public void IpV4AddressRandomTest()
{
Assert.AreEqual(IpV4Address.AllHostsGroupAddress, new IpV4Address("224.0.0.1"));
Random random = new Random();
for (int i = 0; i != 1000; ++i)
{
IpV4Address address = random.NextIpV4Address();
Assert.AreEqual(address, new IpV4Address(address.ToString()));
Assert.IsTrue(address == new IpV4Address(address.ToString()));
Assert.IsFalse(address != new IpV4Address(address.ToString()));
Assert.AreEqual(address.GetHashCode(), new IpV4Address(address.ToString()).GetHashCode());
Assert.AreEqual(address, new IpV4Address(address.ToValue()));
Assert.AreNotEqual(address, random.NextIpV4Address());
Assert.IsFalse(address == random.NextIpV4Address());
Assert.IsTrue(address != random.NextIpV4Address());
Assert.AreNotEqual(address.GetHashCode(), random.NextIpV4Address().GetHashCode());
Assert.AreNotEqual(2, address);
Assert.IsFalse(address.Equals(null));
}
}
public void Add(IpV4Address IP, MacAddress Mac)
{
if (_arp_table.ContainsKey(IP))
{
_arp_table[IP] = Mac;
VirtualNetwork.Instance.PostTraceMessage("ARP table item update: " + IP.ToString() + " = " + Mac.ToString());
}
else
{
_arp_table.Add(IP, Mac);
VirtualNetwork.Instance.PostTraceMessage("ARP table item add: " + IP.ToString() + " = " + Mac.ToString());
}
}
public static List <string> GetCurrentHostIPv4Addresses()
{
//Check https://stackoverflow.com/questions/50386546/net-core-2-x-how-to-get-the-current-active-local-network-ipv4-address
// order interfaces by speed and filter out down and loopback
// take first of the remaining
var allUpInterfaces = NetworkInterface.GetAllNetworkInterfaces()
.OrderByDescending(c => c.Speed)
.Where(c => c.NetworkInterfaceType != NetworkInterfaceType.Loopback &&
c.OperationalStatus == OperationalStatus.Up).ToList();
List <string> lstIps = new();
if (allUpInterfaces != null && allUpInterfaces.Count > 0)
{
foreach (var singleUpInterface in allUpInterfaces)
{
var props = singleUpInterface.GetIPProperties();
// get first IPV4 address assigned to this interface
var allIpV4Address = props.UnicastAddresses
.Where(c => c.Address.AddressFamily == AddressFamily.InterNetwork)
.Select(c => c.Address)
.ToList();
allIpV4Address.ForEach((IpV4Address) =>
{
lstIps.Add(IpV4Address.ToString());
});
}
}
return(lstIps);
}
public void SendIcmpEchoReply(IpV4Address TargetIP, MacAddress TargetMac, IcmpDatagram icmpRequest)
{
EthernetLayer ethernetLayer =
new EthernetLayer
{
Source = _adapter.MAC,
Destination = TargetMac,
EtherType = EthernetType.None, // Will be filled automatically.
};
VLanTaggedFrameLayer vlanLayer =
new VLanTaggedFrameLayer
{
PriorityCodePoint = ClassOfService.BestEffort,
CanonicalFormatIndicator = false,
VLanIdentifier = _adapter.VLAN,
EtherType = EthernetType.None,
};
IpV4Layer ipV4Layer =
new IpV4Layer
{
Source = _adapter.IP,
CurrentDestination = TargetIP,
Fragmentation = IpV4Fragmentation.None,
HeaderChecksum = null, // Will be filled automatically.
Identification = 123,
Options = IpV4Options.None,
Protocol = null, // Will be filled automatically.
Ttl = 100,
TypeOfService = 0,
};
IcmpEchoReplyLayer icmpReplyLayer = new IcmpEchoReplyLayer
{
Identifier = (ushort)((icmpRequest.Variable >> 16) & 0xFFFF),
SequenceNumber = (ushort)(icmpRequest.Variable & 0xFFFF),
};
PayloadLayer payloadLayer = new PayloadLayer()
{
Data = icmpRequest.Payload
};
if (_adapter.VLAN > 1)
{
VirtualNetwork.Instance.SendPacket(PacketBuilder.Build(DateTime.Now, ethernetLayer, vlanLayer, ipV4Layer, icmpReplyLayer, payloadLayer));
}
else
{
VirtualNetwork.Instance.SendPacket(PacketBuilder.Build(DateTime.Now, ethernetLayer, ipV4Layer, icmpReplyLayer, payloadLayer));
}
VirtualNetwork.Instance.PostTraceMessage("ICMP Reply: " + TargetIP.ToString());
}
public static string GetHostNameByIp(IpV4Address address)
{
try
{
return(Dns.GetHostEntry(address.ToString())?.HostName);
}
catch (SocketException) { }
return(null);
}
public static ReadOnlyCollection <byte> ToBytes(this IpV4Address address)
{
var bytes = new byte[4];
for (int i = 0; i < bytes.Length; i++)
{
bytes[i] = Convert.ToByte(address.ToString().Split('.')[i], 10);
}
return(bytes.AsReadOnly());
}
public void ToString_Should_ReturnCorrectString()
{
// Arrange
var ip = new IpV4Address(192, 168, 250, 123);
var expected = "192.168.250.123";
// Act
var actual = ip.ToString();
// Assert
Assert.Equal(expected, actual);
}
public bool Resolve(IpV4Address TargetIP, out MacAddress ResolvedMac)
{
bool ResolveResult = false;
ResolvedMac = MacAddress.Zero;
_arp_resolve_wait_handle.Reset();
_current_arp_probe_target_ip = TargetIP;
SendProbe(TargetIP);
if (_arp_resolve_wait_handle.WaitOne(ARP_RESOLVE_TIMEOUT))
{
ResolveResult = true;
ResolvedMac = _current_arp_replay_target_mac;
VirtualNetwork.Instance.PostTraceMessage("ARP Resolve: " + TargetIP.ToString() + " - SUCCESSFUL: " + ResolvedMac.ToString());
}
else
{
VirtualNetwork.Instance.PostTraceMessage("ARP Resolve: " + TargetIP.ToString() + " - FAILED");
}
return(ResolveResult);
}
private void CreateFakeAddresses(int count)
{
FakeIpV4Addresses = new List <IpV4Address>();
var ipAddress = ParseIpAddress(SourceIpv4);
while (FakeIpV4Addresses.Count != count)
{
var ipAddressFaked = new IpV4Address($"{ipAddress[0]}.{ipAddress[1]}.{ipAddress[2]}.{_rand.Next(FakeIpAddressMin, FakeIpAddressMax)}");
if (!FakeIpV4Addresses.Contains(ipAddressFaked) && !ipAddressFaked.ToString().Equals(SourceIpv4) && !ipAddressFaked.ToString().Equals(DestinationIpV4))
{
FakeIpV4Addresses.Add(ipAddressFaked);
}
}
}
private INetFwRule SetupNetFwRule(IpV4Address scanner)
{
Guid clsid = new Guid(BlockIPScanningReaction.guidRWRule);
Type typeFWRule = Type.GetTypeFromCLSID(clsid);
INetFwRule newRule = (INetFwRule)Activator.CreateInstance(typeFWRule);
newRule.Name = "AntiScan_Rule";
newRule.Description = String.Format("Block inbound traffic from {0}", scanner.ToString());
newRule.Protocol = (int)NET_FW_IP_PROTOCOL_.NET_FW_IP_PROTOCOL_ANY;
newRule.RemoteAddresses = scanner.ToString();
newRule.Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN;
newRule.Enabled = true;
newRule.Grouping = "AntiScanning rule added from clr...";
newRule.Action = NET_FW_ACTION_.NET_FW_ACTION_BLOCK;
return(newRule);
}
public static ReadOnlyCollection <byte> ToBytes(this IpV4Address ip)
{
var hexValues = ip.ToString().Split('.');
if (hexValues.Length != 4)
{
throw new InvalidCastException($"{ip} is not a valid ip address");
}
var ipBytes = new byte[4];
for (int i = 0; i < hexValues.Length; i++)
{
ipBytes[i] = Convert.ToByte(hexValues[i]);
}
return(ipBytes.AsReadOnly());
}
private bool ExistsBlockingRuleFor(IpV4Address scanner, INetFwPolicy2 fwPolicy)
{
INetFwRules rules = fwPolicy.Rules;
foreach (INetFwRule rule in rules)
{
bool isAppMadeRule = rule.Name == "AntiScan_Rule";
string addresses = rule.RemoteAddresses;
int slashPos = addresses.IndexOf('/');
string address = slashPos > 0 ? addresses.Substring(0, slashPos) : String.Empty;
bool isScannerBlocked = address == scanner.ToString();
if (isAppMadeRule && isScannerBlocked)
{
return(true);
}
}
return(false);
}
override public void Open()
{
string MACString = string.Empty;
if (_adapter.ArpService.Resolve(_remote_ip.ToString(), out MACString))
{
this._remote_mac = new MacAddress(MACString);
}
else
{
throw new Exception("Unable resolve mac for remote host: " + _remote_ip.ToString());
}
DateTime StartTime = DateTime.Now;
TimeSpan ConnectionTime = TimeSpan.Zero;
while (!IsOpen && ConnectionTime.TotalMilliseconds < CONNECTION_TIMEOUT)
{
TcpOpen();
ConnectionTime = DateTime.Now - StartTime;
}
}
public void SendProbe(IpV4Address TargetIP)
{
EthernetLayer ethernetLayer = new EthernetLayer
{
Destination = UtilityLib.BroadcastMac,
Source = _adapter.MAC,
EtherType = EthernetType.None
};
VLanTaggedFrameLayer vlanLayer =
new VLanTaggedFrameLayer
{
PriorityCodePoint = ClassOfService.BestEffort,
CanonicalFormatIndicator = false,
VLanIdentifier = _adapter.VLAN,
EtherType = EthernetType.None,
};
ArpLayer arpLayer = new ArpLayer
{
SenderHardwareAddress = _adapter.MAC.ToBytes().AsReadOnly(),
SenderProtocolAddress = _adapter.IP.ToBytes().AsReadOnly(),
TargetHardwareAddress = new MacAddress("FF:FF:FF:FF:FF:FF").ToBytes().AsReadOnly(),
TargetProtocolAddress = TargetIP.ToBytes().AsReadOnly(),
ProtocolType = EthernetType.IpV4,
Operation = ArpOperation.Request,
};
if (_adapter.VLAN > 1)
{
VirtualNetwork.Instance.SendPacket(PacketBuilder.Build(DateTime.Now, ethernetLayer, vlanLayer, arpLayer));
}
else
{
VirtualNetwork.Instance.SendPacket(PacketBuilder.Build(DateTime.Now, ethernetLayer, arpLayer));
}
VirtualNetwork.Instance.PostTraceMessage("ARP Probe: " + TargetIP.ToString());
}
public void SendArpResponse(PacketCommunicator communicator, IpV4Address ipAddress)
{
var ethernetLayer = new EthernetLayer
{
Source = SourceMac,
Destination = DestinationMac,
};
var a = Regex.Matches(SourceMac.ToString().Replace(":", ""), @"\S{2}").Cast <Match>().Select(m => m.Value).ToArray();
var macParsed = new byte[a.Length];
for (int i = 0; i < a.Length; i++)
{
macParsed[i] = (byte)int.Parse(a[i], System.Globalization.NumberStyles.HexNumber);
}
var b = Regex.Matches(DestinationMac.ToString().Replace(":", ""), @"\S{2}").Cast <Match>().Select(m => m.Value).ToArray();
var targetMacParsed = new byte[b.Length];
for (int i = 0; i < b.Length; i++)
{
targetMacParsed[i] = (byte)int.Parse(b[i], System.Globalization.NumberStyles.HexNumber);
}
ArpLayer arpLayer = new ArpLayer
{
ProtocolType = EthernetType.IpV4,
Operation = ArpOperation.Reply,
SenderHardwareAddress = macParsed.AsReadOnly(),
SenderProtocolAddress = ipAddress.ToString().Split('.').Select(n => Convert.ToByte(n)).ToArray().AsReadOnly(),
TargetHardwareAddress = macParsed.AsReadOnly(),
TargetProtocolAddress = DestinationIpV4.ToString().Split('.').Select(n => Convert.ToByte(n)).ToArray().AsReadOnly(),
};
var packet = PacketBuilder.Build(DateTime.Now, ethernetLayer, arpLayer);
communicator.SendPacket(packet);
}
private NetworkInformation ParseNetworkInformation()
{
var errorMessage = new Action <string, string>((title, msg) => MetroMessageBox.Show(this, msg, title, MessageBoxButtons.OK, MessageBoxIcon.Error, 120));
IpV4Address gatewayIp;
MacAddress gatewayMac;
IpV4Address netmask;
List <IpV4Address> subnetRange;
IntPtr winDivertHandle;
if (_currentInterface == null)
{
errorMessage("Interface Error", "No network interface selected.");
return(null);
}
try
{
gatewayIp = new IpV4Address(tbGatewayIp.Text);
}
catch (Exception)
{
errorMessage("Value Error", "Invalid gateway IP.");
return(null);
}
try
{
gatewayMac = new MacAddress(tbGatewayMac.Text);
}
catch (Exception)
{
errorMessage("Value Error", "Invalid gateway MAC.");
return(null);
}
try
{
netmask = new IpV4Address(tbNetmask.Text);
}
catch (Exception)
{
errorMessage("Value Error", "Invalid netmask.");
return(null);
}
try
{
subnetRange = NetworkUtilities.GetIpRange(string.Format("{0}/{1}", gatewayIp.ToString(), netmask.ToString()));
}
catch (Exception)
{
errorMessage("Value Error", "Invalid netmask.");
return(null);
}
winDivertHandle = WinDivert.WinDivertOpen("true", WinDivertLayer.Forward, 0, WinDivertOpenFlags.None);
if (winDivertHandle == new IntPtr(-1))
{
errorMessage("WinDivert Error", string.Format("WinDivert handle could not be opened.\nError Code: {0}", Marshal.GetLastWin32Error()));
return(null);
}
return(new NetworkInformation()
{
Interface = _currentInterface,
Communicator = _packetCommunicator,
InterfaceAddress = _interfaces[_currentInterface],
GatewayIp = gatewayIp,
GatewayMac = gatewayMac,
Netmask = netmask,
SubnetRange = subnetRange,
WinDivertHandle = winDivertHandle,
});
}
private void DispatcherHandler(Packet packet)
{
// print packet timestamp and packet length
Console.WriteLine(packet.Timestamp.ToString("yyyy-MM-dd hh:mm:ss.fff") + " length:" + packet.Length);
// Print the packet
IpV4Address ipV4 = packet.Ethernet.IpV4.Source;
SRCIP = ipV4.ToString();
ipV4 = packet.Ethernet.IpV4.Destination;
DSTIP = ipV4.ToString();
String protocol = getProtocol(packet);
IpV4Datagram ip4 = packet.Ethernet.IpV4;
Datagram datagram = null;
UdpDatagram udp = null;
TcpDatagram tcp = null;
if (protocol.Equals("TCP"))
{
DSTPort = packet.Ethernet.IpV4.Tcp.DestinationPort.ToString();
SRCPort = packet.Ethernet.IpV4.Tcp.SourcePort.ToString();
TCPSYN = packet.Ethernet.IpV4.Tcp.SequenceNumber.ToString();
TCPACK = packet.Ethernet.IpV4.Tcp.AcknowledgmentNumber.ToString();
TCPFlags = DetermineTCPFlag(packet);
ushort TCPWinShort = packet.Ethernet.IpV4.Tcp.Window;
TCPWin = ConvertLinearToString(TCPWinShort);
tcp = ip4.Tcp;
datagram = tcp.Payload;
}
else if (protocol.Equals("UDP"))
{
DSTPort = packet.Ethernet.IpV4.Udp.DestinationPort.ToString();
SRCPort = packet.Ethernet.IpV4.Udp.SourcePort.ToString();
TCPACK = "-";
TCPFlags = "-";
TCPSYN = "-";
TCPWin = "-";
udp = ip4.Udp;
datagram = udp.Payload;
}
Captured = packet.Timestamp;
byte[] rx_payload = null;
if (datagram != null)
{
int payloadLength = datagram.Length;
using (MemoryStream ms = datagram.ToMemoryStream())
{
rx_payload = new byte[payloadLength];
ms.Read(rx_payload, 0, payloadLength);
}
}
if (rx_payload != null)
{
PayloadText = Encoding.UTF8.GetString(rx_payload, 0, rx_payload.Length);
}
else
{
PayloadText = "Empty";
}
if (protocol.Equals("TCP"))
{
list.Add(new SY_Sort_PCap(DSTIP, SRCIP, DSTPort, SRCPort, Captured, Protocol, PayloadText, TCPFlags, TCPSYN, TCPACK, TCPFlags, TCPWin));
}
else if (protocol.Equals("UDP"))
{
list.Add(new SY_Sort_PCap(DSTIP, SRCIP, DSTPort, SRCPort, Captured, Protocol, PayloadText));
}
}
public void React(IpV4Address scanner)
{
Console.WriteLine("{0} is trying to scan your ports!", scanner.ToString());
}
public VirtualAdapter(string Name, MacAddress MAC, IpV4Address IP, ushort VLAN)
{
this.Name = Name ?? string.Format("Adapter({0}/{1}/{2})", MAC.ToString(), VLAN, IP.ToString());
this.IP = IP;
this.MAC = MAC;
this.VLAN = VLAN;
this._arp_service = new ArpService(this);
this._icmp_service = new IcmpService(this);
this._tcp_service = new TcpService(this);
}
public bool Ping(IpV4Address IP, MacAddress Mac, int Count = 10)
{
this._target_ip = IP;
this._target_mac = Mac;
bool Result = false;
for (ushort SequenceNumber = 1; SequenceNumber < Count; SequenceNumber++)
{
_ping_echo_wait_handle.Reset();
_current_icmp_sequence_num = SequenceNumber;
SendIcmpEcho(_target_ip, _target_mac, SequenceNumber);
VirtualNetwork.Instance.PostTraceMessage(string.Format("PING {0} ({1})", _target_ip.ToString(), SequenceNumber), false);
_current_state = ICMP_STATE.WAIT_ECHO;
if (_ping_echo_wait_handle.WaitOne(PING_ECHO_TIMEOUT))
{
VirtualNetwork.Instance.PostTraceMessage(" - OK");
Result = true;
}
else
{
VirtualNetwork.Instance.PostTraceMessage(" - TIMEOUT");
}
_current_state = ICMP_STATE.IDLE;
Thread.Sleep(1000);
}
return(Result);
}
public void Remove(IpV4Address IP)
{
if (IP != null && !IP.Equals(IpV4Address.Zero))
{
if (_arp_table.ContainsKey(IP))
{
_arp_table.Remove(IP);
VirtualNetwork.Instance.PostTraceMessage("ARP table item remove: " + IP.ToString());
}
}
else
{
_arp_table.Clear();
VirtualNetwork.Instance.PostTraceMessage("ARP table clear");
}
}