internal static PacketOrByteArraySegment ParseEncapsulatedBytes(ByteArraySegment Header, IPProtocolType ProtocolType, PosixTimeval Timeval, Packet ParentPacket) { ByteArraySegment segment = Header.EncapsulatedBytes(); PacketOrByteArraySegment segment2 = new PacketOrByteArraySegment(); IPProtocolType type = ProtocolType; if (type == IPProtocolType.ICMP) { segment2.ThePacket = new ICMPv4Packet(segment.Bytes, segment.Offset, Timeval); return(segment2); } if (type != IPProtocolType.TCP) { if (type == IPProtocolType.UDP) { segment2.ThePacket = new UdpPacket(segment.Bytes, segment.Offset, Timeval, ParentPacket); return(segment2); } if (type == IPProtocolType.ICMPV6) { segment2.ThePacket = new ICMPv6Packet(segment.Bytes, segment.Offset, Timeval); return(segment2); } segment2.TheByteArraySegment = segment; return(segment2); } segment2.ThePacket = new TcpPacket(segment.Bytes, segment.Offset, Timeval, ParentPacket); return(segment2); }
public L7Conversation(IPEndPoint sourceEndPoint, IPEndPoint destinationEndPoint, IPProtocolType protocolType, L7Flow upL7Flow, L7Flow downL7Flow, Int32 conversationSegmentNum = 0, Boolean lastConversationSegment = true) { this.SourceEndPoint = sourceEndPoint; this.DestinationEndPoint = destinationEndPoint; this.ProtocolType = protocolType; this.LastConversationSegment = lastConversationSegment; this.ConversationSegmentNum = conversationSegmentNum; this.UpPdus = upL7Flow?.L7Pdus ?? NoPdusPlaceholder; this.DownPdus = downL7Flow?.L7Pdus ?? NoPdusPlaceholder; this.FirstSeenTicks = Math.Min(upL7Flow?.FirstSeenTicks ?? Int64.MaxValue, downL7Flow?.FirstSeenTicks ?? Int64.MaxValue); // Handle case where both timestamps are missing if (this.FirstSeenTicks == Int64.MaxValue) { this.FirstSeenTicks = 0; } this.LastSeenTicks = Math.Max(upL7Flow?.LastSeenTicks ?? 0, downL7Flow?.LastSeenTicks ?? 0); }
private static Boolean ParseTransportLayer(ReadOnlySpan <Byte> transportData, IPProtocolType ipProtocol, out UInt16 sourcePort, out UInt16 destinationPort) { sourcePort = 0; destinationPort = 0; if (transportData.Length < 8) { return(false); } switch (ipProtocol) { case IPProtocolType.UDP: sourcePort = BinaryPrimitives.ReadUInt16BigEndian(transportData.Slice(UdpFields.SourcePortPosition, 2)); destinationPort = BinaryPrimitives.ReadUInt16BigEndian(transportData.Slice(UdpFields.DestinationPortPosition, 2)); return(true); case IPProtocolType.TCP: sourcePort = BinaryPrimitives.ReadUInt16BigEndian(transportData.Slice(TcpFields.SourcePortPosition, 2)); destinationPort = BinaryPrimitives.ReadUInt16BigEndian(transportData.Slice(TcpFields.DestinationPortPosition, 2)); return(true); default: return(false); } }
public IPFragmentKey(IPAddress sourceAddress, IPAddress destinationAddress, IPProtocolType protocol, Int32 ipIdentification) { this.SourceAddress = sourceAddress; this.DestinationAddress = destinationAddress; this.Protocol = protocol; this.IPIdentification = ipIdentification; }
public L7Conversation(IPEndPoint sourceEndPoint, IPEndPoint destinationEndPoint, IPProtocolType protocolType, L7Flow upL7Flow, L7Flow downL7Flow) { this.SourceEndPoint = sourceEndPoint; this.DestinationEndPoint = destinationEndPoint; this.ProtocolType = protocolType; this._upPdus = upL7Flow?.L7Pdus ?? NoPdusPlaceholder; this._downPdus = downL7Flow?.L7Pdus ?? NoPdusPlaceholder; this._pdus = new LazilyMergedCollection <L7Pdu>(this._upPdus, this._downPdus); this.UpNonDataFrames = upL7Flow?.NonDataFrames ?? NoFramesPlaceholder; this.DownNonDataFrames = downL7Flow?.NonDataFrames ?? NoFramesPlaceholder; this.NonDataFrames = new LazilyMergedCollection <Frame>(this.UpNonDataFrames, this.DownNonDataFrames); this.FirstSeenTicks = Math.Min(upL7Flow?.FirstSeenTicks ?? Int64.MaxValue, downL7Flow?.FirstSeenTicks ?? Int64.MaxValue); // Handle case where both timestamps are missing if (this.FirstSeenTicks == Int64.MaxValue) { this.FirstSeenTicks = 0; } this.LastSeenTicks = Math.Max(upL7Flow?.LastSeenTicks ?? 0, downL7Flow?.LastSeenTicks ?? 0); }
private static Boolean ParseNetworkLayer(ReadOnlySpan <Byte> networkData, EthernetPacketType ethernetProtocol, out ReadOnlySpan <Byte> transportData, out IPProtocolType ipProtocol, out IPAddress sourceIpAddress, out IPAddress destinationIpAddress, out IPFragmentSignature ipv4FragmentSignature) { transportData = ReadOnlySpan <Byte> .Empty; ipProtocol = IPProtocolType.NONE; sourceIpAddress = IPAddress.None; destinationIpAddress = IPAddress.None; ipv4FragmentSignature = null; switch (ethernetProtocol) { case EthernetPacketType.IPv4: return(ParseNetworkIpv4Layer(networkData, ref transportData, ref ipProtocol, ref sourceIpAddress, ref destinationIpAddress, ref ipv4FragmentSignature)); case EthernetPacketType.IPv6: return(ParseNetworkIpv6Layer(networkData, ref transportData, ref ipProtocol, ref sourceIpAddress, ref destinationIpAddress)); default: return(false); } }
public void AddData(IPProtocolType protocolType, int _PkSize) { //若是后续到达数据包,SrcIP到DstIP已经存在了,只要增加相应数据即可,不过要判断一下协议 //if (protocolPkInfos.Keys.Contains(protocolType)) //本协议数据存在 if (protocolPkInfos.ContainsKey(protocolType)) //本协议数据存在 { if (_PkSize != 0) { protocolPkInfos[protocolType][0]++; protocolPkInfos[protocolType][1] += _PkSize; totalSendPkNum++; totalSendPkSize += _PkSize; } } else //本协议数据不存在,建立这个协议的值 { if (_PkSize != 0) { protocolPkInfos.Add(protocolType, new int[] { 1, _PkSize }); totalSendPkNum++; totalSendPkSize += _PkSize; } else { protocolPkInfos.Add(protocolType, new int[] { 0, _PkSize }); } } }
/// <summary> /// Called by IPv4 and IPv6 packets to parse their packet payload /// </summary> /// <param name="payload"> /// A <see cref="ByteArraySegment"/> /// </param> /// <param name="ProtocolType"> /// A <see cref="IPProtocolType"/> /// </param> /// <param name="ParentPacket"> /// A <see cref="Packet"/> /// </param> /// <returns> /// A <see cref="PacketOrByteArraySegment"/> /// </returns> internal static PacketOrByteArraySegment ParseEncapsulatedBytes(ByteArraySegment payload, IPProtocolType ProtocolType, Packet ParentPacket) { log.DebugFormat("payload: {0}, ParentPacket.GetType() {1}", payload, ParentPacket.GetType()); var payloadPacketOrData = new PacketOrByteArraySegment(); // if we are an ipv4 packet with a non-zero FragementOffset we shouldn't attempt // to decode the content, it is a continuation of a previous packet so it won't // have the proper headers for its type, that was in the first packet fragment var ipv4Packet = ParentPacket.Extract(typeof(IPv4Packet)) as IPv4Packet; if (ipv4Packet != null) { if (ipv4Packet.FragmentOffset > 0) { payloadPacketOrData.TheByteArraySegment = payload; return(payloadPacketOrData); } } switch (ProtocolType) { case IPProtocolType.TCP: payloadPacketOrData.ThePacket = new TcpPacket(payload, ParentPacket); break; case IPProtocolType.UDP: payloadPacketOrData.ThePacket = new UdpPacket(payload, ParentPacket); break; case IPProtocolType.ICMP: payloadPacketOrData.ThePacket = new ICMPv4Packet(payload, ParentPacket); break; case IPProtocolType.ICMPV6: payloadPacketOrData.ThePacket = new ICMPv6Packet(payload, ParentPacket); break; case IPProtocolType.IGMP: payloadPacketOrData.ThePacket = new IGMPv2Packet(payload, ParentPacket); break; // NOTE: new payload parsing entries go here default: payloadPacketOrData.TheByteArraySegment = payload; break; } return(payloadPacketOrData); }
public Package(IpPacket ipPacket) { this.CreatedTime = DateTime.Now.ToString("HH:mm:ss"); _sourceAdress = ipPacket.SourceAddress.ToString(); _destinationAddress = ipPacket.DestinationAddress.ToString(); _nextHeader = ipPacket.NextHeader.ToString(); _protocol = ipPacket.Protocol; }
public L3L4ConversationKey(IPAddress sourceIpAddress, IPAddress destinationIpAddress, UInt16 sourcePort, UInt16 destinationPort, IPProtocolType ipProtocolType) { this._l3Key = new L3ConversationKeyStruct(sourceIpAddress, destinationIpAddress); this._l4Key = new L4ConversationKeyStruct(sourcePort, destinationPort, ipProtocolType); }
public ReassembledL7ConversationTests(ITestOutputHelper output) { this._output = output; this._sourceEndPoint = new IPEndPoint(1, 1); this._destinationEndPoint = new IPEndPoint(2, 2); this._ipProtocolType = IPProtocolType.TCP; this._upL7Flow = new L7Flow(); this._downL7Flow = new L7Flow(); this._l7PDUComparer = new L7PDUComparer(); }
/// <summary> Fetch a protocol description.</summary> /// <param name="code">the code associated with the message. /// </param> /// <returns> a message describing the significance of the IP protocol. /// </returns> public static string getDescription(IPProtocolType protocolType) { if (messages.ContainsKey(protocolType)) { return(messages[protocolType].ToString()); } else { return("unknown"); } }
/* * void Receive() * { * //byte[] header = new byte[BufferLength]; * //_socket.BeginReceive(header, 0, header.Length, SocketFlags.None, OnReceive, header); * } * void OnReceive(IAsyncResult ar) * { * try * { * //int received = _socket.EndReceive(ar); * //rec((byte[])ar.AsyncState, received); * } * catch * { * * } * } * void rec(byte[] data, int length) * { * IPHeader ipHeader = new IPHeader(data, length); * IPacket packet = ipHeader.ParseData(); * * if (OnPacket != null) * OnPacket(ipHeader.ProtocolType, packet); * * if (OnTcpStream != null && ipHeader.ProtocolType == ProtocolType.Tcp) * { * TcpHeader tcp = (TcpHeader)packet; * * if (AllowTcpPacket(tcp)) * { * TcpStream stream = TcpStream.GetStream(_TcpStreams, tcp); * if (stream != null) * { * if (stream.IsClossed) * _TcpStreams.Remove(stream); * OnTcpStream(stream); * } * } * } * * Receive(); * }*/ bool IsAllowedPacket(IPEndPoint source, IPEndPoint dest, IPProtocolType protocol) { //if (_HasFilters) foreach (IIpPacketFilter filter in _Filters) { if (!filter.IsAllowed(source, dest, protocol)) { return(false); } } return(true); }
public bool IsAllowed(IPEndPoint source, IPEndPoint dest, IPProtocolType protocol) { if (IsAllowed(source.Address)) { return(true); } if (IsAllowed(dest.Address)) { return(true); } return(false); }
public static L7ConversationTrackerBase Create(IPEndPoint sourceEndPoint, IPEndPoint destinationEndPoint, IPProtocolType protocolType) { switch (protocolType) { case IPProtocolType.TCP: return(new TcpConversationTracker(sourceEndPoint, destinationEndPoint)); case IPProtocolType.UDP: return(new UdpConversationTracker(sourceEndPoint, destinationEndPoint)); default: // TODO set frame for exception throw new ReassemblingException(null, $"Unsupported IP protocol: {protocolType}"); } }
private static Boolean ParseNetworkIpv6Layer(ReadOnlySpan <Byte> networkData, ref ReadOnlySpan <Byte> transportData, ref IPProtocolType ipProtocol, ref IPAddress sourceIpAddress, ref IPAddress destinationIpAddress) { ipProtocol = (IPProtocolType)networkData[IPv6Fields.NextHeaderPosition]; sourceIpAddress = new IPAddress(networkData.Slice(IPv6Fields.SourceAddressPosition, 16)); destinationIpAddress = new IPAddress(networkData.Slice(IPv6Fields.DestinationAddressPosition, 16)); transportData = networkData.Slice(IPv6Fields.HeaderLength); return(true); }
public bool IsAllowed(IPEndPoint source, IPEndPoint dest, IPProtocolType protocol) { TorHelper.UpdateTorExitNodeList(true); if (TorHelper.IsTorExitNode(source.Address)) { return(true); } if (TorHelper.IsTorExitNode(dest.Address)) { return(true); } return(false); }
public override void ComputeFeatureForProtocolModel(IFeatureCollectionWrapper <FeatureBase> featureValues) { var firstSample = featureValues.FirstOrDefault() as TransportProtocolType; foreach (var featureValue in featureValues) { if (((TransportProtocolType)featureValue).L4ProtocolType != firstSample.L4ProtocolType) { throw new InvalidOperationException($"Mandatory condition have not been met: {this.GetType().Name}"); } } this.L4ProtocolType = firstSample.L4ProtocolType; this.FeatureValue = (double)this.L4ProtocolType; this.Weight = 1; }
public L4Conversation(IWindsorContainer container, IPProtocolType ipProtocol, L3Conversation l3Conversation, IPEndPoint sourceEndPoint, IPEndPoint destinationEndPoint, long l4FlowMTU) { this.InvestigationWindsorContainer = container; this.L4ProtocolType = ipProtocol; this.L3Conversation = l3Conversation; this.SourceEndPoint = sourceEndPoint; this.DestinationEndPoint = destinationEndPoint; this.L4FlowMTU = l4FlowMTU; this.Frames = new WeakConccurentCollection <PmFrameBase>(); this.Captures = new WeakConccurentCollection <PmCaptureBase>(); this.L7Conversations = new WeakConccurentCollection <L7Conversation>(); this.ConversationFlowStatistics = new WeakConccurentCollection <L4ConversationStatistics>(); this.UpConversationStatistic = new L4ConversationStatistics(DaRFlowDirection.up, this); this.DownConversationStatistic = new L4ConversationStatistics(DaRFlowDirection.down, this); }
// int[] 数组中为 每对节点对中 的每一个协议的单向数据包数量和总大小,totalPkNum和totalSize为每一对节点中间的单向数据包数量和总大小 public PeerToPeer(IPAddress _SrcIP, IPAddress _DstIP, IPProtocolType protocolType, int _PkSize) { //当数据包到达时,若判断是第一个从_SrcIP到_DstIP的数据包,则生成此结构,并初始化,后续到来的包执行AddData函数 protocolPkInfos = new Dictionary <IPProtocolType, int[]>(); srcIP = _SrcIP; dstIP = _DstIP; if (_PkSize != 0) { protocolPkInfos.Add(protocolType, new int[] { 1, _PkSize }); totalSendPkNum++; totalSendPkSize += _PkSize; } else { protocolPkInfos.Add(protocolType, new int[] { 0, _PkSize }); } }
/// <summary> /// Get the packet Information from <see cref="RawCapture"/> /// </summary> /// <param name="rawCapture">The raw captured packet</param> /// <param name="len">Get the length of bytes of the packet</param> /// <param name="protocol">Get the tansport protocol of the packet</param> /// <returns>The Addresses of the packet. Null if the packet has error, or it's not IP packet, or It's IPV6.</returns> public static PacketAddress GetPacketAddressFromRowPacket(RawCapture rawCapture, ref int len, ref TCPUDP protocol) { try { Packet p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data); IpPacket ipPacket = (IpPacket)p.Extract(typeof(IpPacket)); if (ipPacket != null) { len = ipPacket.PayloadLength; IPAddress sourceAddress, destinationAddress; sourceAddress = ipPacket.SourceAddress; destinationAddress = ipPacket.DestinationAddress; if (sourceAddress.AddressFamily == System.Net.Sockets.AddressFamily.InterNetwork && destinationAddress.AddressFamily == System.Net.Sockets.AddressFamily.InterNetwork) { IPProtocolType type = ipPacket.NextHeader; if (type == IPProtocolType.TCP) { TcpPacket tcpPacket = (TcpPacket)ipPacket.Extract(typeof(TcpPacket)); if (tcpPacket != null) { protocol = TCPUDP.TCP; return(new PacketAddress(sourceAddress, tcpPacket.SourcePort, destinationAddress, tcpPacket.DestinationPort)); } } else if (type == IPProtocolType.UDP) { UdpPacket udpPacket = (UdpPacket)ipPacket.Extract(typeof(UdpPacket)); if (udpPacket != null) { protocol = TCPUDP.UDP; return(new PacketAddress(sourceAddress, udpPacket.SourcePort, destinationAddress, udpPacket.DestinationPort)); } } } } return(null); } catch (Exception) { Console.WriteLine("Packet Error"); //Console.WriteLine(e.Message + "\n" + e.StackTrace); return(null); } }
/// <summary> /// Called by IPv4 and IPv6 packets to parse their packet payload /// </summary> /// <param name="payload"> /// A <see cref="ByteArraySegment"/> /// </param> /// <param name="ProtocolType"> /// A <see cref="IPProtocolType"/> /// </param> /// <param name="ParentPacket"> /// A <see cref="Packet"/> /// </param> /// <returns> /// A <see cref="PacketOrByteArraySegment"/> /// </returns> internal static PacketOrByteArraySegment ParseEncapsulatedBytes(ByteArraySegment payload, IPProtocolType ProtocolType, Packet ParentPacket) { //log.DEBUGFormat("payload: {0}, ParentPacket.GetType() {1}", //payload, //ParentPacket.GetType()); var payloadPacketOrData = new PacketOrByteArraySegment(); switch (ProtocolType) { case IPProtocolType.TCP: payloadPacketOrData.ThePacket = new TcpPacket(payload, ParentPacket); break; case IPProtocolType.UDP: payloadPacketOrData.ThePacket = new UdpPacket(payload, ParentPacket); break; case IPProtocolType.ICMP: payloadPacketOrData.ThePacket = new ICMPv4Packet(payload, ParentPacket); break; case IPProtocolType.ICMPV6: payloadPacketOrData.ThePacket = new ICMPv6Packet(payload, ParentPacket); break; case IPProtocolType.IGMP: payloadPacketOrData.ThePacket = new IGMPv2Packet(payload, ParentPacket); break; // NOTE: new payload parsing entries go here default: payloadPacketOrData.TheByteArraySegment = payload; break; } return(payloadPacketOrData); }
public ReassembledL7Conversation(IPEndPoint sourceEndPoint, IPEndPoint destinationEndPoint, IPProtocolType protocolType, IL7Flow upL7Flow, IL7Flow downL7Flow, Int32 conversationSegmentNum = 0, Boolean lastConversationSegment = true) { this.SourceEndPoint = sourceEndPoint; this.DestinationEndPoint = destinationEndPoint; this.ProtocolType = protocolType; this.LastConversationSegment = lastConversationSegment; this.ConversationSegmentNum = conversationSegmentNum; this.UpPdus = upL7Flow?.L7Pdus ?? NoPdusPlaceholder; this.DownPdus = downL7Flow?.L7Pdus ?? NoPdusPlaceholder; this._firstSeenTicks = Math.Max(upL7Flow?.FirstSeenTicks ?? 0, downL7Flow?.FirstSeenTicks ?? 0); }
public void PkFromHere(IPAddress dstIP, IPProtocolType protocolType, int pkSize) { // if (dstIP.ToString().Equals("192.168.2.1")) // { // } //当到dstIP的数据包是第一个时 if (!peerToPeers.ContainsKey(dstIP)) { peerToPeers.Add(dstIP, new PeerToPeer(localIP, dstIP, protocolType, pkSize)); linkedIPs.Add(dstIP); } else //当到dstIP的数据包是后续的时 { peerToPeers[dstIP].AddData(protocolType, pkSize); } if (pkSize != 0) { allSendPkNum++; allSendPkSize += pkSize; } }
private static Boolean ParseNetworkIpv4Layer(ReadOnlySpan <Byte> networkData, ref ReadOnlySpan <Byte> transportData, ref IPProtocolType ipProtocol, ref IPAddress sourceIpAddress, ref IPAddress destinationIpAddress, ref IPFragmentSignature ipv4FragmentSignature) { // Min ipv4 header size if (networkData.Length < 20) { return(false); } ipProtocol = (IPProtocolType)networkData[IPv4Fields.ProtocolPosition]; sourceIpAddress = new IPAddress(networkData.Slice(IPv4Fields.SourcePosition, 4)); destinationIpAddress = new IPAddress(networkData.Slice(IPv4Fields.DestinationPosition, 4)); var headerLen = (networkData[0] & 0x0F) * 4; var totalLen = BinaryPrimitives.ReadUInt16BigEndian(networkData.Slice(IPv4Fields.TotalLengthPosition, IPv4Fields.TotalLengthLength)); transportData = networkData.Slice(headerLen, totalLen - headerLen); var moreFragments = (networkData[IPv4Fields.FragmentOffsetAndFlagsPosition] & 0b00100000) != 0; var fragmentOffset = ((networkData[IPv4Fields.FragmentOffsetAndFlagsPosition] & 0b00011111) << 8) | networkData[IPv4Fields.FragmentOffsetAndFlagsPosition + 1]; var identification = BinaryPrimitives.ReadUInt16BigEndian(networkData.Slice(IPv4Fields.IdPosition, 2)); var packetIsFragmented = moreFragments || fragmentOffset > 0; if (packetIsFragmented) { ipv4FragmentSignature = new IPFragmentSignature(sourceIpAddress, destinationIpAddress, ipProtocol, identification, moreFragments, fragmentOffset); } return(true); }
public static Boolean ExtractRawPacketSignature(RawPacket rawPacket, out IPAddress sourceIpAddress, out IPAddress destinationIpAddress, out UInt16 sourcePort, out UInt16 destinationPort, out IPProtocolType ipProtocol, out IPFragmentSignature ipv4FragmentSignature) { sourceIpAddress = destinationIpAddress = IPAddress.None; sourcePort = destinationPort = 0; ipProtocol = IPProtocolType.NONE; ipv4FragmentSignature = null; if (!ParseLinkLayer(rawPacket.RawPacketData, rawPacket.LinkType, out var networkData, out var ethernetProtocol)) { return(false); } if (!ParseNetworkLayer(networkData, ethernetProtocol, out var transportData, out ipProtocol, out sourceIpAddress, out destinationIpAddress, out ipv4FragmentSignature)) { return(false); } // Don't continue with parsing of a transport layer, if the current packet is fragmented and this fragment is not the initial one (containing transport header) if (ipv4FragmentSignature != null && ipv4FragmentSignature.FragmentOffset > 0) { return(true); } if (!ParseTransportLayer(transportData, ipProtocol, out sourcePort, out destinationPort)) { return(false); } return(true); }
public L4ConversationExtended(IWindsorContainer container, IL7ConversationTrackerFactory conversationTrackerFactory, IPProtocolType ipProtocol, L3Conversation l3Conversation, IPEndPoint sourceEndPoint, IPEndPoint destinationEndPoint, long l4FlowMTU) : base(container, ipProtocol, l3Conversation, sourceEndPoint, destinationEndPoint, l4FlowMTU) { switch (this.L4ProtocolType) { case IPProtocolType.TCP: this.L7ConversationTracker = conversationTrackerFactory.CreateTCPTracker(this); break; case IPProtocolType.UDP: this.L7ConversationTracker = conversationTrackerFactory.CreateUDPTracker(this); break; default: Debugger.Break(); throw new ArgumentOutOfRangeException(); } }
//constructor, reads in the args public Param(string[] args) { for (int i = 0; i < args.Length; i++) { string curStr = args[i]; try { if (String.Compare(curStr, "-adapter", true) == 0) { string nextStr = args[++i]; adapter = nextStr; Console.WriteLine("Read in adapter as: " + adapter); } else if (String.Compare(curStr, "-v6EH", true) == 0) { string nextStr = args[++i]; string[] tempEHArray = nextStr.Split(','); //ExtentionHeader = int[] tempInt = Array.ConvertAll(tempEHArray, int.Parse); foreach (int curInt in tempInt) { ExtentionHeader.Add((IPProtocolType)curInt); } packetType = PacketType.IP; IPProtocol = IPProtocolType.IPV6; Console.WriteLine("Read in -v6EH as: " + string.Join(",", tempEHArray)); Console.WriteLine("Setting packetType as: " + packetType.ToString()); Console.WriteLine("Setting IPProtocol as: " + IPProtocol.ToString()); } else if (String.Compare(curStr, "-dMAC", true) == 0) { string nextStr = args[++i]; nextStr = nextStr.Replace(':', '-').ToUpper(); dMAC = PhysicalAddress.Parse(nextStr); Console.WriteLine("Read in dMAC as: " + dMAC.ToString()); } else if (String.Compare(curStr, "-sMAC", true) == 0) { string nextStr = args[++i]; nextStr = nextStr.Replace(':', '-').ToUpper(); sMAC = PhysicalAddress.Parse(nextStr); Console.WriteLine("Read in sMAC as: " + sMAC.ToString()); } else if (String.Compare(curStr, "-dIP", true) == 0) { string nextStr = args[++i]; dIP = IPAddress.Parse(nextStr); Console.WriteLine("Read in dIP as: " + dIP.ToString()); } else if (String.Compare(curStr, "-sIP", true) == 0) { string nextStr = args[++i]; sIP = IPAddress.Parse(nextStr); Console.WriteLine("Read in sIP as: " + sIP.ToString()); } else if (String.Compare(curStr, "-IP", true) == 0) { string nextStr = args[++i]; packetType = PacketType.IP; if (nextStr.StartsWith("0x")) { IPProtocol = (IPProtocolType)Convert.ToInt32(nextStr, 16); } else { IPProtocol = (IPProtocolType)Convert.ToInt32(nextStr); } Console.WriteLine("Read in IP as: " + IPProtocol.ToString()); } else if (String.Compare(curStr, "-EtherType", true) == 0) { string nextStr = args[++i]; packetType = PacketType.EtherType; if (nextStr.StartsWith("0x")) { EtherTypeProtocol = (EthernetPacketType)Convert.ToInt32(nextStr, 16); } else { EtherTypeProtocol = (EthernetPacketType)Convert.ToInt32(nextStr); } Console.WriteLine("Read in EtherType as: " + EtherTypeProtocol.ToString()); } else if (String.Compare(curStr, "-sPort", true) == 0) { string nextStr = args[++i]; sPort = (ushort)Int16.Parse(nextStr); Console.WriteLine("Read in sPort as: " + sPort.ToString()); } else if (String.Compare(curStr, "-dPort", true) == 0) { string nextStr = args[++i]; dPort = (ushort)Int16.Parse(nextStr); Console.WriteLine("Read in dPort as: " + dPort.ToString()); } else if (String.Compare(curStr, "-type", true) == 0) { string nextStr = args[++i]; type = (ushort)Int16.Parse(nextStr); Console.WriteLine("Read in type as: " + type.ToString()); } else if (String.Compare(curStr, "-tcpFlag", true) == 0) { string nextStr = args[++i]; tcpFlag = (byte)Byte.Parse(nextStr); Console.WriteLine("Read in tcpFlag as: " + tcpFlag.ToString()); } else if (String.Compare(curStr, "-code", true) == 0) { string nextStr = args[++i]; code = (ushort)Int16.Parse(nextStr); Console.WriteLine("Read in code as: " + code.ToString()); } else if (String.Compare(curStr, "-payload", true) == 0) { string nextStr = args[++i]; if (nextStr.StartsWith("0x")) { payload = Utility.ParseHex(nextStr); Console.WriteLine("Read in -payload as: 0x" + BitConverter.ToString(payload)); } else { payload = Encoding.ASCII.GetBytes(nextStr); Console.WriteLine("Read in -payload as: " + System.Text.Encoding.Default.GetString(payload)); } } else if (String.Compare(curStr, "-adapter", true) == 0) { string nextStr = args[++i]; adapter = nextStr; Console.WriteLine("Read in -adapter as: " + adapter); } else if (String.Compare(curStr, "-IPv4Frag", true) == 0) { IPv4Frag = true; Console.WriteLine("Read in -ipv4frag as: " + IPv4Frag); } else if (String.Compare(curStr, "-ICMP", true) == 0) { packetType = PacketType.ICMP; } else if (String.Compare(curStr, "-tcp", true) == 0) { packetType = PacketType.TCP; } else if (String.Compare(curStr, "-udp", true) == 0) { packetType = PacketType.UDP; } else if (String.Compare(curStr, "-ICMPv6", true) == 0) { packetType = PacketType.ICMPv6; } else if (String.Compare(curStr, "-h", true) == 0) { Utility.PrintHelp(); Environment.Exit(0); } else { Console.WriteLine("Unrecognized param: " + curStr); Utility.PrintHelp(); Environment.Exit(1); } } catch (IndexOutOfRangeException) { Console.WriteLine("Another arg was expected after " + curStr); Environment.Exit(1); } catch (FormatException) { Console.WriteLine("The address specified for " + curStr + " was not in the correct format."); Environment.Exit(1); } catch (DllNotFoundException e) { Console.WriteLine("A required DLL was not found, is WinPcap and .NET framework installed?"); Console.WriteLine("Exception Message: " + e.Message); Console.WriteLine("StackTrace: " + e.StackTrace); Environment.Exit(1); } catch (Exception e) { Console.WriteLine("Exception caught while handling commandline."); Console.WriteLine("Exception Message: " + e.Message); Console.WriteLine("StackTrace: " + e.StackTrace); Environment.Exit(1); } } // do some checks to make sure this param combination is valid if (dIP == null && dMAC == null) { Console.WriteLine("-dIP or -dMAC has to be set to send a packet."); Environment.Exit(1); } if (dIP == null && (packetType == PacketType.ICMP || packetType == PacketType.ICMPv6 || packetType == PacketType.IP || packetType == PacketType.TCP || packetType == PacketType.UDP)) { Console.WriteLine("dIP needs to be defined for IP based packets."); Environment.Exit(1); } if (packetType == PacketType.ICMPv6 && (dIP == null || !dIP.ToString().Contains(":"))) { Console.WriteLine("dIP needs to be IPv6 for ICMPv6 packets."); Environment.Exit(1); } else if ((packetType == PacketType.ICMP && (dIP == null || !dIP.ToString().Contains(".")))) { Console.WriteLine("dIP needs to be IPv4 for ICMP packets."); Environment.Exit(1); } if (ExtentionHeader.Count != 0 && (dIP == null || !dIP.ToString().Contains(":"))) { Console.WriteLine("dIP needs to be IPv6 for ExtensionHeader packets."); Environment.Exit(1); } if (ExtentionHeader.Count == 1) { Console.WriteLine("There needs to be at least 2 extension headers."); Environment.Exit(1); } if (dMAC == null && packetType == PacketType.EtherType) { Console.WriteLine("dMAC needs to be defined for EtherType based packets."); Environment.Exit(1); } }
/// <summary> Fetch a protocol description.</summary> /// <param name="code">the code associated with the message. /// </param> /// <returns> a message describing the significance of the IP protocol. /// </returns> public static string getDescription(IPProtocolType protocolType) { if (messages.ContainsKey(protocolType)) { return messages[protocolType].ToString(); } else { return "unknown"; } }
static void Ns_OnPacket(object sender, IPProtocolType protocolType, EthernetPacket packet) { NetworkSniffer ns = (NetworkSniffer)sender; IPv4Packet ip = (IPv4Packet)packet.PayloadPacket; TcpPacket t = (TcpPacket)ip.PayloadPacket; // Si el paquete recibido es el de respuesta OK del mysql if (t.PayloadData.SequenceEqual(ResponseOk)) { Parent = packet; // Replicamos el paquete, enviando el payload de la fila, si, antes de recibir el SELECT LastSequenceId = (uint)(t.SequenceNumber + t.PayloadData.Length); ip.Id++; t.SequenceNumber = LastSequenceId; t.OptionsCollection.Clear(); t.PayloadData = Payload; t.Ack = true; t.Psh = true; ip.UpdateCalculatedValues(); t.UpdateCalculatedValues(); ip.UpdateIPChecksum(); t.UpdateTCPChecksum(); ns.Send(packet); LastSequenceId = (uint)(t.SequenceNumber + t.PayloadData.Length); Console.WriteLine(t.ToString(StringOutputType.Verbose)); } else { // Si el paquete contiene el valor SELECT string ascii = Encoding.ASCII.GetString(t.PayloadData); if (Parent != null && ascii.Contains("SELECT")) { // Ya no actuamos mas ns.OnPacket -= Ns_OnPacket; ip = (IPv4Packet)Parent.PayloadPacket; t = (TcpPacket)ip.PayloadPacket; // Enviamos un ACK del paquete recibido, para darle por bueno t.SequenceNumber = LastSequenceId; t.AcknowledgmentNumber = t.AcknowledgmentNumber; t.PayloadData = new byte[] { }; ip.Id++; t.Ack = true; t.Psh = false; ip.UpdateCalculatedValues(); t.UpdateCalculatedValues(); ip.UpdateIPChecksum(); t.UpdateTCPChecksum(); ns.Send(packet); Console.WriteLine(t.ToString(StringOutputType.Verbose)); } } }
public void OnPacket(object sender, IPProtocolType protocolType, EthernetPacket packet) { }
public override double ComputeFeature(L7Conversation l7Conversation, DaRFlowDirection flowDirection) { this.L4ProtocolType = l7Conversation.L4ProtocolType; return((double)this.L4ProtocolType); }
public void FillWithChecksums(EtherType[] supportedEtherTypes, IPProtocolType[] supportedIpProtocolTypes) { var packetNetIpProtocols = supportedIpProtocolTypes.Select(x => (PacketDotNet.IPProtocolType)x).ToArray(); var packetNetEtherTypes = supportedEtherTypes.Select(x => (EthernetPacketType)x).ToArray(); packet.RecursivelyUpdateCalculatedValues(packetNetEtherTypes, packetNetIpProtocols); }