private static void device_OnPacketArrival(object sender, CaptureEventArgs e) { try { Kavprot.Packets.Packet packet = Kavprot.Packets.Packet.ParsePacket(e.Packet); if (packet is Kavprot.Packets.EthernetPacket) { var ip = Kavprot.Packets.IpPacket.GetEncapsulated(packet); if (ip.Protocol == Kavprot.Packets.IPProtocolType.TCP) { TcpPacket tcp = TcpPacket.GetEncapsulated(packet); if (tcp != null) { Alert.Attack("Intrusion Detected", "an intrusion was detected using TCP from " + ip.SourceAddress.ToString() + " @port " + tcp.SourcePort.ToString(), ToolTipIcon.Warning, true); } } else if (ip.Protocol == Kavprot.Packets.IPProtocolType.UDP) { UdpPacket udp = UdpPacket.GetEncapsulated(packet); if (udp != null) { Alert.Attack("Intrusion Detected", "an intrusion was detected using UDP from " + ip.SourceAddress.ToString() + " @port " + udp.SourcePort.ToString(), ToolTipIcon.Warning, true); } } else if (ip.Protocol == Kavprot.Packets.IPProtocolType.IGMP) { IGMPv2Packet igmp = IGMPv2Packet.GetEncapsulated(packet); if (igmp != null) { Alert.Attack("Intrusion Detected : Unwanted IGMP Packet", "an intrusion was detected using IGMP from " + ip.SourceAddress.ToString(), ToolTipIcon.Warning, true); } } else if (ip.Protocol == Kavprot.Packets.IPProtocolType.ICMPV6) { ICMPv6Packet icmp6 = ICMPv6Packet.GetEncapsulated(packet); if (icmp6 != null) { Alert.Attack("Intrusion Detected : Unwanted ICMPv6 Packet", "an intrusion was detected using ICMPv6 from " + ip.SourceAddress.ToString(), ToolTipIcon.Warning, true); } } else if (ip.Protocol == Kavprot.Packets.IPProtocolType.ICMP) { ICMPv4Packet icmp4 = ICMPv4Packet.GetEncapsulated(packet); if (icmp4 != null) { Alert.Attack("Intrusion Detected : Unwanted ICMPv4 Packet", "an intrusion was detected using ICMPv4 from " + ip.SourceAddress.ToString(), ToolTipIcon.Warning, true); } } } } catch { } finally { } }
private static void device1_OnPacketArrival(object sender, CaptureEventArgs e) { try { Kavprot.Packets.Packet packet = Kavprot.Packets.Packet.ParsePacket(e.Packet); if (packet is Kavprot.Packets.EthernetPacket) { var ip = Kavprot.Packets.IpPacket.GetEncapsulated(packet); if (ip.Protocol == Kavprot.Packets.IPProtocolType.TCP) { TcpPacket tcp = TcpPacket.GetEncapsulated(packet); if (tcp != null) { if (!tcp.IsValidChecksum(TransportPacket.TransportChecksumOption.None)) { Alert.Attack("Intrusion Detected : Invalid TCP Checksum", "an intrusion was detected using TCP from " + ip.SourceAddress.ToString() + " @port " + tcp.SourcePort.ToString(), ToolTipIcon.Warning, true); } } } else if (ip.Protocol == Kavprot.Packets.IPProtocolType.UDP) { UdpPacket udp = UdpPacket.GetEncapsulated(packet); if (udp != null) { if (!udp.IsValidChecksum(TransportPacket.TransportChecksumOption.None)) { Alert.Attack("Intrusion Detected : Invalid UDP Checksum", "an intrusion was detected using UDP from " + ip.SourceAddress.ToString() + " @port " + udp.SourcePort.ToString(), ToolTipIcon.Warning, true); } } } } } catch { } finally { } }