public MainForm() { InitializeComponent(); WriteProgramLog("打开软件"); Catch = new CatchSocket(this); Catch.CreatPcapFile(); FilterOptionForm = new FilterForm(); DateTime dt1 = DateTime.Parse(DateTime.Now.ToShortDateString() + " 23:59:59"); DateTime dt2 = DateTime.Now; TimeSpan ts = new TimeSpan(); ts = dt1 - dt2; Int64 IntervalToTomorrow0 = Convert.ToInt64(ts.TotalMilliseconds + 1800000); CreatPcapPerDay = new System.Threading.Timer(new TimerCallback(Catch.CreatPcapFilePerDay), null, IntervalToTomorrow0, IntervalToTomorrow0); OutputDataTimer = new System.Threading.Timer(new TimerCallback(Catch.OutToPcap), null, -1, 0); ShowTimer = new System.Threading.Timer(new TimerCallback(ShowThread.Show), null, -1, 0); //守护进程使用,实例化Communication类 comm = new Communication(); }
public void Unpack(byte[] buf, int len, CatchSocket Pcap, bool bStatus_Signal, bool bStatus_Signaling) { showSignal = false; showSignaling = false; if (bStatus_Signal)//解析信号数据包 { this.Pcap = Pcap; CBTCPacketProperties = new PacketProperties(len); CBTCPacketProperties.CaptureTime = DateTime.Now; Unpack(buf, len); } if (bStatus_Signaling)//解析信令数据包 { this.Pcap = Pcap; byte protocol = 0; uint version = 0; int sourcePort = 0; int destinationPort = 0; protocol = buf[9]; version = (uint)((buf[0] & 0xf0) >> 4); sourcePort = buf[20] * 256 + buf[21]; destinationPort = buf[22] * 256 + buf[23]; if ((protocol == 6) && (sourcePort == 3868 || destinationPort == 3868))//TCP-diameter (黄罡) { PacketProperties = new PacketProperties(len); Array.Copy(buf, PacketProperties.Buf, len); PacketProperties.BufLength = len; PacketProperties.IPHeaderLength = (uint)((buf[0] & 0x0f) << 2); PacketProperties.Version = version.ToString(); PacketProperties.OriginationPort = sourcePort.ToString(); PacketProperties.DestinationPort = destinationPort.ToString(); PacketProperties.DestinationAddress = buf[16].ToString() + "." + buf[17].ToString() + "." + buf[18].ToString() + "." + buf[19].ToString(); PacketProperties.OriginationAddress = buf[12].ToString() + "." + buf[13].ToString() + "." + buf[14].ToString() + "." + buf[15].ToString(); PacketProperties.PacketLength = (uint)len; PacketProperties.MessageLength = PacketProperties.PacketLength - PacketProperties.IPHeaderLength; PacketProperties.MessagePacketHex = readData.RRead(buf);//用于展示抓获报文的名称(readData.RRead(PacketBuffer))//yao PacketProperties.PacketBuffer = readData.SourceData; PacketProperties.protocolid = readData.protocolid; showSignaling = true; if (!Pause) { UpdateForm(PacketProperties, showSignal, showSignaling); } SaveToPcap_Signaling(PacketProperties); } else if ((protocol == 17) && (sourcePort == 2123 || destinationPort == 2123))//UDP-GTPv2 (黄罡) { PacketProperties = new PacketProperties(len); Array.Copy(buf, PacketProperties.Buf, len); PacketProperties.BufLength = len; PacketProperties.IPHeaderLength = (uint)((buf[0] & 0x0f) << 2); PacketProperties.Version = version.ToString(); PacketProperties.OriginationPort = sourcePort.ToString(); PacketProperties.DestinationPort = destinationPort.ToString(); PacketProperties.DestinationAddress = buf[16].ToString() + "." + buf[17].ToString() + "." + buf[18].ToString() + "." + buf[19].ToString(); PacketProperties.OriginationAddress = buf[12].ToString() + "." + buf[13].ToString() + "." + buf[14].ToString() + "." + buf[15].ToString(); PacketProperties.PacketLength = (uint)len; PacketProperties.MessageLength = PacketProperties.PacketLength - PacketProperties.IPHeaderLength; PacketProperties.MessagePacketHex = readData.RRead(buf); //用于展示抓获报文的名称(readData.RRead(PacketBuffer))//yao PacketProperties.protocolid = readData.protocolid; PacketProperties.PacketBuffer = readData.SourceData; //SourceData是去掉头部之后的数据(gtpv2去掉ip和udp头部,其他两个只去掉ip头) showSignaling = true; if (!Pause) { UpdateForm(PacketProperties, showSignal, showSignaling); } SaveToPcap_Signaling(PacketProperties); } else if (protocol == 132) { byte[] sctp = new byte[len - 20]; Array.Copy(buf, 20, sctp, 0, len - 20);//去除IP头部20字节 C.DeScChunk(sctp); int PPID = C.paylaodProtocolIdentifier; if (PPID == 18)//sctp-s1ap { PacketProperties = new PacketProperties(len); Array.Copy(buf, PacketProperties.Buf, len); if (buf[3] == PacketProperties.Buf[3]) { byte a = 1; } PacketProperties.BufLength = len; PacketProperties.IPHeaderLength = (uint)((buf[0] & 0x0f) << 2); PacketProperties.Version = version.ToString(); PacketProperties.OriginationPort = sourcePort.ToString(); PacketProperties.DestinationPort = destinationPort.ToString(); PacketProperties.DestinationAddress = buf[16].ToString() + "." + buf[17].ToString() + "." + buf[18].ToString() + "." + buf[19].ToString(); PacketProperties.OriginationAddress = buf[12].ToString() + "." + buf[13].ToString() + "." + buf[14].ToString() + "." + buf[15].ToString(); PacketProperties.PacketLength = (uint)len; PacketProperties.MessagePacketHex = readData.RRead(buf); //用于展示抓获报文的名称(readData.RRead(PacketBuffer))//yao PacketProperties.protocolid = readData.protocolid; PacketProperties.MessageLength = readData.s1apLength; //消息长度使用纯s1ap信令长度 PacketProperties.PacketBuffer = readData.SourceData; showSignaling = true; if (!Pause) { UpdateForm(PacketProperties, showSignal, showSignaling); } SaveToPcap_Signaling(PacketProperties); } else if ((PPID == 0 || PPID == 46 || PPID == 47 || PPID == 132) && ((sourcePort == 3868) || (destinationPort == 3868) || (sourcePort == 60000) || (destinationPort == 60000)))//sctp-diameter(黄罡) { B.DecodeSctpChunk(sctp); if (B.IsDiameter == 1) { PacketProperties = new PacketProperties(len); Array.Copy(buf, PacketProperties.Buf, len); PacketProperties.BufLength = len; PacketProperties.IPHeaderLength = (uint)((buf[0] & 0x0f) << 2); PacketProperties.Version = version.ToString(); PacketProperties.OriginationPort = sourcePort.ToString(); PacketProperties.DestinationPort = destinationPort.ToString(); PacketProperties.DestinationAddress = buf[16].ToString() + "." + buf[17].ToString() + "." + buf[18].ToString() + "." + buf[19].ToString(); PacketProperties.OriginationAddress = buf[12].ToString() + "." + buf[13].ToString() + "." + buf[14].ToString() + "." + buf[15].ToString(); PacketProperties.PacketLength = (uint)len; PacketProperties.MessageLength = PacketProperties.PacketLength - PacketProperties.IPHeaderLength; PacketProperties.MessagePacketHex = readData.RRead(buf);//用于展示抓获报文的名称(readData.RRead(PacketBuffer))//ya PacketProperties.protocolid = readData.protocolid; PacketProperties.PacketBuffer = readData.SourceData; showSignaling = true; if (Pause) { UpdateForm(PacketProperties, showSignal, showSignaling); } SaveToPcap_Signaling(PacketProperties); } } } }//黄罡2017.4.29 }