public void ExtractData(ref NetworkHost sourceHost, NetworkHost destinationHost, IEnumerable <Packets.AbstractPacket> packetList)
{
Packets.SyslogPacket syslogPacket = null;
Packets.UdpPacket udpPacket = null;
foreach (Packets.AbstractPacket p in packetList)
{
if (p.GetType() == typeof(Packets.SyslogPacket))
{
syslogPacket = (Packets.SyslogPacket)p;
}
else if (p.GetType() == typeof(Packets.UdpPacket))
{
udpPacket = (Packets.UdpPacket)p;
}
if (syslogPacket != null && udpPacket != null && syslogPacket.SyslogMessage != null && syslogPacket.SyslogMessage.Length > 0)
{
System.Collections.Specialized.NameValueCollection tmpCol = new System.Collections.Specialized.NameValueCollection();
tmpCol.Add("Syslog Message", syslogPacket.SyslogMessage);
base.MainPacketHandler.OnParametersDetected(new PacketParser.Events.ParametersEventArgs(syslogPacket.ParentFrame.FrameNumber, sourceHost, destinationHost, udpPacket.TransportProtocol, udpPacket.SourcePort, udpPacket.DestinationPort, tmpCol, syslogPacket.ParentFrame.Timestamp, "Syslog Message"));
}
}
}
public DnsRecordEventArgs(Packets.DnsPacket.IDnsResponseInfo record, NetworkHost dnsServer, NetworkHost dnsClient, Packets.IPv4Packet ipPakcet, Packets.UdpPacket udpPacket)
{
this.Record = record;
this.DnsServer = dnsServer;
this.DnsClient = dnsClient;
this.IpPacket = ipPakcet;
this.UdpPacket = udpPacket;
}
public void ExtractData(ref NetworkHost sourceHost, NetworkHost destinationHost, IEnumerable <PacketParser.Packets.AbstractPacket> packetList)
{
Packets.UdpPacket udpPacket = null;
foreach (Packets.AbstractPacket p in packetList)
{
if (p.GetType() == typeof(Packets.UdpPacket))
{
udpPacket = (Packets.UdpPacket)p;
}
else if (udpPacket != null && p.GetType() == typeof(Packets.RtpPacket))
{
Packets.RtpPacket rtpPacket = (Packets.RtpPacket)p;
if (Enum.IsDefined(typeof(RtpPayloadType), rtpPacket.PayloadType))
{
RtpPayloadType payloadType = (RtpPayloadType)rtpPacket.PayloadType;
FiveTuple fiveTuple = new FiveTuple(sourceHost, udpPacket.SourcePort, destinationHost, udpPacket.DestinationPort, FiveTuple.TransportProtocol.UDP);
AudioStream audioStream;
Tuple <System.Net.IPAddress, ushort, System.Net.IPAddress, ushort, RtpPayloadType> key = new Tuple <System.Net.IPAddress, ushort, System.Net.IPAddress, ushort, RtpPayloadType>(sourceHost.IPAddress, udpPacket.SourcePort, destinationHost.IPAddress, udpPacket.DestinationPort, payloadType);
if (this.audioStreams.ContainsKey(key))
{
audioStream = this.audioStreams[key];
}
else
{
//FileTransfer.FileStreamAssembler assembler = new FileTransfer.FileStreamAssembler(MainPacketHandler.FileStreamAssemblerList, fiveTuple, true, FileTransfer.FileStreamTypes.RTP, "AudioStream-" + fiveTuple.GetHashCode() + ".wav", "/", "RTP " + fiveTuple.ToString(), rtpPacket.ParentFrame.FrameNumber, rtpPacket.ParentFrame.Timestamp);
//-1 is set instead of null if Content-Length is not defined
//assembler.FileContentLength = -1;
//assembler.FileSegmentRemainingBytes = -1;
//this.MainPacketHandler.FileStreamAssemblerList.Add(assembler);
//audioStream = new AudioStream(sourceHost, destinationHost, wavAudioFormat.Value, MainPacketHandler.FileStreamAssemblerList, fiveTuple, rtpPacket.ParentFrame.FrameNumber);
audioStream = new AudioStream(sourceHost, destinationHost, payloadType, MainPacketHandler.FileStreamAssemblerList, fiveTuple, rtpPacket.ParentFrame.FrameNumber);
this.audioStreams.Add(key, audioStream);
base.MainPacketHandler.OnAudioDetected(audioStream);
}
audioStream.AddSamples(rtpPacket.ParentFrame.Data.Skip(rtpPacket.PacketStartIndex + Packets.RtpPacket.HEADER_LENGTH).ToArray(), rtpPacket.SampleTick, rtpPacket.ParentFrame.Timestamp, rtpPacket.SyncSourceID);
}
}
}
}
public void ExtractData(ref NetworkHost sourceHost, NetworkHost destinationHost, IEnumerable <PacketParser.Packets.AbstractPacket> packetList)
{
Packets.UdpPacket udpPacket = null;
foreach (Packets.AbstractPacket p in packetList)
{
if (p.GetType() == typeof(Packets.UdpPacket))
{
udpPacket = (Packets.UdpPacket)p;
}
else if (udpPacket != null && p is Packets.RtpPacket rtpPacket)
{
//Packets.RtpPacket rtpPacket =(Packets.RtpPacket)p;
if (Enum.IsDefined(typeof(RtpPayloadType), rtpPacket.PayloadType))
{
RtpPayloadType payloadType = (RtpPayloadType)rtpPacket.PayloadType;
FiveTuple fiveTuple = new FiveTuple(sourceHost, udpPacket.SourcePort, destinationHost, udpPacket.DestinationPort, FiveTuple.TransportProtocol.UDP);
AudioStream audioStream;
Tuple <System.Net.IPAddress, ushort, System.Net.IPAddress, ushort, RtpPayloadType> key = new Tuple <System.Net.IPAddress, ushort, System.Net.IPAddress, ushort, RtpPayloadType>(sourceHost.IPAddress, udpPacket.SourcePort, destinationHost.IPAddress, udpPacket.DestinationPort, payloadType);
if (this.audioStreams.ContainsKey(key))
{
audioStream = this.audioStreams[key];
}
else
{
audioStream = new AudioStream(sourceHost, destinationHost, payloadType, MainPacketHandler.FileStreamAssemblerList, fiveTuple, rtpPacket.ParentFrame.FrameNumber);
this.audioStreams.Add(key, audioStream);
base.MainPacketHandler.OnAudioDetected(audioStream);
}
audioStream.AddSamples(rtpPacket.ParentFrame.Data.Skip(rtpPacket.PacketStartIndex + Packets.RtpPacket.HEADER_LENGTH).ToArray(), rtpPacket.SampleTick, rtpPacket.ParentFrame.Timestamp, rtpPacket.SyncSourceID);
}
}
}
}
private void ExtractData(ref NetworkHost sourceHost, NetworkHost destinationHost, Packets.DhcpPacket dhcpPacket)
{
if (dhcpPacket.OpCode == Packets.DhcpPacket.OpCodeValue.BootRequest && (sourceHost.MacAddress == null || dhcpPacket.ClientMacAddress != sourceHost.MacAddress))
{
sourceHost.MacAddress = dhcpPacket.ClientMacAddress;
}
else if (dhcpPacket.OpCode == Packets.DhcpPacket.OpCodeValue.BootReply && (destinationHost.MacAddress == null || dhcpPacket.ClientMacAddress != destinationHost.MacAddress))
{
destinationHost.MacAddress = dhcpPacket.ClientMacAddress;
}
if (dhcpPacket.OpCode == Packets.DhcpPacket.OpCodeValue.BootReply && (dhcpPacket.GatewayIpAddress != null && dhcpPacket.GatewayIpAddress != System.Net.IPAddress.None && dhcpPacket.GatewayIpAddress.Address > 0))
{
destinationHost.ExtraDetailsList["Default Gateway"] = dhcpPacket.GatewayIpAddress.ToString();
}
System.Collections.Specialized.NameValueCollection optionParameterList = new System.Collections.Specialized.NameValueCollection();
//now check all the DHCP options
//byte dhcpMessageType=0x00;//1=Discover, 2=Offer, 3=Request, 5=Ack, 8=Inform
foreach (Packets.DhcpPacket.Option option in dhcpPacket.OptionList)
{
//TODO: Add option to Parameters list
if (option.OptionCode == 12)//hostname
{
string hostname = Utils.ByteConverter.ReadString(option.OptionValue);
sourceHost.AddHostName(hostname);
optionParameterList.Add("DHCP Option 12 Hostname", hostname);
}
else if (option.OptionCode == 15)//Domain Name
{
string domain = Utils.ByteConverter.ReadString(option.OptionValue);
sourceHost.AddDomainName(domain);
optionParameterList.Add("DHCP Option 15 Domain", domain);
}
else if (option.OptionCode == 50) //requested IP address
{
if (dhcpPacket.DhcpMessageType == 3) //Must be a DHCP Request
{
System.Net.IPAddress requestedIpAddress = new System.Net.IPAddress(option.OptionValue);
if (sourceHost.IPAddress != requestedIpAddress)
{
if (!base.MainPacketHandler.NetworkHostList.ContainsIP(requestedIpAddress))
{
NetworkHost clonedHost = new NetworkHost(requestedIpAddress);
clonedHost.MacAddress = sourceHost.MacAddress;
//foreach(string hostname in sourceHost.HostNameList)
// clonedHost.AddHostName(hostname);
lock (base.MainPacketHandler.NetworkHostList)
base.MainPacketHandler.NetworkHostList.Add(clonedHost);
//now change the host to the cloned one (and hope it works out...)
sourceHost = clonedHost;
}
else
{
sourceHost = base.MainPacketHandler.NetworkHostList.GetNetworkHost(requestedIpAddress);
if (dhcpPacket.OpCode == Packets.DhcpPacket.OpCodeValue.BootRequest && (sourceHost.MacAddress == null || dhcpPacket.ClientMacAddress != sourceHost.MacAddress))
{
sourceHost.MacAddress = dhcpPacket.ClientMacAddress;
}
}
}
if (sourceHost.MacAddress != null && previousIpList.ContainsKey(sourceHost.MacAddress.ToString()))
{
//if(previousIpList.ContainsKey(sourceHost.MacAddress.ToString())) {
sourceHost.AddNumberedExtraDetail("Previous IP", previousIpList[sourceHost.MacAddress.ToString()].ToString());
//sourceHost.ExtraDetailsList["Previous IP"]=previousIpList[sourceHost.MacAddress.ToString()].ToString();
previousIpList.Remove(sourceHost.MacAddress.ToString());
}
}
else if (dhcpPacket.DhcpMessageType == 1)//DHCP discover
//see which IP address the client hade previously
//They normally requests the same IP as they hade before...
{
System.Net.IPAddress requestedIpAddress = new System.Net.IPAddress(option.OptionValue);
this.previousIpList[sourceHost.MacAddress.ToString()] = requestedIpAddress;
}
}
/*
* else if(option.OptionCode==53) {//DHCP message type
* if(option.OptionValue!=null && option.OptionValue.Length==1)
* dhcpMessageType=option.OptionValue[0];
* }/*/
else if (option.OptionCode == 60)//vendor class identifier
{
string vendorCode = Utils.ByteConverter.ReadString(option.OptionValue);
sourceHost.AddDhcpVendorCode(vendorCode);
optionParameterList.Add("DHCP Option 60 Vendor Code", vendorCode);
}
else if (option.OptionCode == 81) //Client Fully Qualified Domain Name
{
string domain = Utils.ByteConverter.ReadString(option.OptionValue, 3, option.OptionValue.Length - 3);
sourceHost.AddHostName(domain);
optionParameterList.Add("DHCP Option 81 Domain", domain);
}
else if (option.OptionCode == 125) //V-I Vendor-specific Information http://tools.ietf.org/html/rfc3925
{
uint enterpriceNumber = Utils.ByteConverter.ToUInt32(option.OptionValue, 0);
optionParameterList.Add("DHCP Option 125 Enterprise Number", enterpriceNumber.ToString());
byte dataLen = option.OptionValue[4];
if (dataLen > 0 && option.OptionValue.Length >= 5 + dataLen)
{
string optionData = Utils.ByteConverter.ReadString(option.OptionValue, 5, dataLen);
optionParameterList.Add("DHCP Option 125 Data", optionData);
}
}
else
{
string optionValueString = Utils.ByteConverter.ReadString(option.OptionValue);
if (!System.Text.RegularExpressions.Regex.IsMatch(optionValueString, @"[^\u0020-\u007E]"))
{
optionParameterList.Add("DHCP Option " + option.OptionCode.ToString(), optionValueString);
}
}
}
if (optionParameterList.Count > 0)
{
//try to get the udp packet
string sourcePort = "UNKNOWN";
string destinationPort = "UNKNOWN";
foreach (Packets.AbstractPacket p in dhcpPacket.ParentFrame.PacketList)
{
if (p.GetType() == typeof(Packets.UdpPacket))
{
Packets.UdpPacket udpPacket = (Packets.UdpPacket)p;
sourcePort = "UDP " + udpPacket.SourcePort;
destinationPort = "UDP " + udpPacket.DestinationPort;
break;
}
}
Events.ParametersEventArgs ea = new Events.ParametersEventArgs(dhcpPacket.ParentFrame.FrameNumber, sourceHost, destinationHost, sourcePort, destinationPort, optionParameterList, dhcpPacket.ParentFrame.Timestamp, "DHCP Option");
MainPacketHandler.OnParametersDetected(ea);
}
}
public void ExtractData(ref NetworkHost sourceHost, NetworkHost destinationHost, IEnumerable <PacketParser.Packets.AbstractPacket> packetList)
{
Packets.UdpPacket udpPacket = null;
foreach (Packets.AbstractPacket p in packetList)
{
if (p.GetType() == typeof(Packets.UdpPacket))
{
udpPacket = (Packets.UdpPacket)p;
}
else if (udpPacket != null && p.GetType() == typeof(Packets.RtpPacket))
{
Packets.RtpPacket rtpPacket = (Packets.RtpPacket)p;
if (Enum.IsDefined(typeof(RtpPayloadType), rtpPacket.PayloadType))
{
RtpPayloadType payloadType = (RtpPayloadType)rtpPacket.PayloadType;
FiveTuple fiveTuple = new FiveTuple(sourceHost, udpPacket.SourcePort, destinationHost, udpPacket.DestinationPort, FiveTuple.TransportProtocol.UDP);
//if(rtpPacket.PayloadType == (byte)RtpPayloadTypes.G711_PCM_A) {
/*
* FileTransfer.AuFileAssembler auAssembler = null;
* if (this.MainPacketHandler.FileStreamAssemblerList.ContainsAssembler(fiveTuple, true, true)) {
* var assembler = this.MainPacketHandler.FileStreamAssemblerList.GetAssembler(fiveTuple, true);
* if (assembler is FileTransfer.AuFileAssembler) {
* auAssembler = (FileTransfer.AuFileAssembler)assembler;
* if (auAssembler.AuEncoding == FileTransfer.AuFileAssembler.Encoding.G711_ALAW && payloadType == RtpPayloadType.G711_PCM_A ||
* auAssembler.AuEncoding == FileTransfer.AuFileAssembler.Encoding.G711_ULAW && payloadType == RtpPayloadType.G711_PCM_U ||
* auAssembler.AuEncoding == FileTransfer.AuFileAssembler.Encoding.G722 && payloadType == RtpPayloadType.G722) {
* //do nothing we have already assigned the auAssembler variable
* }
* else
* auAssembler = null;
* }
* }
* else if (payloadType == RtpPayloadType.G711_PCM_A) {
* auAssembler = new FileTransfer.AuFileAssembler("RTP-stream-" + fiveTuple.GetHashCode().ToString() + "_" + payloadType.ToString() + ".au", this.MainPacketHandler.FileStreamAssemblerList, fiveTuple, FileTransfer.FileStreamTypes.RTP, rtpPacket.ParentFrame.FrameNumber, rtpPacket.ParentFrame.Timestamp, FileTransfer.AuFileAssembler.Encoding.G711_ALAW);
* auAssembler.TryActivate();
* }
* else if (payloadType == RtpPayloadType.G711_PCM_U) {
* auAssembler = new FileTransfer.AuFileAssembler("RTP-stream-" + fiveTuple.GetHashCode().ToString() + "_" + payloadType.ToString() + ".au", this.MainPacketHandler.FileStreamAssemblerList, fiveTuple, FileTransfer.FileStreamTypes.RTP, rtpPacket.ParentFrame.FrameNumber, rtpPacket.ParentFrame.Timestamp, FileTransfer.AuFileAssembler.Encoding.G711_ULAW);
* auAssembler.TryActivate();
* }
* else if (payloadType == RtpPayloadType.G722) {
* auAssembler = new FileTransfer.AuFileAssembler("RTP-stream-" + fiveTuple.GetHashCode().ToString() + "_" + payloadType.ToString() + ".au", this.MainPacketHandler.FileStreamAssemblerList, fiveTuple, FileTransfer.FileStreamTypes.RTP, rtpPacket.ParentFrame.FrameNumber, rtpPacket.ParentFrame.Timestamp, FileTransfer.AuFileAssembler.Encoding.G722);
* auAssembler.TryActivate();
* }
*
* if(auAssembler != null) {
* auAssembler.AddData(rtpPacket.ParentFrame.Data.Skip(rtpPacket.PacketStartIndex + Packets.RtpPacket.HEADER_LENGTH).ToArray(), rtpPacket.SequenceNumber);
* }
*/
/*
* AudioStream.AudioFormat? wavAudioFormat = null;
* if (payloadType == RtpPayloadType.G711_PCM_A)
* wavAudioFormat = AudioStream.AudioFormat.WAVE_FORMAT_ALAW;
* else if (payloadType == RtpPayloadType.G711_PCM_U)
* wavAudioFormat = AudioStream.AudioFormat.WAVE_FORMAT_MULAW;
* else if (payloadType == RtpPayloadType.G729)
* wavAudioFormat = AudioStream.AudioFormat.WAVE_FORMAT_G729;
*
* if (wavAudioFormat != null) {
*/
AudioStream audioStream;
Tuple <System.Net.IPAddress, ushort, System.Net.IPAddress, ushort, RtpPayloadType> key = new Tuple <System.Net.IPAddress, ushort, System.Net.IPAddress, ushort, RtpPayloadType>(sourceHost.IPAddress, udpPacket.SourcePort, destinationHost.IPAddress, udpPacket.DestinationPort, payloadType);
if (this.audioStreams.ContainsKey(key))
{
audioStream = this.audioStreams[key];
}
else
{
//FileTransfer.FileStreamAssembler assembler = new FileTransfer.FileStreamAssembler(MainPacketHandler.FileStreamAssemblerList, fiveTuple, true, FileTransfer.FileStreamTypes.RTP, "AudioStream-" + fiveTuple.GetHashCode() + ".wav", "/", "RTP " + fiveTuple.ToString(), rtpPacket.ParentFrame.FrameNumber, rtpPacket.ParentFrame.Timestamp);
//-1 is set instead of null if Content-Length is not defined
//assembler.FileContentLength = -1;
//assembler.FileSegmentRemainingBytes = -1;
//this.MainPacketHandler.FileStreamAssemblerList.Add(assembler);
//audioStream = new AudioStream(sourceHost, destinationHost, wavAudioFormat.Value, MainPacketHandler.FileStreamAssemblerList, fiveTuple, rtpPacket.ParentFrame.FrameNumber);
audioStream = new AudioStream(sourceHost, destinationHost, payloadType, MainPacketHandler.FileStreamAssemblerList, fiveTuple, rtpPacket.ParentFrame.FrameNumber);
this.audioStreams.Add(key, audioStream);
base.MainPacketHandler.OnAudioDetected(audioStream);
}
audioStream.AddSamples(rtpPacket.ParentFrame.Data.Skip(rtpPacket.PacketStartIndex + Packets.RtpPacket.HEADER_LENGTH).ToArray(), rtpPacket.SampleTick, rtpPacket.ParentFrame.Timestamp, rtpPacket.SyncSourceID);
//}
}
}
}
}
public void ExtractData(ref NetworkHost sourceHost, NetworkHost destinationHost, IEnumerable <Packets.AbstractPacket> packetList)
{
Packets.SnmpPacket snmpPacket = null;
Packets.UdpPacket udpPacket = null;
foreach (Packets.AbstractPacket p in packetList)
{
if (p.GetType() == typeof(Packets.SnmpPacket))
{
snmpPacket = (Packets.SnmpPacket)p;
}
else if (p.GetType() == typeof(Packets.UdpPacket))
{
udpPacket = (Packets.UdpPacket)p;
}
if (snmpPacket != null && udpPacket != null)
{
string packetDescription = "SNMP";
if (Enum.IsDefined(typeof(Packets.SnmpPacket.Version), snmpPacket.VersionRaw))
{
packetDescription = Enum.GetName(typeof(Packets.SnmpPacket.Version), snmpPacket.VersionRaw);
}
System.Collections.Specialized.NameValueCollection tmpCol = new System.Collections.Specialized.NameValueCollection();
if (!string.IsNullOrEmpty(snmpPacket.CommunityString))
{
tmpCol.Add("SNMP community", snmpPacket.CommunityString);
base.MainPacketHandler.AddCredential(new NetworkCredential(sourceHost, destinationHost, packetDescription, "SNMP community", snmpPacket.CommunityString, snmpPacket.ParentFrame.Timestamp));
}
foreach (string snmpString in snmpPacket.CarvedStrings)
{
if (!string.IsNullOrEmpty(snmpString))
{
string SNMP_PARAMETER = "SNMP parameter";
tmpCol.Add(SNMP_PARAMETER, snmpString);
//https://opensource.apple.com/source/cups/cups-218/cups/backend/snmp.txt.auto.html
if (snmpString.StartsWith("MFG:"))
{
sourceHost.AddNumberedExtraDetail(SNMP_PARAMETER, snmpString);
}
else if (snmpString.IndexOf("printer", StringComparison.InvariantCultureIgnoreCase) >= 0)
{
sourceHost.AddNumberedExtraDetail(SNMP_PARAMETER, snmpString);
}
else if (snmpString.IndexOf("MANUFACTURER", StringComparison.InvariantCultureIgnoreCase) >= 0)
{
sourceHost.AddNumberedExtraDetail(SNMP_PARAMETER, snmpString);
}
else if (snmpString.IndexOf("JETDIRECT", StringComparison.InvariantCultureIgnoreCase) >= 0)
{
sourceHost.AddNumberedExtraDetail(SNMP_PARAMETER, snmpString);
}
else if (snmpString.IndexOf("http", StringComparison.InvariantCultureIgnoreCase) >= 0)
{
sourceHost.AddNumberedExtraDetail(SNMP_PARAMETER, snmpString);
}
else if (snmpString.IndexOf("Firmware", StringComparison.InvariantCultureIgnoreCase) >= 0)
{
sourceHost.AddNumberedExtraDetail(SNMP_PARAMETER, snmpString);
}
}
}
if (tmpCol.Count > 0)
{
base.MainPacketHandler.OnParametersDetected(new PacketParser.Events.ParametersEventArgs(snmpPacket.ParentFrame.FrameNumber, sourceHost, destinationHost, "UDP " + udpPacket.SourcePort, "UDP " + udpPacket.DestinationPort, tmpCol, snmpPacket.ParentFrame.Timestamp, packetDescription));
}
}
}
}
public void ExtractData(ref NetworkHost sourceHost, NetworkHost destinationHost, IEnumerable <Packets.AbstractPacket> packetList)
{
Packets.UdpPacket udpPacket = null;
Packets.TftpPacket tftpPacket = null;
foreach (Packets.AbstractPacket p in packetList)
{
if (p.GetType() == typeof(Packets.UdpPacket))
{
udpPacket = (Packets.UdpPacket)p;
}
else if (p.GetType() == typeof(Packets.TftpPacket))
{
tftpPacket = (Packets.TftpPacket)p;
}
}
if (udpPacket != null)
{
FileTransfer.FileStreamAssembler assembler;
if (TryGetTftpFileStreamAssembler(out assembler, base.MainPacketHandler.FileStreamAssemblerList, sourceHost, udpPacket.SourcePort, destinationHost, udpPacket.DestinationPort) || (tftpPacket != null && TryCreateNewAssembler(out assembler, base.MainPacketHandler.FileStreamAssemblerList, tftpPacket, sourceHost, udpPacket.SourcePort, destinationHost)))
{
//we have an assembler!
string sessionId = this.GetTftpSessionId(sourceHost, udpPacket.SourcePort, destinationHost, udpPacket.DestinationPort);
ushort blksize = 512;//default
if (this.tftpSessionBlksizeList.ContainsKey(sessionId))
{
blksize = this.tftpSessionBlksizeList[sessionId];
}
//but we might not have a TFTP packet since it is likely to run over a random port
if (tftpPacket == null || tftpPacket.Blksize != blksize)
{
try {
tftpPacket = new Packets.TftpPacket(udpPacket.ParentFrame, udpPacket.PacketStartIndex + 8, udpPacket.PacketEndIndex, blksize);//this is not very pretty since the UDP header length is hardcoded to be 8.
if (tftpPacket.Blksize != blksize)
{
if (this.tftpSessionBlksizeList.ContainsKey(sessionId))
{
this.tftpSessionBlksizeList[sessionId] = tftpPacket.Blksize;
}
else
{
this.tftpSessionBlksizeList.Add(sessionId, tftpPacket.Blksize);
}
}
}
catch (Exception e) {
if (assembler != null)
{
MainPacketHandler.OnAnomalyDetected("Error parsing TFTP packet: " + e.Message, udpPacket.ParentFrame.Timestamp);
}
}
}
//see if we have an tftp pakcet and parse its file data
if (tftpPacket != null)
{
ExtractFileData(assembler, base.MainPacketHandler.FileStreamAssemblerList, sourceHost, udpPacket.SourcePort, destinationHost, udpPacket.DestinationPort, tftpPacket);
}
}
}//end if udpPacket
}
public void ExtractData(ref NetworkHost sourceHost, NetworkHost destinationHost, IEnumerable <Packets.AbstractPacket> packetList)
{
Packets.DnsPacket dnsPacket = null;
Packets.IPv4Packet ipv4Packet = null;
Packets.IPv6Packet ipv6Packet = null;
Packets.UdpPacket udpPacket = null;
foreach (Packets.AbstractPacket p in packetList)
{
if (p.GetType() == typeof(Packets.DnsPacket))
{
dnsPacket = (Packets.DnsPacket)p;
}
else if (p.GetType() == typeof(Packets.IPv4Packet))
{
ipv4Packet = (Packets.IPv4Packet)p;
}
/*else if(p.GetType()==typeof(Packets.IPv6Packet))
* ipv6Packet=(Packets.IPv6Packet)p;*/
else if (p.GetType() == typeof(Packets.UdpPacket))
{
udpPacket = (Packets.UdpPacket)p;
}
}
if (dnsPacket != null)
{
//ExtractDnsData(dnsPacket);
if (dnsPacket.Flags.Response)
{
System.Collections.Specialized.NameValueCollection cNamePointers = new System.Collections.Specialized.NameValueCollection();
if (dnsPacket.AnswerRecords != null && dnsPacket.AnswerRecords.Length > 0)
{
foreach (Packets.DnsPacket.ResourceRecord r in dnsPacket.AnswerRecords)
{
if (r.IP != null)
{
if (!base.MainPacketHandler.NetworkHostList.ContainsIP(r.IP))
{
NetworkHost host = new NetworkHost(r.IP);
host.AddHostName(r.DNS);
base.MainPacketHandler.NetworkHostList.Add(host);
MainPacketHandler.OnNetworkHostDetected(new Events.NetworkHostEventArgs(host));
//base.MainPacketHandler.ParentForm.ShowDetectedHost(host);
}
else
{
base.MainPacketHandler.NetworkHostList.GetNetworkHost(r.IP).AddHostName(r.DNS);
}
if (cNamePointers[r.DNS] != null)
{
base.MainPacketHandler.NetworkHostList.GetNetworkHost(r.IP).AddHostName(cNamePointers[r.DNS]);
}
}
else if (r.Type == (ushort)Packets.DnsPacket.RRTypes.CNAME)
{
cNamePointers.Add(r.PrimaryName, r.DNS);
}
if (ipv4Packet != null)
{
MainPacketHandler.OnDnsRecordDetected(new Events.DnsRecordEventArgs(r, sourceHost, destinationHost, ipv4Packet, udpPacket));
//base.MainPacketHandler.ParentForm.ShowDnsRecord(r, sourceHost, destinationHost, ipPakcet, udpPacket);
}
}
}
else
{
//display the flags instead
//TODO : MainPacketHandler.OnDnsRecordDetected(new Events.DnsRecordEventArgs(
if (ipv4Packet != null && dnsPacket.QueriedDnsName != null && dnsPacket.QueriedDnsName.Length > 0)
{
MainPacketHandler.OnDnsRecordDetected(new Events.DnsRecordEventArgs(new Packets.DnsPacket.ResponseWithErrorCode(dnsPacket), sourceHost, destinationHost, ipv4Packet, udpPacket));
}
}
}
else //DNS request
{
if (dnsPacket.QueriedDnsName != null && dnsPacket.QueriedDnsName.Length > 0)
{
sourceHost.AddQueriedDnsName(dnsPacket.QueriedDnsName);
}
}
}
}