示例#1
0
文件: scan.cs 项目: zezo010/Catch-IDS 
        public void ScanDhcp(CaptureEventArgs e, string Interface)
        {
            var mypacket = Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
            var udp      = (UdpPacket)mypacket.Extract(typeof(UdpPacket));

            if (udp != null)
            {
                if (udp.DestinationPort == 68)
                {
                    var       DestinationHwAddress = EthernetPacket.GetEncapsulated(mypacket).DestinationHwAddress;
                    var       SourceHwAddress      = EthernetPacket.GetEncapsulated(mypacket).SourceHwAddress;
                    var       DestinationipAddress = IpPacket.GetEncapsulated(mypacket).DestinationAddress;
                    var       SourceipAddress      = IpPacket.GetEncapsulated(mypacket).SourceAddress;
                    ado       a  = new ado();
                    DataTable dt = a.selectmac(SourceHwAddress.ToString(), Interface);
                    // if mac address of router excist that mean he is router
                    if (dt.Rows.Count > 0)
                    {
                        Attack = false;
                    }
                    else
                    {
                        Attack         = true;
                        Attack_data[0] = "DHCP spofing";
                        Attack_data[1] = SourceipAddress.ToString();
                        Attack_data[2] = SourceHwAddress.ToString();
                        Attack_data[3] = DateTime.Now.ToShortTimeString();
                    }
                }
            }
        }
示例#2
0
文件: scan.cs 项目: zezo010/Catch-IDS 
        public void ScanAttack(CaptureEventArgs e, string Interface, string ip)
        {
            var mypacket = Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
            var arp      = (ARPPacket)mypacket.Extract(typeof(ARPPacket));

            if (arp != null)
            {
                var Operation = arp.Operation.ToString();

                if (arp.SenderProtocolAddress.ToString() == ip)
                {
                    if (arp.Operation == ARPOperation.Response)
                    {
                        var       dec   = arp.SenderHardwareAddress.ToString();
                        var       decip = arp.SenderProtocolAddress.ToString();
                        ado       a     = new ado();
                        DataTable dt    = a.selectname("Router", Interface);
                        if (dt.Rows.Count > 0)
                        {
                            // Attack = false;
                            foreach (DataRow item in dt.Rows)
                            {
                                string mac = item["mac_ad"].ToString();
                                if (dec == mac)
                                {
                                    Attack = false;
                                }
                                else
                                {
                                    Attack         = true;
                                    Attack_data[0] = "arp spofing";
                                    Attack_data[1] = decip.ToString();
                                    Attack_data[2] = dec.ToString();
                                    Attack_data[3] = DateTime.Now.ToShortTimeString();
                                    Attacker_mac   = dec;
                                    // true data
                                    Attack_data[4] = mac;
                                    Attack_data[5] = item["ip"].ToString();
                                    Attack_data[6] = item["date"].ToString();
                                    Attack_data[7] = item["name"].ToString();
                                }
                            }
                        }
                        else
                        {
                            //  Attack = false;
                        }
                        // Attack = true;
                    }
                }
            }
        }