"), ip.DestinationAddress);
Assert.AreEqual(IPVersion.IPv6, ip.Version);
Assert.AreEqual(IPProtocolType.ICMPV6, ip.Protocol);
Assert.AreEqual(28, ip.PayloadPacket.Bytes.Length, "ip.PayloadPacket.Bytes.Length mismatch");
Assert.AreEqual(1, ip.HopLimit);
Assert.AreEqual(1, ip.TimeToLive);
Assert.AreEqual(0x3a, (Byte)ip.Protocol);
Console.WriteLine("Failed: ip.ComputeIPChecksum() not implemented.");
Assert.AreEqual(1543415539, rawCapture.Timeval.Seconds);
Assert.AreEqual(841441.000, rawCapture.Timeval.MicroSeconds);
Assert.AreEqual(1, ip.ExtensionHeaders.Count);
Assert.AreEqual(0, ip.ExtensionHeaders[0].OptionsAndPadding.Length);
}
private static void SendRequests()
{
Logger.Log("Sending ArpRequest flood..", Logger.MessageType.INFORM);
uint _hosts = NetworkHelper.GetHosts(subnetMask);
byte[] _netPartBytes = netAddress.GetAddressBytes();
if (BitConverter.IsLittleEndian)
{
Array.Reverse(_netPartBytes);
}
uint _netPartInt = BitConverter.ToUInt32(_netPartBytes, 0);
EthernetPacket _ethpac = NetworkHelper.CreateArpBasePacket(_dev.MacAddress);
byte[] _targetBytes = new byte[4];
for (int i = 1; i < _hosts - 1; i++)
{
_targetBytes = BitConverter.GetBytes(_netPartInt + i);
Array.Resize(ref _targetBytes, 4);
Array.Reverse(_targetBytes);
IPAddress _target = new IPAddress(_targetBytes);
ExecuteRequests(_ethpac, _target);
if (_window != null)
{
_window.progressBarArpScan.Value = Convert.ToInt16(10 + (((i * 100) / _hosts) * 0.8));
}
}
}
public static void CheckStart()
{
_running = true;
Logger.Log("Start Checking Devices", Logger.MessageType.INFORM);
InitInterfaces();
Thread _listen = new Thread(ListenCheckResponses);
_listen.Start();
EthernetPacket _ethpac = NetworkHelper.CreateArpBasePacket(_dev.MacAddress);
foreach (ModelHost _dummy in ModelHost.hostList)
{
_dummy.status = false;
ExecuteRequests(_dummy.hostIP);
}
if (Environment.OSVersion.Platform == PlatformID.Unix)
{
Thread.Sleep(5000);
}
else
{
Thread.Sleep(100);
}
DeInitInterfaces();
_running = false;
}
/// <summary>
/// Indica si es necesario encapsular el contenido del paquete (ipv6) en Ipv4 para el ataque de mitm slaac
/// http://www.elladodelmal.com/2012/04/man-in-middle-en-redes-ipv4-por-medio.html
/// </summary>
/// <param name="p"></param>
/// <returns></returns>
private bool EncapsulateIpv6IntoIpv4(Packet p)
{
EthernetPacket pEthernet = (EthernetPacket)p;
if (pEthernet.PayloadPacket is IPv6Packet)
{
IPv6Packet ipv6 = (IPv6Packet)pEthernet.PayloadPacket;
for (int iA = 0; iA < Program.CurrentProject.data.GetAttacks().Count; iA++)
{
if (Program.CurrentProject.data.GetAttacks()[iA].attackStatus == AttackStatus.Attacking &&
Program.CurrentProject.data.GetAttacks()[iA].attackType == AttackType.SlaacMitm)
{
if (pEthernet.DestinationHwAddress.Equals(Program.CurrentProject.data.GetDevice().MacAddress))
{
if (Program.CurrentProject.data.GetAttacks()[iA] is evilfoca.Data.MitmAttack)
{
evilfoca.Data.MitmAttack mitm = (evilfoca.Data.MitmAttack)Program.CurrentProject.data.GetAttacks()[iA];
if ((ipv6.SourceAddress.Equals(mitm.t1.ip)) && (ipv6.DestinationAddress.Equals(mitm.t2.ip)) ||
(ipv6.DestinationAddress.Equals(mitm.t1.ip)) && (ipv6.SourceAddress.Equals(mitm.t2.ip)))
{
return(true);
}
}
}
}
}
}
return(false);
}
public void EthernetConstructorFromMacAddresses()
{
var srcHwAddressBytes = new byte[EthernetFields.MacAddressLength];
for (var i = 0; i < srcHwAddressBytes.Length; i++)
{
srcHwAddressBytes[i] = (byte)i;
}
var dstHwAddressBytes = new byte[EthernetFields.MacAddressLength];
for (var i = 0; i < dstHwAddressBytes.Length; i++)
{
dstHwAddressBytes[i] = (byte)(dstHwAddressBytes.Length - i);
}
var srcHwAddress = new PhysicalAddress(srcHwAddressBytes);
var dstHwAddress = new PhysicalAddress(dstHwAddressBytes);
var ethernetPacket = new EthernetPacket(srcHwAddress,
dstHwAddress,
EthernetType.None);
Assert.AreEqual(14, ethernetPacket.Bytes.Length);
Assert.AreEqual(srcHwAddress, ethernetPacket.SourceHardwareAddress);
Assert.AreEqual(dstHwAddress, ethernetPacket.DestinationHardwareAddress);
ethernetPacket.SourceHardwareAddress = dstHwAddress;
ethernetPacket.DestinationHardwareAddress = srcHwAddress;
Assert.AreEqual(dstHwAddress, ethernetPacket.SourceHardwareAddress);
Assert.AreEqual(srcHwAddress, ethernetPacket.DestinationHardwareAddress);
Console.WriteLine("ethernetPacket.ToString() {0}", ethernetPacket);
}
public TempPacketSaveData GetPacket(byte[] payload, int streamId)
{
PhysicalAddress emptyAddress = PhysicalAddress.Parse("000000000000");
PacketDotNet.EthernetPacket etherPacket = new EthernetPacket(emptyAddress, emptyAddress, EthernetType.IPv4);
bool flip = streamId < 0;
streamId = Math.Abs(streamId);
Random r = new Random(streamId);
IPAddress sourceIp = new IPAddress(r.Next());
IPAddress destIp = new IPAddress(r.Next());
if (flip)
{
IPAddress tempAddress = sourceIp;
sourceIp = destIp;
destIp = tempAddress;
}
IPv4Packet ipPacket = new IPv4Packet(sourceIp, destIp)
{
Protocol = ProtocolType.Udp
};
UdpPacket udpPacket = new UdpPacket(1, 1)
{
PayloadData = payload
};
ipPacket.PayloadPacket = udpPacket;
etherPacket.PayloadPacket = ipPacket;
return(new TempPacketSaveData(etherPacket.Bytes, LinkLayerType.Ethernet));
}
/**
* Process packets when they arrive
*/
private void device_onPacketArrival(Object sender, CaptureEventArgs packet)
{
try
{
String address = null, protocol = null;
// Convert the packet data from a byte array to a EthernetPacket instance
EthernetPacket ethernetPacket = (EthernetPacket)Packet.ParsePacket(packet.Packet.LinkLayerType, packet.Packet.Data);
// IPv4
if (ethernetPacket.PayloadPacket is IPv4Packet)
{
IPv4Packet ip = (IPv4Packet)ethernetPacket.PayloadPacket;
address = ip.SourceAddress.ToString();
protocol = ip.Protocol.ToString();
}
// IPv6
else if (ethernetPacket.PayloadPacket is IPv6Packet)
{
IPv6Packet ip = (IPv6Packet)ethernetPacket.PayloadPacket;
// Convert address to IPv4 since the GeoIP database we're using doesn't support IPv6 lookups
address = ip.SourceAddress.MapToIPv4().ToString();
protocol = ip.Protocol.ToString();
}
// ARP
else if (ethernetPacket.PayloadPacket is ARPPacket)
{
ARPPacket arp = (ARPPacket)ethernetPacket.PayloadPacket;
address = arp.SenderProtocolAddress.ToString();
// Check if this is a gratuitious ARP
checkForGratuitiousArp(arp);
protocol = "ARP";
}
// Other
else
{
// Don't care about other packet types
return;
}
// We care about this packet, so the packet counter can increment
numPackets++;
// If we haven't processes this IP address yet, add it to the address queue
if (address != null && !addedAddresses.Contains(address) && !pendingAddresses.ContainsKey(address))
{
pendingAddresses.Add(address, protocol);
}
} catch (Exception)
{
// Handle issues gracefully
}
}
//terrible hack to get extension headers working
private static EthernetPacket CreateEHPacket(Param param, EthernetPacket ret)
{
IPv6Packet ipPacket = new IPv6Packet(param.sIP, param.dIP);
ipPacket.Protocol = (IPProtocolType)param.ExtentionHeader[0];
param.ExtentionHeader.RemoveAt(0);
//need to find out what is the last packet so that we can decide on the length of the packet
IPProtocolType endEH = param.ExtentionHeader[param.ExtentionHeader.Count - 1];
int lastHeaderLength = 0;
switch (endEH)
{
case IPProtocolType.TCP:
lastHeaderLength = 20;
break;
case IPProtocolType.UDP:
lastHeaderLength = 8;
break;
case IPProtocolType.ICMP:
lastHeaderLength = 8;
break;
default:
lastHeaderLength = 64;
break;
}
//calculate the Extension header size
int EHSize = 0;
foreach (IPProtocolType eh in param.ExtentionHeader)
{
if (eh == IPProtocolType.FRAGMENT)
{
EHSize += 8;
}
else
{
EHSize += 24;
}
}
if (ipPacket.Protocol == IPProtocolType.FRAGMENT)
{
EHSize -= 16;
}
byte[] tempPayload = new byte[EHSize + param.payload.Length + lastHeaderLength];
param.payload.CopyTo(tempPayload, EHSize + lastHeaderLength);
int loc = 0;
byte previous = (byte)ipPacket.Protocol;
foreach (byte eh in param.ExtentionHeader)
{
tempPayload.SetValue((byte)eh, loc);
tempPayload.SetValue((byte)2, loc + 1);
if ((IPProtocolType)previous == IPProtocolType.FRAGMENT)
{
loc += 8;
}
else
{
loc += 24;
}
previous = eh;
}
//set the port if the last EH is tcp or udp
if (endEH == IPProtocolType.TCP || endEH == IPProtocolType.UDP)
{
//set the port numbers
tempPayload.SetValue((byte)(param.sPort >> 8), loc);
tempPayload.SetValue((byte)param.sPort, loc + 1);
tempPayload.SetValue((byte)(param.dPort >> 8), loc + 2);
tempPayload.SetValue((byte)param.dPort, loc + 3);
}
if (endEH == IPProtocolType.TCP)
{
tempPayload.SetValue((byte)0x50, loc + 12);
}
else if (endEH == IPProtocolType.UDP)
{
//set the length of the payload
Int16 length = (Int16)(lastHeaderLength + param.payload.Length);
BitConverter.GetBytes(length).CopyTo(tempPayload, loc + 5);
tempPayload.SetValue((byte)0x12, loc + 6);
tempPayload.SetValue((byte)0x34, loc + 7);
}
//set the tcp flags if they are TCP
if (endEH == IPProtocolType.TCP)
{
tempPayload.SetValue((byte)param.tcpFlag, loc + 13);
}
ipPacket.PayloadData = tempPayload;
ipPacket.PayloadLength = (ushort)tempPayload.Length;
ipPacket.UpdateCalculatedValues();
ret.PayloadPacket = ipPacket;
return ret;
}
public static Packet CreatePacket(Param param)
{
Packet ret = null;
//create layer 4
if (param.packetType == Param.PacketType.TCP)
{
TcpPacket tcpPacket = new TcpPacket(param.sPort, param.dPort);
tcpPacket.AllFlags = param.tcpFlag;
if (param.dIP.ToString().Contains("."))
{
IPv4Packet ipPacket = new IPv4Packet(param.sIP, param.dIP);
if (param.IPv4Frag) { ipPacket.FragmentFlags = (int)1; }
ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV4);
ipPacket.PayloadPacket = tcpPacket;
tcpPacket.PayloadData = param.payload;
ret.PayloadPacket = ipPacket;
ipPacket.UpdateCalculatedValues();
ipPacket.UpdateIPChecksum();
tcpPacket.Checksum = (ushort)tcpPacket.CalculateTCPChecksum();
}
else
{
IPv6Packet ipPacket = new IPv6Packet(param.sIP, param.dIP);
ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV6);
ipPacket.PayloadPacket = tcpPacket;
tcpPacket.PayloadData = param.payload;
ret.PayloadPacket = ipPacket;
}
}
else if (param.packetType == Param.PacketType.UDP)
{
UdpPacket udpPacket = new UdpPacket(param.sPort, param.dPort);
if (param.dIP.ToString().Contains("."))
{
IPv4Packet ipPacket = new IPv4Packet(param.sIP, param.dIP);
if (param.IPv4Frag) { ipPacket.FragmentFlags = (int)1; }
ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV4);
ipPacket.PayloadPacket = udpPacket;
udpPacket.PayloadData = param.payload;
udpPacket.UpdateUDPChecksum();
ipPacket.PayloadLength = (ushort)(ipPacket.PayloadLength + param.payload.Length);
ipPacket.UpdateIPChecksum();
ret.PayloadPacket = ipPacket;
}
else
{
IPv6Packet ipPacket = new IPv6Packet(param.sIP, param.dIP);
ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV6);
ipPacket.PayloadPacket = udpPacket;
udpPacket.PayloadData = param.payload;
udpPacket.UpdateUDPChecksum();
ipPacket.PayloadLength = (ushort)(ipPacket.PayloadLength + param.payload.Length);
ret.PayloadPacket = ipPacket;
}
}
else if (param.packetType == Param.PacketType.ICMP)
{
ICMPv4Packet icmpPacket = new ICMPv4Packet(new ByteArraySegment(new byte[32]));
if (param.type != 0 && param.code != 0)
{
icmpPacket.TypeCode = (ICMPv4TypeCodes)((param.type * 256) + (param.code));
}
else if (param.type != 0)
{
icmpPacket.TypeCode = (ICMPv4TypeCodes)((param.type * 256));
}
else
{
icmpPacket.TypeCode = ICMPv4TypeCodes.EchoRequest;
}
IPv4Packet ipPacket = new IPv4Packet(param.sIP, param.dIP);
if (param.IPv4Frag) { ipPacket.FragmentFlags = (int)1; }
ipPacket.PayloadPacket = icmpPacket;
ipPacket.Checksum = ipPacket.CalculateIPChecksum();
ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV4);
ret.PayloadPacket = ipPacket;
}
else if (param.packetType == Param.PacketType.ICMPv6)
{
ICMPv6Packet icmpv6Packet = CreateICMPv6Packet(param);
IPv6Packet ipPacket = new IPv6Packet(param.sIP, param.dIP);
ipPacket.PayloadPacket = icmpv6Packet;
ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV6);
ret.PayloadPacket = ipPacket;
}
else if (param.packetType == Param.PacketType.IP)
{
if (param.dIP.ToString().Contains("."))
{
ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV4);
IPv4Packet ipPacket = new IPv4Packet(param.sIP, param.dIP);
if (param.IPv4Frag) { ipPacket.FragmentFlags = (int)1; }
ipPacket.Protocol = param.IPProtocol;
ipPacket.PayloadData = param.payload;
ipPacket.UpdateCalculatedValues();
ret.PayloadPacket = ipPacket;
ipPacket.UpdateIPChecksum();
}
else
{
ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV6);
//if extension headers were not specified, just put the payload
if (param.ExtentionHeader.Count == 0)
{
IPv6Packet ipPacket = new IPv6Packet(param.sIP, param.dIP);
ipPacket.Protocol = param.IPProtocol;
ipPacket.PayloadData = param.payload;
ipPacket.PayloadLength = (ushort)param.payload.Length;
ipPacket.UpdateCalculatedValues();
ret.PayloadPacket = ipPacket;
}
else
{
ret = PacketFactory.CreateEHPacket(param, (EthernetPacket)ret);
}
ret.UpdateCalculatedValues();
}
}
else if (param.packetType == Param.PacketType.EtherType)
{
ret = new EthernetPacket(param.sMAC, param.dMAC, param.EtherTypeProtocol);
byte[] etherBuffer = (new byte[64]);
var payload = new byte[etherBuffer.Length + (param.payload).Length];
etherBuffer.CopyTo(payload, 0);
(param.payload).CopyTo(payload, etherBuffer.Length);
ret.PayloadData = payload;
ret.UpdateCalculatedValues();
}
return ret;
}
