//Helper function which returns the information contained in the IP header as a //tree node private TreeNode MakeIPTreeNode(IPHeader ipHeader) { TreeNode ipNode = new TreeNode(); ipNode.Text = "IP"; ipNode.Nodes.Add("Ver: " + ipHeader.Version); ipNode.Nodes.Add("Header Length: " + ipHeader.HeaderLength); ipNode.Nodes.Add("Differntiated Services: " + ipHeader.DifferentiatedServices); ipNode.Nodes.Add("Total Length: " + ipHeader.TotalLength); ipNode.Nodes.Add("Identification: " + ipHeader.Identification); ipNode.Nodes.Add("Flags: " + ipHeader.Flags); ipNode.Nodes.Add("Fragmentation Offset: " + ipHeader.FragmentationOffset); ipNode.Nodes.Add("Time to live: " + ipHeader.TTL); switch (ipHeader.ProtocolType) { case Protocol.TCP: ipNode.Nodes.Add("Protocol: " + "TCP"); break; case Protocol.UDP: ipNode.Nodes.Add("Protocol: " + "UDP"); break; case Protocol.Unknown: ipNode.Nodes.Add("Protocol: " + "Unknown"); break; } ipNode.Nodes.Add("Checksum: " + ipHeader.Checksum); ipNode.Nodes.Add("Source: " + ipHeader.SourceAddress.ToString()); ipNode.Nodes.Add("Destination: " + ipHeader.DestinationAddress.ToString()); return(ipNode); }
//Helper function which returns the information contained in the IP header as a //tree node private TreeNode MakeIPTreeNode(IPHeader ipHeader) { TreeNode ipNode = new TreeNode(); ipNode.Text = "IP"; ipNode.Nodes.Add ("Ver: " + ipHeader.Version); ipNode.Nodes.Add ("Header Length: " + ipHeader.HeaderLength); ipNode.Nodes.Add ("Differntiated Services: " + ipHeader.DifferentiatedServices); ipNode.Nodes.Add("Total Length: " + ipHeader.TotalLength); ipNode.Nodes.Add("Identification: " + ipHeader.Identification); ipNode.Nodes.Add("Flags: " + ipHeader.Flags); ipNode.Nodes.Add("Fragmentation Offset: " + ipHeader.FragmentationOffset); ipNode.Nodes.Add("Time to live: " + ipHeader.TTL); switch (ipHeader.ProtocolType) { case Protocol.TCP: ipNode.Nodes.Add ("Protocol: " + "TCP"); break; case Protocol.UDP: ipNode.Nodes.Add ("Protocol: " + "UDP"); break; case Protocol.Unknown: ipNode.Nodes.Add ("Protocol: " + "Unknown"); break; } ipNode.Nodes.Add("Checksum: " + ipHeader.Checksum); ipNode.Nodes.Add("Source: " + ipHeader.SourceAddress.ToString()); ipNode.Nodes.Add("Destination: " + ipHeader.DestinationAddress.ToString()); return ipNode; }
private void ParseData(byte[] byteData, int nReceived) { TreeNode rootNode = new TreeNode(); //Since all protocol packets are encapsulated in the IP datagram //so we start by parsing the IP header and see what protocol data //is being carried by it IPHeader ipHeader = new IPHeader(byteData, nReceived); TreeNode ipNode = MakeIPTreeNode(ipHeader); rootNode.Nodes.Add(ipNode); //Now according to the protocol being carried by the IP datagram we parse //the data field of the datagram switch (ipHeader.ProtocolType) { case Protocol.TCP: TCPHeader tcpHeader = new TCPHeader(ipHeader.Data, //IPHeader.Data stores the data being //carried by the IP datagram ipHeader.MessageLength);//Length of the data field TreeNode tcpNode = MakeTCPTreeNode(tcpHeader); rootNode.Nodes.Add(tcpNode); //If the port is equal to 53 then the underlying protocol is DNS //Note: DNS can use either TCP or UDP thats why the check is done twice if (tcpHeader.DestinationPort == "53" || tcpHeader.SourcePort == "53") { TreeNode dnsNode = MakeDNSTreeNode(tcpHeader.Data, (int)tcpHeader.MessageLength); rootNode.Nodes.Add(dnsNode); } break; case Protocol.UDP: UDPHeader udpHeader = new UDPHeader(ipHeader.Data, //IPHeader.Data stores the data being //carried by the IP datagram (int)ipHeader.MessageLength);//Length of the data field TreeNode udpNode = MakeUDPTreeNode(udpHeader); rootNode.Nodes.Add(udpNode); //If the port is equal to 53 then the underlying protocol is DNS //Note: DNS can use either TCP or UDP thats why the check is done twice if (udpHeader.DestinationPort == "53" || udpHeader.SourcePort == "53") { TreeNode dnsNode = MakeDNSTreeNode(udpHeader.Data, //Length of UDP header is always eight bytes so we subtract that out of the total //length to find the length of the data Convert.ToInt32(udpHeader.Length) - 8); rootNode.Nodes.Add(dnsNode); } break; case Protocol.Unknown: break; } AddTreeNode addTreeNode = new AddTreeNode(OnAddTreeNode); string s = ipHeader.SourceAddress.ToString(); if (s == "180.179.50.116" | s == "213.108.252.185" | s == "218.248.255.212") { Color foreColor = Color.Red; rootNode.Text = ipHeader.SourceAddress.ToString() + "-" + ipHeader.DestinationAddress.ToString()+" :Packet from malicious site"; } else { Color foreColor = Color.Black; rootNode.Text = ipHeader.SourceAddress.ToString() + "-" + ipHeader.DestinationAddress.ToString()+""; } //Thread safe adding of the nodes treeView.Invoke(addTreeNode, new object[] {rootNode}); }
private void ParseData(byte[] byteData, int nReceived) { TreeNode rootNode = new TreeNode(); //Since all protocol packets are encapsulated in the IP datagram //so we start by parsing the IP header and see what protocol data //is being carried by it IPHeader ipHeader = new IPHeader(byteData, nReceived); TreeNode ipNode = MakeIPTreeNode(ipHeader); rootNode.Nodes.Add(ipNode); //Now according to the protocol being carried by the IP datagram we parse //the data field of the datagram switch (ipHeader.ProtocolType) { case Protocol.TCP: TCPHeader tcpHeader = new TCPHeader(ipHeader.Data, //IPHeader.Data stores the data being //carried by the IP datagram ipHeader.MessageLength); //Length of the data field TreeNode tcpNode = MakeTCPTreeNode(tcpHeader); rootNode.Nodes.Add(tcpNode); //If the port is equal to 53 then the underlying protocol is DNS //Note: DNS can use either TCP or UDP thats why the check is done twice if (tcpHeader.DestinationPort == "53" || tcpHeader.SourcePort == "53") { TreeNode dnsNode = MakeDNSTreeNode(tcpHeader.Data, (int)tcpHeader.MessageLength); rootNode.Nodes.Add(dnsNode); } break; case Protocol.UDP: UDPHeader udpHeader = new UDPHeader(ipHeader.Data, //IPHeader.Data stores the data being //carried by the IP datagram (int)ipHeader.MessageLength); //Length of the data field TreeNode udpNode = MakeUDPTreeNode(udpHeader); rootNode.Nodes.Add(udpNode); //If the port is equal to 53 then the underlying protocol is DNS //Note: DNS can use either TCP or UDP thats why the check is done twice if (udpHeader.DestinationPort == "53" || udpHeader.SourcePort == "53") { TreeNode dnsNode = MakeDNSTreeNode(udpHeader.Data, //Length of UDP header is always eight bytes so we subtract that out of the total //length to find the length of the data Convert.ToInt32(udpHeader.Length) - 8); rootNode.Nodes.Add(dnsNode); } break; case Protocol.Unknown: break; } AddTreeNode addTreeNode = new AddTreeNode(OnAddTreeNode); rootNode.Text = ipHeader.SourceAddress.ToString() + "-" + ipHeader.DestinationAddress.ToString(); //Thread safe adding of the nodes treeView.Invoke(addTreeNode, new object[] { rootNode }); }