/// <summary> /// /// </summary> /// <param name="packet"></param> private void DispatcherHandler(PcapDotNet.Packets.Packet packet) { try { _packetCount++; IpV4Datagram ip = packet.Ethernet.IpV4; TcpDatagram tcp = ip.Tcp; if (tcp == null) { Console.WriteLine("No TCP: " + ip.Source.ToString() + "#" + ip.Destination.ToString()); return; } if (IgnoreLocal == true) { if (Networking.IsOnIntranet(System.Net.IPAddress.Parse(ip.Source.ToString())) == true & Networking.IsOnIntranet(System.Net.IPAddress.Parse(ip.Destination.ToString())) == true) { return; } } Connection connection = new Connection(packet); if (_dictionary.ContainsKey(connection) == false) { PacketReconstructor packetReconstructor = new PacketReconstructor(_outputPath, _maxSize); var parsers = from p in _parsers where p.Type == ParserType.Packet select p; packetReconstructor.SetPacketParsers(parsers.ToList()); _dictionary.Add(connection, packetReconstructor); } _dictionary[connection].ReassemblePacket(packet); if (_timestamp == DateTime.MinValue) { _timestamp = packet.Timestamp; } // Only write the data after the user defined period if (packet.Timestamp > _timestamp.AddMinutes(BufferInterval)) { _timestamp = packet.Timestamp; WriteOldSessions(packet); } if (_packetCount % 10000 == 0) { OnMessage("Processed " + _packetCount + " packets...(" + _dictionary.Count + " sessions)"); } } catch (Exception ex) { OnMessage("Error: " + ex.ToString()); Console.WriteLine(ex); } }
/// <summary> /// /// </summary> /// <param name="guid"></param> /// <param name="dataSize"></param> /// <param name="connection"></param> /// <returns></returns> private Session CreateNewSession(string guid, long dataSize, Connection connection) { Session session = new Session(guid); session.DataSize = dataSize; session.SourceIp = connection.SourceIpNumeric; session.SourcePort = connection.SourcePort; try { Country country = _ls.getCountry(connection.SourceIp); if (country != null) { session.SourceCountry = country.getCode(); } } catch (Exception) { } session.DestinationIp = connection.DestinationIpNumeric; session.DestinationPort = connection.DestinationPort; try { Country country = _ls.getCountry(connection.DestinationIp); if (country != null) { session.DestinationCountry = country.getCode(); } } catch (Exception) { } session.TimestampFirstPacket = _dictionary[connection].TimestampFirstPacket; session.TimestampLastPacket = _dictionary[connection].TimestampLastPacket; return session; }