public WinPCapObject(SnifferUI.DICOMSniffer mainObj, string Filename, TCP.TCPParser TCP) { tcp = TCP; snifferObj = mainObj; file = new FileStream(Filename, FileMode.Open, FileAccess.Read); uint magicNumber = Function.Get4BytesFromStream(file, Const.NORMAL); BaseTime = new DateTime(1970, 1, 1, 1, 2, 3, 123); switch (magicNumber) { case 0xD4C3B2A1: FileFormat = Format.WINPCAP; file.Position = 24; break; case 0x58435000: // "XCP" file.Position = 6; ushort versionNumber = Function.Get2BytesFromStream(file, Const.NORMAL); if (versionNumber == 0x312E) { FileFormat = Format.XCP001; } else { FileFormat = Format.XCP002; } file.Position = 12; BaseTime += new TimeSpan(((long)Function.Get4BytesFromStream(file, Const.VALUE)) * 10000000); file.Position = 52; BaseTime -= new TimeSpan(((long)Function.Get8BytesFromStream(file, Const.VALUE)) * 10); file.Position = 128; break; case 0x736E6F6F: // Sun snoop FileFormat = Format.SUNSNOOP; file.Position = 16; break; default: throw new Exception("Only the winpcap format (NA sniffer (windows 1.1) is supported. Unable to load capture file."); } // Sets the progress bar's minimum value to a number // representing the current position in file before the files are read in. snifferObj.Invoke(snifferObj.MinProgressHandler, new object[] { (int)file.Position }); // Sets the progress bar's maximum value to a number // representing the total length of the file. snifferObj.Invoke(snifferObj.MaxProgressHandler, new object[] { (int)file.Length }); }
public void EndOfStream(TCPState state, int direction, string result) { Association Assoc = (Association)state.UserInfo; if (Assoc != null) // i.e. if DICOM { lock (Assoc) { OutputHandler("End : " + state.Signature[0] + "\r\n" + result + "\r\n", true, true); Assoc.Out(result + "\r\n", true); Assoc.HandleEnd(); if ((state.State[0] != TCPState.States.RUNNING) && (state.State[1] != TCPState.States.RUNNING)) // i.e. if DICOM { state.Clear(); // should have been done elsewhere, but no harm to repeat // Select the first association from the list by default snifferObj.Invoke(snifferObj.SelectConnectionHandler); } //Handle incomplete byte stream if ((result.IndexOf("DEAD data seen") != -1) && (((state.State[0] != TCPState.States.RUNNING) && (state.State[1] != TCPState.States.FINISHED)) || ((state.State[0] != TCPState.States.FINISHED) && (state.State[1] != TCPState.States.RUNNING)))) { Assoc.Dispose(true); state.Clear(); } //Handle unexpected Abort if (result == "Forced Close") { Assoc.Dispose(true); state.Clear(); } } } }
protected virtual void ThreadFunction() { running = true; try { while (running && file.Position < file.Length) { uint packetRecordLength = 0; PACKET_ITEM PItem = new PACKET_ITEM(); switch (FileFormat) { case Format.WINPCAP: PItem.Seconds = Function.Get4BytesFromStream(file, Const.VALUE); PItem.MicroSeconds = Function.Get4BytesFromStream(file, Const.VALUE); PItem.CaptureLength = Function.Get4BytesFromStream(file, Const.VALUE); PItem.PacketLength = Function.Get4BytesFromStream(file, Const.VALUE); break; case Format.XCP001: ulong timestamp = Function.Get4BytesFromStream(file, Const.VALUE); PItem.Seconds = (uint)(timestamp / 1000000000); uint millseconds = (uint)((timestamp / 1000000) % 1000); uint counter = (uint)(timestamp % 1000); PItem.MicroSeconds = millseconds * 1000 + counter; file.Position += 6; PItem.CaptureLength = Function.Get2BytesFromStream(file, Const.VALUE); PItem.PacketLength = PItem.CaptureLength; file.Position += 16; break; case Format.XCP002: ulong temp2 = Function.Get8BytesFromStream(file, Const.VALUE); PItem.Seconds = (uint)(temp2 / 1000000); PItem.MicroSeconds = (uint)(temp2 % 1000000); PItem.CaptureLength = Function.Get2BytesFromStream(file, Const.VALUE); PItem.PacketLength = Function.Get2BytesFromStream(file, Const.VALUE); file.Position += 28; break; case Format.SUNSNOOP: PItem.CaptureLength = Function.Get4BytesFromStream(file, Const.NORMAL); PItem.PacketLength = Function.Get4BytesFromStream(file, Const.NORMAL); packetRecordLength = Function.Get4BytesFromStream(file, Const.NORMAL); uint droppedPackets = Function.Get4BytesFromStream(file, Const.NORMAL); ulong temp3 = Function.Get8BytesFromStream(file, Const.NORMAL); PItem.Seconds = (uint)(temp3 / 1000000); PItem.MicroSeconds = (uint)(temp3 % 1000000); break; } PacketInfo data = new PacketInfo(); data.Data = new byte[PItem.CaptureLength]; data.StartIndex = 14; // skip MAC (6 bytes) x 2 + packet type (2 bytes) file.Read(data.Data, 0, (int)PItem.CaptureLength); data.TimeStamp = BaseTime + new TimeSpan((long)PItem.Seconds * 10000000 + (long)PItem.MicroSeconds * 10); data.Length = PItem.CaptureLength; if (FileFormat == Format.SUNSNOOP) { file.Position += (packetRecordLength - PItem.CaptureLength - 24); } // Increases the progress bar's value based on the size of // the file currently being read. snifferObj.Invoke(snifferObj.IncrementStepInProgressHandler, new object[] { (int)data.Length }); OnDataReceived(data); } //Close the file after reading file file.Close(); } catch (Exception e) { ErrorHandler(e.Message + "\r\n" + e.TargetSite + "\r\n" + e.StackTrace); } finally { bool stopped = tcp.TCPStopAnalyse(); if (stopped) { snifferObj.Invoke(snifferObj.UpdateUIControlsHandler); } } }
public WinPCapObject(SnifferUI.DICOMSniffer mainObj, string Filename, TCP.TCPParser TCP) { tcp = TCP; snifferObj = mainObj; file = new FileStream(Filename,FileMode.Open,FileAccess.Read); uint magicNumber = Function.Get4BytesFromStream(file,Const.NORMAL); BaseTime = new DateTime(1970,1,1,1,2,3,123); switch(magicNumber) { case 0xD4C3B2A1: FileFormat = Format.WINPCAP; file.Position = 24; break; case 0x58435000: // "XCP" file.Position = 6; ushort versionNumber = Function.Get2BytesFromStream(file,Const.NORMAL); if(versionNumber == 0x312E) { FileFormat = Format.XCP001; } else { FileFormat = Format.XCP002; } file.Position = 12; BaseTime += new TimeSpan(((long)Function.Get4BytesFromStream( file , Const.VALUE ))*10000000); file.Position = 52; BaseTime -= new TimeSpan(((long)Function.Get8BytesFromStream( file , Const.VALUE ))*10); file.Position = 128; break; case 0x736E6F6F: // Sun snoop FileFormat = Format.SUNSNOOP; file.Position = 16; break; default: throw new Exception("Only the winpcap format (NA sniffer (windows 1.1) is supported. Unable to load capture file."); } // Sets the progress bar's minimum value to a number // representing the current position in file before the files are read in. snifferObj.Invoke(snifferObj.MinProgressHandler, new object[] { (int)file.Position }); // Sets the progress bar's maximum value to a number // representing the total length of the file. snifferObj.Invoke(snifferObj.MaxProgressHandler, new object[] { (int)file.Length }); }